📱
Domain 1.0 — Mobile Devices
Core 1 (220-1101) | Covers laptops, tablets, smartphones, accessories, and mobile connectivity
15%
Laptop Hardware Components
- LCD Panel Types: IPS (best color/angles), TN (fastest response), VA (best contrast), OLED (deepest blacks)
- Backlight: LED backlight standard; CCFL (older). Inverter converts DC→AC for CCFL screens
- DC Jack: Proprietary; failure = no charging. External power jack connects to motherboard
- Keyboard: ZIF connector (Zero Insertion Force). Flex cable tears easily — handle carefully
- Touchpad: Capacitive; can be replaced; uses PS/2 or USB internally
- Battery Types: Li-Ion (most common), NiMH (older). Don't store depleted. ~300-500 charge cycles
- RAM: SO-DIMM (Small Outline). Usually 1-2 slots under bottom panel or keyboard
- Storage: 2.5" SATA HDD/SSD or M.2 NVMe. M.2 slots: 2230, 2242, 2260, 2280 (lengths)
- Wi-Fi Card: Mini PCIe or M.2 form factor. Two antenna cables (aux + main)
- Thermal Paste: Applied between CPU and heatsink. Replace when overheating occurs
Mobile Connectivity & Accessories
- Bluetooth: PAN (10m range). Pairing = discovery mode + PIN. 2.4GHz frequency
- Wi-Fi Calling: Voice over Wi-Fi using carrier infrastructure
- NFC: Near Field Communication — tap to pay, file transfer; max ~4cm range
- Hotspot/Tethering: Share cellular data via Wi-Fi, USB, or Bluetooth
- GPS: Uses satellite signals. A-GPS uses cell towers for faster lock
- Mobile payment: NFC + secure element (SE) or host card emulation (HCE)
- Lightning: Apple proprietary; reversible 8-pin connector
- USB-C: Reversible; supports USB 3.x, Thunderbolt 3/4, DisplayPort, Power Delivery
- Micro/Mini USB: Older Android/accessory standard; not reversible
- Digitizer: Touch layer on top of display. Separate from LCD; can crack independently
Mobile OS Concepts
- Android: Open-source (AOSP). Sideloading allowed. Play Store + APK files
- iOS/iPadOS: Closed ecosystem. App Store only (unless jailbroken). More restrictive security
- MDM (Mobile Device Management): Enterprise management — enforce policies, remote wipe, app deployment
- BYOD: Bring Your Own Device — personal device used for work. Requires MDM policy
- Corporate-owned: Full control by IT; wipe without warning possible
- Remote wipe: Erase all data remotely — requires enrollment in MDM or Find My
- Screen locks: PIN, password, biometric (fingerprint, face), pattern
- Full Device Encryption: Android & iOS encrypt by default. Protects if device stolen
- Locator apps: Find My (Apple), Find My Device (Google)
Laptop Disassembly Best Practices
- Use anti-static mat & wrist strap — protect against ESD
- Document screw locations — take photos; different lengths matter
- Plastic pry tools — avoid metal on plastic bezels
- Disconnect battery FIRST before any internal work
- Store screws in labeled containers or magnetic mat
- Thermal compound: pea-sized or thin spread method; don't over-apply
- Cable routing: ensure cables don't pinch or kink on reassembly
- Test before closing — power on with case open to verify repairs
🎯 Exam Tip: CompTIA loves asking about laptop display types and which connector types are reversible. Remember: USB-C and Lightning are reversible; Micro-USB is NOT. For display types, IPS = best colors/viewing angles, TN = fastest refresh rate (gaming).
🌐
Domain 2.0 — Networking
Core 1 (220-1101) | TCP/IP, wireless standards, protocols, ports, and network troubleshooting
20%
TCP/IP & OSI Model
- OSI Layers: Physical → Data Link → Network → Transport → Session → Presentation → Application
- Mnemonic: "Please Do Not Throw Sausage Pizza Away" (bottom-up)
- IP Classes: A (1-126), B (128-191), C (192-223). Class D = multicast, E = experimental
- Private Ranges: 10.x.x.x, 172.16-31.x.x, 192.168.x.x
- APIPA: 169.254.x.x — self-assigned when DHCP fails
- Loopback: 127.0.0.1 — tests local TCP/IP stack
- Subnet mask: /24 = 255.255.255.0 (256 hosts, 254 usable)
- IPv6: 128-bit, written in hex. ::1 = loopback. fe80:: = link-local
- TCP vs UDP: TCP = reliable, ordered, handshake. UDP = fast, no guarantee
Critical Ports & Protocols
| Port | Protocol | Description |
|---|
| 20/21 | FTP | File Transfer (data/control) |
| 22 | SSH | Secure Shell (encrypted CLI) |
| 23 | Telnet | Remote CLI (unencrypted) |
| 25 | SMTP | Send email |
| 53 | DNS | Domain name resolution |
| 67/68 | DHCP | IP address assignment |
| 80 | HTTP | Web (unencrypted) |
| 110 | POP3 | Receive email (downloads) |
| 143 | IMAP | Receive email (syncs server) |
| 443 | HTTPS | Secure web (TLS) |
| 445 | SMB | Windows file sharing |
| 3389 | RDP | Remote Desktop Protocol |
Wireless Standards (802.11)
| Standard | Freq | Max Speed | Range |
|---|
| 802.11a | 5 GHz | 54 Mbps | ~35m |
| 802.11b | 2.4 GHz | 11 Mbps | ~38m |
| 802.11g | 2.4 GHz | 54 Mbps | ~38m |
| 802.11n (Wi-Fi 4) | 2.4/5 GHz | 600 Mbps | ~70m |
| 802.11ac (Wi-Fi 5) | 5 GHz | 3.5 Gbps | ~35m |
| 802.11ax (Wi-Fi 6) | 2.4/5/6 GHz | 9.6 Gbps | ~30m |
Remember: 2.4 GHz = longer range, more interference; 5 GHz = shorter range, faster, less congestion
Network Hardware & Concepts
- Hub: Layer 1, broadcasts to all ports, collision domain
- Switch: Layer 2, forwards by MAC address, separate collision domains
- Router: Layer 3, forwards by IP address, separate broadcast domains
- WAP: Wireless Access Point — bridges wireless to wired network
- DHCP Server: Assigns IPs automatically. Lease = temporary assignment
- DNS Server: Resolves hostnames to IPs. Forward & reverse lookup
- Firewall: Filters traffic by rules (ports, IPs, protocols)
- PoE: Power over Ethernet — powers WAPs, IP phones, cameras via Cat cable (802.3af/at)
- VLAN: Virtual LAN — logical separation on same physical switch
- VPN: Encrypted tunnel over public internet. Site-to-site or client-to-site
Cables & Connectors
- Cat 5: 100 Mbps, 100m, 100 MHz
- Cat 5e: 1 Gbps, 100m, 100 MHz (reduced crosstalk)
- Cat 6: 1 Gbps (100m) / 10 Gbps (55m), 250 MHz
- Cat 6a: 10 Gbps, 100m, 500 MHz
- Cat 7: 10 Gbps, 100m, 600 MHz (shielded)
- Cat 8: 40 Gbps, 30m, 2000 MHz (data centers)
- Fiber types: SMF (single-mode, yellow, long distance) vs MMF (multi-mode, orange/aqua, short)
- T568A vs T568B: Two wiring standards. Use same standard on both ends for straight-through; mix for crossover
- Coax: RG-6 (cable TV/internet), RG-59 (older video). F-type connector
Network Troubleshooting Commands
- ping — Tests connectivity; ICMP echo request/reply
- ipconfig — Shows IP config (Windows). ifconfig/ip a on Linux
- ipconfig /all — Full details including MAC, DHCP, DNS
- ipconfig /release + /renew — Release/renew DHCP lease
- ipconfig /flushdns — Clear DNS cache
- nslookup — DNS lookup query testing
- tracert / traceroute — Shows path packets take (hops)
- netstat — Active connections and listening ports
- nbtstat — NetBIOS over TCP/IP stats
- arp -a — Displays ARP cache (IP-to-MAC mappings)
🧠 Memory Aid: The OSI model bottom-up = "Please Do Not Throw Sausage Pizza Away" (Physical, Data Link, Network, Transport, Session, Presentation, Application). Top-down = "All People Seem To Need Data Processing."
🔧
Domain 3.0 — Hardware
Core 1 (220-1101) | Cables, adapters, RAM, storage, motherboards, CPUs, PSUs, peripherals
25%
CPU Concepts
- Cores vs Threads: Physical cores vs logical threads (Hyper-Threading doubles threads per core)
- Clock Speed: GHz — higher = faster within same architecture
- Cache: L1 (fastest, smallest) → L2 → L3 (largest, shared)
- Sockets: Intel LGA (pins on motherboard), AMD AM4/AM5 (pins on CPU)
- TDP: Thermal Design Power — max heat generated = min cooler required
- ARM vs x86: ARM = mobile/low power; x86 = desktop/server performance
- Virtualization: Intel VT-x, AMD-V must be enabled in BIOS for VMs
RAM Types & Specs
- DDR4: Current desktop standard. 2133–3600 MHz. 288-pin DIMM
- DDR5: Newer; faster, higher capacity, on-die ECC
- DDR3: Older; 240-pin, still found in older systems
- SO-DIMM: Laptop RAM; smaller form factor
- ECC RAM: Error-Correcting Code — detects & corrects 1-bit errors. Used in servers
- Channels: Single/Dual/Quad channel. Dual = pair same-size sticks in matching slots
- XMP/EXPO: Intel XMP / AMD EXPO — preset OC profiles for RAM speed in BIOS
- Max per slot: Depends on chipset. Always check motherboard specs
Storage Technologies
- HDD: Magnetic spinning disk. 5400 or 7200 RPM. Cheap per GB, fragile
- SSD (SATA): Flash storage. 2.5" form, SATA III = 6 Gbps max (~550 MB/s)
- NVMe SSD: PCIe interface. M.2 or PCIe slot. Up to 7,000 MB/s (Gen4)
- M.2 Keys: M-key (NVMe+SATA), B-key (SATA), B+M key (SATA)
- RAID 0: Striping. Speed + capacity, NO redundancy. 2 disks
- RAID 1: Mirroring. Full redundancy, half capacity. 2 disks
- RAID 5: Striping + parity. 1 disk can fail. Min 3 disks
- RAID 6: Striping + double parity. 2 disks can fail. Min 4 disks
- RAID 10: Mirror + stripe. Fast + redundant. Min 4 disks
- Optical: CD (700MB), DVD (4.7/8.5GB), Blu-ray (25/50GB)
Motherboard Components
- Form Factors: ATX (12"×9.6"), Micro ATX (9.6"×9.6"), Mini-ITX (6.7"×6.7"), E-ATX (12"×13")
- Chipset: Intel Z/B/H series; AMD X/B/A series. Controls features & overclocking
- BIOS/UEFI: BIOS = legacy 16-bit; UEFI = modern, supports GPT, Secure Boot, 2TB+ drives
- POST: Power-On Self Test — checks hardware at boot. Beep codes = error indicators
- CMOS: Stores BIOS settings. Battery maintains settings. Replace CR2032 if settings reset
- PCIe slots: x1, x4, x8, x16. GPU uses x16; sound/NIC use x1/x4
- Front panel headers: Power button, reset, LEDs, USB, audio — connect to motherboard pins
- Expansion cards: GPU, sound card, NIC, RAID controller — slot into PCIe slots
Power Supply (PSU)
- Wattage: Must exceed total system draw. Add 20% headroom
- 80 Plus Rating: Bronze → Silver → Gold → Platinum → Titanium (efficiency)
- ATX 24-pin: Main motherboard power connector
- EPS 4/8-pin: CPU power connector
- PCIe 6/8-pin: GPU power
- SATA power: 15-pin — SATA drives and accessories
- Molex: 4-pin legacy — older HDDs, fans, optical drives
- Modular PSU: Detachable cables — better cable management
- Failure signs: Random shutdowns, no POST, burning smell, system won't power on
Printer Types & Technologies
- Laser Printing Steps: Processing → Charging → Exposing → Developing → Transferring → Fusing → Cleaning
- Mnemonic: "People Can Even Do Tasks For Children"
- Inkjet: Thermal or piezoelectric. Good color, slower, ink expensive per page
- Laser: Toner (powder) + heat fusion. Fast, cheap per page, crispy text
- Thermal: Heat-sensitive paper. Receipt printers. No ink needed
- Impact: Dot matrix. Uses ribbon. Multi-part forms only option
- 3D Printer: FDM (filament), SLA (resin), SLS (powder). Layer-by-layer
- Toner low: Shake cartridge temporarily. Replace ASAP
⭐ Laser Printing Process (MEMORIZE): Processing → Charging → Exposing → Developing → Transferring → Fusing → Cleaning. The drum is negatively charged, then laser reduces charge to create the image, toner (positive) sticks to discharged areas, transfers to paper, heat fuses it. "People Can Even Do Tasks For Children"
☁️
Domain 4.0 — Virtualization & Cloud
Core 1 (220-1101) | VMs, hypervisors, cloud models, cloud storage, and deployment types
11%
Virtualization Concepts
- Hypervisor Type 1 (Bare Metal): Runs directly on hardware. VMware ESXi, Hyper-V, Citrix XenServer. Used in servers
- Hypervisor Type 2 (Hosted): Runs on top of OS. VirtualBox, VMware Workstation. Desktop use
- VM: Virtual Machine — isolated OS instance sharing physical hardware
- Snapshot: Point-in-time backup of VM state. Easy rollback
- VDI: Virtual Desktop Infrastructure — users access virtual desktops hosted on server
- Container: Docker — lightweight, shares host OS kernel. Faster than full VM
- CPU requirement: Virtualization must be enabled in BIOS (Intel VT-x / AMD-V)
- Resources: VM shares host CPU, RAM, storage. Don't over-provision
Cloud Service Models
- IaaS (Infrastructure as a Service): You manage OS up. Provider manages hardware. (AWS EC2, Azure VMs)
- PaaS (Platform as a Service): You manage apps/data. Provider manages runtime. (Azure App Service, Heroku)
- SaaS (Software as a Service): Provider manages everything. You just use app. (Office 365, Salesforce)
- DaaS (Desktop as a Service): Virtual desktops in cloud. (Azure Virtual Desktop)
- Memory aid: IaaS = I do more, SaaS = Someone does all
Cloud Deployment Models
- Public Cloud: AWS, Azure, Google Cloud. Shared infrastructure, pay-as-you-go
- Private Cloud: On-premises or hosted exclusively. Full control & security
- Hybrid Cloud: Mix of public + private. Data can move between them
- Community Cloud: Shared among organizations with common concerns (govt, healthcare)
- Multi-cloud: Using services from multiple providers simultaneously
Cloud Storage & File Sync
- OneDrive: Microsoft. Integrates with Windows and Office 365
- iCloud: Apple. iOS/macOS sync for photos, contacts, documents
- Google Drive: 15 GB free. Works with Google Workspace
- Dropbox: Cross-platform file sync. Good for teams
- Synchronization: Files replicate across devices. Conflict resolution varies
- Encryption in transit: TLS/SSL. At rest: AES-256 typically
- Shared drives: Collaborative access. Permissions: view, comment, edit
💡 IaaS/PaaS/SaaS Analogy: Think of it like pizza. IaaS = you make the pizza at home but buy groceries (manage OS, middleware). PaaS = take-and-bake (you add toppings/code). SaaS = delivery pizza (fully ready, just use it).
🔍
Domain 5.0 — Hardware & Network Troubleshooting
Core 1 (220-1101) | Systematic troubleshooting of PCs, mobile devices, printers, and networks
29%
CompTIA Troubleshooting Process (6 Steps)
- 1. Identify the problem — Gather info, ask questions, check logs, reproduce issue
- 2. Establish a theory — Start simple, consider obvious causes first
- 3. Test the theory — Confirm cause. If wrong, re-establish new theory
- 4. Establish an action plan — Determine solution, assess side effects
- 5. Implement the solution — Make the fix, escalate if needed
- 6. Verify and document — Confirm full functionality, document findings and steps taken
PC Hardware Symptoms
- No POST / no power: Check PSU, power cable, outlet, power button header
- Beep codes: 1 beep = OK; multiple = hardware failure. Count and reference BIOS manual
- Blue Screen (BSOD): Driver issue, bad RAM, overheating, corrupted OS. Stop code gives clue
- Spontaneous shutdown: Overheating (check fans, thermal paste), PSU failure
- POST fails with RAM: Try one stick at a time, clean slots, test in different slots
- Display artifacts: GPU issue — driver, overheating, or failing card
- Clicking HDD: Imminent failure — BACK UP IMMEDIATELY
- Grinding noise: Fan hitting cable or failing bearing — inspect and replace
- Capacitor bulge: Visual inspection — bulged caps = motherboard failure coming
Network Troubleshooting
- No connectivity: Check physical connection → IP config → ping gateway → ping DNS
- APIPA address: 169.254.x.x = DHCP not working. Check cable, DHCP server, NIC
- Limited connectivity: Connected to router but no internet. Check WAN, DNS settings
- Slow network: Bandwidth saturation, duplex mismatch, interference (wireless)
- Duplex mismatch: One side full-duplex, other half-duplex = late collisions, drops
- DNS failure: Can ping IP but not hostname. Change DNS to 8.8.8.8 to test
- Cannot reach specific site: Try incognito, different DNS, check hosts file, proxy settings
Printer Troubleshooting
- No print job: Check queue (stuck job), restart spooler service, check connectivity
- Faded prints: Low toner/ink. Laser: shake toner cartridge temporarily
- Streaks: Laser: dirty drum or depleted toner. Inkjet: clogged nozzle → run cleaning
- Ghosting: Faint secondary image — laser drum not cleaning properly (worn drum/wiper blade)
- Paper jam: Remove gently, check for torn bits, check paper size/type settings
- Smearing (laser): Fuser not hot enough — fuser replacement needed
- Lines across page: Debris on drum or dirty rollers
- Double-sided issues: Duplex unit problem or wrong driver setting
⚠️ The 6 Steps MUST be memorized in order! CompTIA tests these exact steps. Note: you must always verify full functionality AND document at the end. Document even if the solution was simple — protects you and helps future techs.
💽
Domain 1.0 — Operating Systems
Core 2 (220-1102) | Windows, macOS, Linux, mobile OS — installation, management, and commands
31%
Windows Versions & Features
- Windows 10/11 Home: Consumer. No domain join, no Group Policy, no BitLocker (10), no RDP host
- Windows 10/11 Pro: Business. Domain join, Group Policy, BitLocker, Hyper-V, RDP
- Windows 11 Requirements: TPM 2.0, UEFI Secure Boot, 4GB RAM, 64GB storage, DirectX 12
- Windows Server: Active Directory, DNS, DHCP, file services — NOT covered in A+, just concepts
- Feature differences: Remember Home vs Pro: BitLocker, RDP Host, Hyper-V, Group Policy = PRO only
Key Windows Administrative Tools
- msconfig — System Configuration. Manage startup, boot options, safe mode
- msinfo32 — System Information. Full hardware/software summary
- devmgmt.msc — Device Manager. Driver issues, yellow !, update/rollback drivers
- diskmgmt.msc — Disk Management. Create/format/extend partitions
- eventvwr.msc — Event Viewer. System, Application, Security logs
- regedit — Registry Editor. HKLM, HKCU, HKCR, HKU, HKCC
- services.msc — Services console. Start/stop/configure services
- taskschd.msc — Task Scheduler. Automated task management
- gpedit.msc — Group Policy Editor (Pro only). Security & configuration policies
- certmgr.msc — Certificate Manager. View/manage digital certificates
Windows Command Line (CLI)
- sfc /scannow — System File Checker. Repairs corrupted Windows files
- DISM /Online /Cleanup-Image /RestoreHealth — Repairs Windows image
- chkdsk /f /r — Check Disk. /f fixes errors, /r locates bad sectors
- diskpart — Disk Partition tool. Powerful CLI partitioning
- net user — Manage user accounts from CLI
- net use — Map network drives
- gpupdate /force — Force Group Policy refresh
- shutdown /r /t 0 — Immediate restart
- robocopy / xcopy — File copy tools. Robocopy = robust, supports resume
- tasklist / taskkill — List/kill processes from CLI
File Systems
- NTFS: Windows standard. Supports permissions, encryption (EFS), compression, journaling, files up to 16TB
- FAT32: Max 4GB file size, 8TB volume. Cross-platform. USB drives, older cameras
- exFAT: Extended FAT. Large files supported. Great for USB drives and SD cards
- APFS: Apple File System. macOS/iOS. Encryption, snapshots, space sharing
- HFS+: Older Apple file system. Replaced by APFS
- ext4: Linux standard. Journaled. Very reliable
- Formatting: Quick format = wipe partition table. Full format = check for bad sectors too
macOS Features & Tools
- Finder: File manager (equivalent to Windows Explorer)
- Spotlight: System-wide search (Cmd+Space)
- Terminal: Unix command line. Uses bash/zsh
- Disk Utility: Format, partition, repair disks, create disk images
- Time Machine: Backup solution. Automatic hourly/daily/weekly backups to external drive
- Keychain: Password manager built into macOS
- FileVault: Full disk encryption. XTS-AES 128
- Activity Monitor: Like Task Manager. CPU, Memory, Disk, Network usage
- System Preferences/Settings: Configuration panel (like Windows Settings)
- Boot Camp: Run Windows on Intel Mac. (Removed on Apple Silicon)
Linux Essentials
- ls — List directory contents
- cd — Change directory
- pwd — Print working directory
- cp / mv / rm — Copy, move, remove files
- mkdir / rmdir — Create/remove directories
- chmod — Change file permissions (rwx / 755 / 644)
- chown — Change file owner
- grep — Search text patterns in files
- sudo — Run command as superuser
- apt / yum / dnf — Package managers (Debian/RHEL families)
- ps aux — List running processes
- kill / killall — Terminate processes
🎯 Key A+ Windows Tools: These are the MOST tested administrative tool shortcuts. Know both the shortcut name AND what it does: msconfig (startup/boot), devmgmt.msc (driver issues), diskmgmt.msc (partitions), eventvwr.msc (logs). Run dialog (Win+R) opens all of these.
🔒
Domain 2.0 — Security
Core 2 (220-1102) | Physical security, malware, encryption, authentication, and best practices
25%
Malware Types
- Virus: Requires user to execute infected file. Attaches to legitimate programs
- Worm: Self-replicating. Spreads across networks WITHOUT user interaction
- Trojan: Disguises as legitimate software. Contains malicious payload
- Ransomware: Encrypts files, demands payment. Spread via email, RDP exploits
- Spyware: Monitors activity, collects data, transmits to attacker
- Adware: Displays unwanted ads. Often bundled with free software
- Rootkit: Deep-level hiding. Survives reboots. Hard to detect/remove
- Keylogger: Records keystrokes. Captures passwords, credit cards
- Botnet: Network of compromised machines controlled by C&C server
- Cryptominer: Uses victim's CPU to mine cryptocurrency
Malware Removal Process (6 Steps)
- 1. Investigate and verify — Confirm malware is present, identify symptoms
- 2. Quarantine — Disconnect from network to prevent spread
- 3. Disable System Restore — Prevents malware being backed up in restore points
- 4. Remediate — Boot to safe mode, use anti-malware tools, manual removal
- 5. Schedule scans / re-enable protection — Run full scan, verify clean
- 6. Educate end user — Explain how infection occurred, prevent recurrence
Social Engineering Attacks
- Phishing: Mass email attack. Fake site harvests credentials
- Spear phishing: Targeted phishing. Uses personal info to appear legitimate
- Whaling: Spear phishing targeting executives/high-value targets
- Vishing: Voice phishing over phone. Impersonates IT, bank, IRS
- Smishing: SMS-based phishing. Fake link in text message
- Tailgating: Unauthorized person follows authorized through secure door
- Shoulder surfing: Looking over shoulder to see password/data
- Dumpster diving: Retrieving discarded documents with sensitive info
- Impersonation: Pretending to be IT support, vendor, or employee
Encryption & Authentication
- AES: Advanced Encryption Standard. Symmetric. AES-256 = very strong
- RSA: Asymmetric. Public/private key pair. Used for key exchange, digital signatures
- TLS/SSL: Encrypts data in transit (HTTPS, email). TLS 1.3 = current standard
- WPA2: Wi-Fi Protected Access 2. AES-CCMP encryption. Current wireless standard
- WPA3: Newer. SAE (Simultaneous Authentication of Equals). Harder to crack
- WEP: Wired Equivalent Privacy. Obsolete — never use
- MFA: Something you know + have + are. Greatly reduces account compromise
- BitLocker: Windows full-disk encryption. Requires TPM chip (or USB key)
- EFS: Encrypting File System. File/folder level encryption in NTFS
Physical Security
- Mantrap: Two-door entry system. Second door won't open until first closes
- Badges/Access control: RFID, smart card, biometric readers
- Cable locks: Kensington lock slot on laptops — physical theft prevention
- Locking cabinets: Server racks must be physically locked
- Screen filter: Privacy screen — prevents shoulder surfing
- USB data blockers: Allows charging without data transfer (juice jacking prevention)
- Equipment disposal: Degausser (magnetic), shredder, incineration. Never just delete files
- Drive sanitization: DoD 7-pass wipe, zero-fill, or physical destruction
Windows Security Features
- Windows Defender: Built-in AV. Real-time protection, cloud-based scanning
- Windows Firewall: Built-in. Controls inbound/outbound. Profile-aware (Domain/Private/Public)
- UAC: User Account Control. Prompts before elevation. Don't disable!
- SmartScreen: Warns on unrecognized downloads and phishing sites
- Secure Boot: UEFI feature. Only signed bootloaders allowed
- TPM: Trusted Platform Module. Hardware security chip. Required for BitLocker and Win11
- NTFS permissions: Full, Modify, Read & Execute, Read, Write. DENY overrides ALLOW
- Share permissions: Full Control, Change, Read. Applies over network only
🚨 Critical Rule: When permissions conflict, the MORE RESTRICTIVE applies. If a user has Read via share and Full Control via NTFS, they get READ over the network. Also, DENY always overrides ALLOW — be careful assigning explicit Deny permissions.
📋
Domain 4.0 — Operational Procedures
Core 2 (220-1102) | Safety, environmental impacts, documentation, change management, and professionalism
22%
Safety Procedures
- ESD (Electrostatic Discharge): Static electricity damages components. Use anti-static wrist strap, mat, and bags
- Self-grounding: Touch metal case before handling components if no strap available
- High-voltage: Never open CRT monitors or laser printer fuser assemblies — capacitors hold charge after unplugging
- EMI: Electromagnetic Interference. Keep cables away from motors, fluorescent lights
- RFI: Radio Frequency Interference. Affects wireless. STP cables help reduce
- Lifting: Bend knees, back straight. Ask for help with heavy servers
- Fire extinguisher: Class C for electrical fires. CO2 or dry chemical. NEVER water
Environmental Controls
- MSDS/SDS: Material Safety Data Sheet — required info on chemical hazards
- Battery disposal: Li-Ion must go to recycling center. Cannot go in trash
- Toner disposal: Return to manufacturer or use toner recycling programs
- CRT disposal: Hazardous waste — contain lead. Use certified e-recycling
- Temperature: Data center: 64-80°F (18-27°C). Humidity: 40-60%
- UPS: Uninterruptible Power Supply. Battery backup for power outages. Provides surge protection too
- Surge protector: Protects from voltage spikes. Replace after absorbing large surge
- Power strip: NOT a surge protector. Just provides outlets
Documentation & Change Management
- Network diagram: Logical and physical maps of the network infrastructure
- Acceptable Use Policy (AUP): Rules for using company systems. Users must sign
- Change management: Document, approve, test, implement, verify, document changes
- Ticketing system: Track issues, resolutions, escalations, SLAs
- Incident report: Document security incidents — what happened, when, impact, response
- Inventory management: Track hardware/software assets, licenses, warranties
- SLA: Service Level Agreement — defines acceptable response & resolution times
- Rollback plan: Must exist before any change. Can you undo the change if it breaks something?
Professionalism & Communication
- Active listening: Don't interrupt. Let user finish explaining the issue
- Avoid jargon: Explain in plain language. Match technical level to user
- Set expectations: Tell user what you're doing, how long it may take
- Privacy: Don't share user data. Don't access data beyond what's needed
- Own the problem: Don't blame users or other departments publicly
- Difficult customers: Stay calm, don't argue, escalate if needed. Never match anger
- Personal calls/interruptions: Avoid personal calls during support session
- Confidentiality: Don't discuss work issues in public or on social media
Backup & Recovery
- Full backup: Everything. Slow to back up, fast to restore. Resets archive bit
- Incremental: Only changes since LAST backup. Fast backup, slow restore (needs full + all incrementals)
- Differential: Changes since LAST FULL backup. Medium backup speed, faster restore (full + latest differential)
- 3-2-1 Rule: 3 copies, 2 different media types, 1 offsite
- MTTR: Mean Time To Repair/Recover — average time to restore service
- MTBF: Mean Time Between Failures — average lifespan between failures
- RPO: Recovery Point Objective — max acceptable data loss (how old can backup be?)
- RTO: Recovery Time Objective — max acceptable time to restore service
Scripting & Remote Access
- .bat / .cmd: Windows batch scripts. Simple automation
- .ps1: PowerShell scripts. Powerful Windows automation. May need execution policy change
- .sh: Shell/Bash scripts for Linux/macOS
- .py: Python scripts. Cross-platform
- RDP (3389): Remote Desktop Protocol. Windows-to-Windows GUI remote access
- SSH (22): Secure Shell. Encrypted CLI remote access. Linux/macOS/network devices
- VNC: Virtual Network Computing. Cross-platform screen sharing
- VPN: Secure tunnel for remote access to corporate network
💡 Backup Types Memory Aid: Full = resets archive bit. Incremental = backs up changes since LAST backup (fastest to back up). Differential = backs up changes since LAST FULL (faster to restore than incremental). For fastest restore: Full + Differential. For least storage: Full + Incremental.