1.1 Compare and contrast common operating system types and their purposes.
• 32-bit vs. 64-bit • Workstation operating systems • Cell phone/tablet operating systems • Vendor-specific limitations • Compatibility concerns between operating systems
1.2 Compare and contrast features of Microsoft Windows versions.
• Windows 7 • Windows 8 • Windows 8.1 • Windows 10 • Corporate vs. personal needs
1.3 Summarize general OS installation considerations and upgrade methods.
• Boot methods • Type of installations • Partitioning • File system types/formatting • Load alternate third-party drivers when necessary • Workgroup vs. Domain setup • Time/date/region/language settings • Driver installation, software, and Windows updates • Factory recovery partition • Properly formatted boot drive with the correct partitions/format • Prerequisites/hardware compatibility • Application compatibility • OS compatibility/upgrade path
1.4 Given a scenario, use appropriate Microsoft command line tools.
• shutdown • dism • sfc • chkdsk • diskpart • taskkill • gpupdate • gpresult • format • copy • xcopy • robocopy • net use • net user • [command name] /? • Commands available with standard privileges vs. administrative privileges
1.5 Given a scenario, use Microsoft operating system features and tools.
• Administrative • MSConfig • Task Manager • Disk Management • System utilities
1.6 Given a scenario, use Microsoft Windows Control Panel utilities.
• Internet Options • Display/Display Settings • User Accounts • Credential Manager • Programs and features • HomeGroup • Devices and Printers • Sound • Troubleshooting • Network and Sharing Center • Device Manager • Bitlocker • Sync Center
1.7 Summarize application installation and configuration concepts.
• System requirements • OS requirements • Methods of installation and deployment • Local user permissions
1.8 Given a scenario, configure Microsoft Windows networking on a client/desktop.
• HomeGroup vs. Workgroup • Domain setup • Network shares/administrative shares/mapping drives • Printer sharing vs. network printer mapping • Establish networking connections • Proxy settings • Remote Desktop Connection • Remote Assistance • Home vs. Work vs. Public network settings • Firewall settings
1.9 Given a scenario, use features and tools of the Mac OS and Linux client/desktop operating systems.
• Best practices • Tools • Features • Basic Linux commands
2.1 Summarize the importance of physical security measures.
• Mantrap • Badge reader • Smart card • Security guard • Door lock • Biometric locks • Hardware tokens • Cable locks • Server locks • USB locks • Privacy screen • Key fobs • Entry control roster
2.2 Explain logical security concepts.
• MDM policies • Port security • MAC address filtering • Certificates • Antivirus/Anti-malware • Firewalls • User authentication/strong passwords • Multifactor authentication • Directory permissions • VPN • DLP • Access control lists • Smart card • Email filtering • Trusted/untrusted software sources • Principle of least privilege
2.3 Compare and contrast wireless security protocols and authentication methods
• Protocols and encryption • Authentication
2.4 Given a scenario, detect, remove, and prevent malware using appropriate tools and methods.
• Malware • Tools and methods
2.5 Compare and contrast social engineering, threats, and vulnerabilities.
• DDoS • DoS • Zero-day • Man-in-the-middle • Brute force • Dictionary • Rainbow table • Spoofing • Non-compliant systems • Zombie
2.6 Compare and contrast the differences of basic Microsoft Windows OS security settings.
User and groups • NTFS vs. share permissions • Shared files and folders • Run as administrator vs. standard user • BitLocker • BitLocker To Go • EFS
2.7 Given a scenario, implement security best practices to secure a workstation.
• Password best practices • Account management • Disable autorun • Data encryption • Patch/update management
2.8 Given a scenario, implement methods for securing mobile devices.
3.1 Given a scenario, troubleshoot Microsoft Windows OS problems.
• Common symptoms • Common solutions
3.2 Given a scenario, troubleshoot and resolve PC security issues.
• Common symptoms
3.3 Given a scenario, use best practice procedures for malware removal.
1. Identify and research malware symptoms. 2. Quarantine the infected systems. 3. Disable System Restore (in Windows). 4. Remediate the infected systems. 5. Schedule scans and run updates. 6. Enable System Restore and create a restore point (in Windows). 7. Educate the end user.
3.4 Given a scenario, troubleshoot mobile OS and application issues.
• Common symptoms
3.5 Given a scenario, troubleshoot mobile OS and application security issues.
• Common symptoms
4.0 Operational Procedures
4.1 Compare and contrast best practices associated with types of documentation.
Network topology diagrams • Knowledge base/articles • Incident documentation • Regulatory and compliance policy • Acceptable use policy
4.2 Given a scenario, implement basic change management best practices.
Documented business processes • Purpose of the change • Scope the change • Risk analysis • Plan for change • End-user acceptance
4.3 Given a scenario, implement basic disaster prevention and recovery methods
• Surge protector • Cloud storage vs. local storage backups • Account recovery options • Backup testing • UPS
4.4 Explain common safety procedures
• Equipment grounding • Proper component handling and storage
4.5 Explain environmental impacts and appropriate controls.
• MSDS documentation for handling and disposal • Temperature, humidity level awareness, and proper ventilation
4.6 Explain the processes for addressing prohibited content/ activity, and privacy, licensing, and policy concepts.
• Incident response • Licensing/DRM/EULA • Regulated data Follow all policies and security best practices
4.7 Given a scenario, use proper communication techniques and professionalism.
• Use proper language and avoid jargon, acronyms, and slang, when applicable • Maintain a positive attitude/ project confidence • Actively listen (taking notes) and avoid interrupting the customer • Be culturally sensitive
This attack targets the most important people in an organization. Most times CEO’s, CFO’s or key personnel in the I.T. department. The name can be understood by this analogy. A hunter can cast a wide net and catch a lot of small fish or he can use a spear to catch a few big fish. The attack is usually done via phone, email or in person thru social engineering.
Educating all users about threat mitigation and potential threats can reduce the effects of spear phishing.
I’ll bet your reading this blog in a chrome browser… How do I know? Because chrome is currently the #1 used browser in the world! But did you know Google Chrome has an incognito mode? When in Incognito mode browsing history is not cached. Allowing a person to browse the web without storing data to the local device. So with incognito mode, you can pretty much do whatever you want right? Wrong! While incognito mode doesn’t store browsing history on the local machine, it still sends information to the DNS server as well as the internet service provider. So is incognito mode useless? Incognito mode is far from useless and adds an additional layer of security. Althoguh a dedicated VPN would be a better solution to have complete anonymity.