220-1202 CERTIFICATION PREP

CompTIA A+ Core 2 Study Guide

SYNTHESIZED FROM STAR V LEARNING CENTERS COURSE MATERIALS · JACKSONVILLE, FL

12 Modules 5 Exam Domains Exam 220-1202 Paired with Core 2 Flashcard App

// Exam Domain Weights (220-1202)

1. Operating Systems
31%
2. Security
25%
3. Software Troubleshooting
22%
4. Operational Procedures
22%
MOD 11

Managing Support Procedures

Obj 4.1 · 4.6 · 4.7 · 1.1
Documentation Hierarchy
PolicyHigh-level statement of organizational intent. Sets direction and expectations. "All user data must be encrypted at rest." All other documents derive from policy. Standard Operating Procedure (SOP)Step-by-step instructions for how to comply with a policy. Tells technicians exactly what to do. Examples: software installation procedure, new-user onboarding, end-user offboarding. GuidelinesRecommendations for complex or variable situations. Not mandatory — advisory. "We recommend using a password manager." Knowledge BaseSearchable repository of articles, SOPs, and resolved ticket documentation. Enables self-service (Tier 0) and faster agent resolution. Must be kept current. Lessons Learned / AARAfter-Action Report for critical incidents. Solicits input from users, technicians, managers, and stakeholders. Identifies root cause and creates or revises SOPs. Filed in knowledge base.
Service Level Agreements (SLAs)
DefinitionDefines expected service levels from internal departments or external vendors. Sets measurable metrics for uptime, response time, and performance. Uptime / The Nines99% = ~87.6 hrs/yr downtime · 99.9% = ~8.76 hrs/yr · 99.99% = ~52 min/yr · 99.999% = ~5.3 min/yr. Higher availability = more expensive to maintain. Internal SLAResource sharing, maintenance scheduling, and service delivery between internal departments. External SLAISP throughput guarantees, cloud service delivery, vendor support response times. Includes financial remedies (credits) for unmet metrics.
99.99% uptime = 52 minutes of downtime per year. This is the "four nines" standard. Know this calculation — it appears directly on the exam.
Ticketing Systems & Escalation
Ticket LifecycleUser contact → ticket generated → agent assigned → categorized by severity → troubleshoot or escalate → resolve → document → close. Severity LevelsLow (minor inconvenience, workaround available) → Medium (impacts productivity) → High (critical function down) → Critical (outage affecting many users or systems). Tier 0Self-service. Knowledge base, FAQs, chatbots. User resolves their own issue. No agent needed. Tier 1Initial agent contact. First-call resolution for common issues. Basic diagnosis and troubleshooting. Tier 2Escalation to senior technicians or third-party support. Issues beyond Tier 1 capability. Tier 3Escalation to engineers, developers, or senior managers. Complex or critical issues requiring deep expertise or executive decisions.
Ticket documentation must be clear (avoid jargon, plain language) and concise (as few words as possible). Fields: issue description, progress notes, resolution. Tickets may be reviewed by customers — write accordingly.
Professional Communication
  • Active listening — Let the customer finish. Do not interrupt. Confirm understanding by paraphrasing.
  • Clarifying questions — Ask open-ended questions to understand the issue. "When did this start?" "What changed recently?"
  • Positive attitude — View the situation as difficult, not the customer. Avoid negative or judgmental responses.
  • Acknowledge concerns — Validate the customer's frustration before diving into solutions.
  • Focus on solutions — Collaborative problem-solving. "Let's figure this out together."
  • Maintain discretion — Do not post customer incidents on social media. Confidentiality is non-negotiable.
  • Professional appearance — Dress appropriately for the environment. First impressions matter.
Operating System Types
OSTypeFile System(s)Key Notes
WindowsClosed-source commercialNTFS, FAT32, ReFS, exFATMost common enterprise OS. Multiple editions (Home/Pro/Enterprise).
macOSClosed-source (Apple)APFS (modern), HFS+ (legacy)UNIX-based. Apple hardware only. Proprietary ecosystem.
LinuxOpen-source, UNIX-derivedext4, XFS, BtrfsStandard or rolling release models. Many distros (Ubuntu, Fedora, RHEL).
Chrome OSGoogle's Linux-based OSext4Chromebooks only. Cloud-centric. Limited local software.
iOSApple mobile OSAPFSiPhone/iPad. Closed, walled garden. More restrictive than Android.
AndroidGoogle's Linux-based mobile OSext4, F2FSOpen-source core. Multiple manufacturers. More customizable than iOS.
End-of-life (EOL) = vendor stops issuing security patches. Running EOL software is a significant security risk. Always plan for OS lifecycle — upgrade or replace before EOL date.
MOD 12

Configuring Windows

Obj 1.6 · 1.10 · 1.11
Windows Settings vs Control Panel
Windows Settings AppModern, touch-enabled primary configuration interface. Organized by headings (System, Accounts, Privacy, etc.). Microsoft's replacement for Control Panel. Control PanelLegacy interface still present for additional configuration tasks. Contains applets not yet migrated to Settings. Both interfaces may be needed for full configuration.

Key Settings Areas

Accounts SettingsManage local accounts, Microsoft account linkage (for cloud sync), sign-in options, and account types (Administrator vs Standard). Privacy SettingsTelemetry and diagnostics, app permissions (camera, microphone, location), activity history. Review these when hardening a workstation. Time & LanguageDate/time, time zone, region, and language settings. Important for Kerberos authentication — clock skew >5 minutes causes authentication failures. Ease of AccessVision (high-contrast, Magnifier, Narrator), Hearing (volume, visual alerts, closed-captions), Interaction (keyboard, mouse, speech, eye control). Update & SecurityWindows Update (critical patches, optional updates, driver updates), Windows Security (Defender AV, Firewall), Activation (product key/license validation). Power OptionsSleep, hibernate, shutdown. High Performance, Balanced, Power Saver plans. Fast Startup. Important for laptops and desktops in enterprise.
File Explorer
Navigation PaneQuick Access, OneDrive, This PC, Network, Recycle Bin. Hierarchical folder tree on left side. File Explorer OptionsShow/hide file extensions, hidden files, system files, and protected OS files. Critical for troubleshooting — enable "show hidden items" and "show file extensions." Indexing OptionsManages which locations are indexed for fast search. Can add/remove indexed locations and configure indexing behavior. Key Folder LocationsC:\Windows = OS files. C:\Program Files = 64-bit apps. C:\Program Files (x86) = 32-bit apps. C:\Users\[name] = user profile data.
Administrative Tool Shortcuts
compmgmt.mscComputer Management — default admin console. Contains Device Manager, Disk Management, Event Viewer, Local Users and Groups, Services, etc. devmgmt.mscDevice Manager directly. diskmgmt.mscDisk Management — partition, format, initialize disks. eventvwr.mscEvent Viewer — view system, application, and security logs. secpol.mscLocal Security Policy — configure password policies, audit policies, user rights. services.mscServices console — start, stop, enable, disable Windows services. taskschd.mscTask Scheduler — automate tasks based on triggers (time, logon, events). regedit.exeRegistry Editor — view and edit Windows registry (five root hives: HKLM, HKCU, HKCR, HKU, HKCC). Incorrect edits = system instability. msconfig.exeSystem Configuration Utility — manage startup mode, boot options, startup services. For troubleshooting startup issues. msinfo32.exeSystem Information — comprehensive hardware/software report. Drivers, firmware, OS version, environment variables, network config. resmon.exeResource Monitor — advanced real-time monitoring beyond Task Manager. CPU, memory, disk, and network per-process detail. perfmon.mscPerformance Monitor — counter logs, trace logs, data collector sets for historical performance analysis. cleanmgr.exeDisk Cleanup — removes temp files, old Windows installs, Recycle Bin contents to reclaim disk space. dfrgui.exeOptimize Drives (Defragmenter) — defragments HDDs, TRIM operations for SSDs.
Know the .msc and .exe file names — the exam asks which tool you would use for a given task. Run dialog (Win+R): type the filename to launch directly. Win+X opens a quick-access shortcut menu to many of these tools.
Application Installation
System RequirementsCPU architecture, minimum RAM, minimum storage, GPU requirements (for graphics-intensive apps), and external hardware tokens. OS CompatibilityMatch app to OS version. 64-bit apps require 64-bit OS and CPU. 32-bit apps run on both. Linux apps may need to be compiled if not available for the distro. Distribution MethodsApp stores (sandboxed, verified), physical media, downloadable installer (verify with digital signature or hash), ISO files (for complex apps or VMs). Digital SignaturesWindows verifies digital signature of installers. Confirms authenticity and integrity. Use certutil to calculate and verify file hashes. Windows Subsystem for Linux (WSL)Enables running Linux distributions and applications directly on Windows. Enables Bash shell, Linux tools, and development environments without dual-boot.
Cloud-Based Applications
Cloud EmailMicrosoft 365 Outlook Web, Google Workspace Gmail. Access from any device, automatic sync, centralized management. Cloud StorageOneDrive, Google Drive, iCloud. Access files from any internet-connected device. Sync can be paused to manage bandwidth costs. Collaboration ToolsReal-time document editing (Google Docs, Microsoft 365), videoconferencing (Teams, Zoom), instant messaging. May need permission adjustments for camera/mic access. Identity SynchronizationSingle set of credentials for cloud and on-premises resources. Consistent permissions across environments. Managed via Microsoft Entra (formerly Azure AD) or similar. Reduces administrative burden. LicensingCloud apps have license terms just like local software. Violating terms leads to compliance penalties. Manage assignments via admin portals.
MOD 13

Managing Windows

Obj 1.4 · 1.5 · 1.7
Management Consoles
Local Users and GroupsCreate and manage user accounts, reset passwords, assign group memberships. Built-in groups: Administrators (full control), Users (standard), Guests (legacy only), Power Users (legacy app support). Disk ManagementInitialize new disks (MBR or GPT), create/delete/format partitions, manage volumes. System, boot, and recovery volumes are critical for OS function. Storage Spaces replaces dynamic disks for software RAID. Device ManagerView all hardware devices. Update, roll back, disable, or uninstall drivers. Check for device errors (yellow !) . Update drivers via Windows Update or manufacturer website. Group Policy EditorConfigure Windows and third-party software settings without editing registry directly. Each setting can be Enabled, Disabled, or Not Configured. Apply policies across computers on a domain. Certificate ManagerView, request, or import digital certificates. Key subfolders: Personal, Trusted Root CAs, Third-Party Root CAs. Removing a CA cert = browser/app no longer trusts certs it signed. Task SchedulerTrigger-based automation. Triggers: time, user logon, system events, machine wake. Multiple actions per task. All activity logged for auditing.
Command-Line Tools

Navigation & File Management

dirList files and directories. Switches: /a (hidden), /s (subdirectories), /o:n (sort by name), /o:s (sort by size), /o:d (sort by date). cdChange directory. cd .. = up one level. cd \ = root. cd path = navigate to path. copy / moveCopy or move files. Syntax: copy Source Destination. robocopyRobust file copy — handles retries, can copy directory structure, ACLs, timestamps. Switches: /S (subdirs), /E (empty dirs), /xf (exclude files). md / rdMake directory / Remove directory. rd /s /q removes directory and all contents without prompting. delDelete files. Does not move to Recycle Bin — permanent deletion.

Disk & System Management

diskpartAdvanced disk and partition management CLI. Commands: list disk, select disk, create partition, format, assign letter. More powerful than Disk Management GUI. formatCreate a new file system on a drive, erasing all data. Specify file system: format C: /fs:NTFS. chkdskCheck disk for file system errors and bad sectors. /f = fix errors, /r = recover bad sectors (requires reboot if drive is in use). sfc /scannowSystem File Checker. Scans for and repairs corrupted Windows system files. Run from elevated command prompt. shutdown/s = shutdown, /r = restart, /h = hibernate, /l = log off. /t 0 = immediately. net userManage user accounts from CLI. Create user, reset password, force password change at next login. Example: net user username password /add. gpupdateForce Group Policy refresh without waiting for next automatic update interval. gpresultDisplay applied Group Policy settings for the current user and computer. Useful for troubleshooting GPO issues. regsrv32Register or unregister DLL files. Used when application services fail to start due to missing registered components.
Windows Networking Configuration
Network Adapter ConfigSettings → Network & Internet, or ncpa.cpl (Network Connections). Set static IP or DHCP, DNS servers, gateway. Right-click adapter → Properties → IPv4. Network ProfilesPrivate (home/work) = discoverable, file sharing enabled. Public = not discoverable, more restrictive firewall. Domain = managed by Group Policy. UNC PathUniversal Naming Convention. Format: \\ServerName\ShareName. Used to access shared resources. Network Discovery must be enabled on Private profile. VPN ConfigurationSettings → Network & Internet → VPN. Add VPN connection (built-in client) or use third-party client software. WWANWireless Wide Area Network. Uses cellular network (3G/4G/5G) via USB adapter or internal module with SIM card. Backup or primary connection for mobile/remote users. Proxy SettingsSettings → Network & Internet → Proxy. Configure manually or via auto-detect. Proxy caches content and forwards requests. Transparent proxies require no client configuration. Windows Defender FirewallHost-based firewall. Configured via Settings or wf.msc (advanced). Add exceptions for specific apps, ports, or addresses. Domain, Private, and Public profiles each have independent rules.
MOD 14

Supporting Windows

Obj 1.5 · 3.1 · 4.9
Network Troubleshooting Commands
ipconfig /allFull IP configuration: IP address, subnet mask, gateway, MAC address, DNS servers, DHCP server, lease info. First step in network troubleshooting. ipconfig /releaseRelease current DHCP lease. ipconfig /renewRequest new DHCP lease. ipconfig /flushdnsClear local DNS resolver cache. Use when DNS changes aren't resolving. pingTest ICMP connectivity. Sequential ping test: 127.0.0.1 (loopback → TCP/IP stack) → own IP (NIC) → gateway (local routing) → remote IP (WAN routing) → hostname (DNS). tracertTrace route to destination. Shows each hop and round-trip time. Identifies where connectivity fails along the path. nslookupDNS query tool. Resolves hostnames to IPs and vice versa. If you can ping by IP but not hostname — DNS problem. Use nslookup to diagnose. netstatShows active connections and listening ports. Switches: -a (include UDP), -b (show owning process), -n (numeric addresses), -e (Ethernet stats), -s (per-protocol stats).
Can ping IP but not hostname = DNS issue. Can ping gateway but not remote IP = routing/ISP issue. Cannot ping gateway = local network issue. Cannot ping 127.0.0.1 = TCP/IP stack is broken.
Remote Access Technologies
RDP (Remote Desktop Protocol)Port 3389. Full graphical remote access. Not enabled by default — enable via Settings → System → Remote Desktop. Configure permitted users. NLA (Network Level Authentication) should be required. Requires Pro or higher. Microsoft Remote AssistanceUser sends invitation file with passcode to helper. Helper connects over RDP with chat feature. Can request control of user's desktop. Requires user consent. WinRMWindows Remote Management. Command-based management over HTTP/HTTPS (SOAP). Used for remote scripting and management. Does NOT provide a graphical interface — that's RDP. Compare: WinRM = CLI management, RDP = graphical control. SSHSecure Shell. Port 22. Encrypted command-line remote access. Two auth methods: password or public key. Host fingerprint verifies trusted server on first connection. VNCVirtual Network Computing. Cross-platform GUI remote access. Uses RFB protocol. Open-source alternative to RDP. Less secure by default — use with encryption. RMMRemote Monitoring and Management. Agent-based. Provides inventory, monitoring, automated patching, endpoint detection, remote network boot. Enterprise MSP tool.
Performance & Troubleshooting Tools
Task ManagerOpen: Ctrl+Shift+Esc. Tabs: Processes (CPU/RAM/disk/network per process), Performance (real-time graphs), App History (Store app usage), Startup (disable startup items), Users (per-user resource use), Details, Services. Event ViewerLogs: System, Application, Security, Setup. Severity levels: Critical, Error, Warning, Information, Audit Success/Failure. Use to investigate BSODs, service failures, and security events. Resource MonitorAdvanced snapshot monitoring beyond Task Manager. Per-process detail for CPU, memory, disk, and network. Good for identifying resource hogs and blocking processes. Performance MonitorCounter logs and trace logs for historical performance analysis. Monitor: CPU %, Memory (Available MB), Disk (Avg Queue Length), Network (% Utilization). Used for capacity planning. System Configuration (msconfig)Tabs: General (startup mode), Boot (BCD settings, Safe Boot options), Services (startup services), Startup (links to Task Manager), Tools (shortcuts to admin utilities).
Windows Boot Process & Recovery

Boot Sequence

Power on → POST (tests CPU, RAM, video, storage).
Firmware (BIOS or UEFI) identifies boot device and passes control to the bootloader.
BIOS: reads MBR → boot sector → boot manager reads BCD file. UEFI: reads GPT → UEFI boot manager reads BCD.
Windows Boot Manager loads Windows Boot Loader (winload.exe), which loads the kernel.
Kernel initializes, loads drivers, starts Session Manager (smss.exe) → Windows subsystems → Login screen.

Boot Recovery Tools

Advanced Boot OptionsBIOS: press F8 during boot. UEFI: hold Shift and Restart. Win11: Settings → System → Recovery → Advanced startup → Restart Now. Safe ModeLoads minimal drivers and services. Use to troubleshoot driver issues, malware, and startup problems. Safe Mode with Networking adds network support. WinRE (Windows Recovery Environment)Recovery tools: Startup Repair, System Restore, System Image Recovery, Command Prompt, Reset this PC. Access from boot options or recovery partition. System RestoreRolls back system configuration changes without affecting user files. Uses restore points. Enable via System Protection tab. Cannot undo if restore point doesn't exist. Driver/Update RollbackDevice Manager → Driver tab → Roll Back Driver. Windows Update → View update history → Uninstall updates. Reset this PCKeep my files (reinstalls Windows, removes apps) or Remove everything (full wipe + reinstall). Last resort before full reimage.
Common Windows Troubleshooting
BSOD (Blue Screen of Death)Kernel crash. Note stop error code. Check recent hardware/driver changes. Remove new hardware, check seating, run memory diagnostics, check for overheating. Slow BootEnable verbose status messages. Disable startup items in Task Manager. Check services. May be GPO delays or profile loading issues. Slow PerformanceTask Manager → find process at 90–100% CPU/RAM/disk. Kill or restart. If disk full → Disk Cleanup. Low RAM → close apps or add RAM. If not resource issue → apply updates, defrag HDD, disable startup items, malware scan. Application CrashingPreserve data first. Check Event Viewer for application errors. Try reinstalling the application. Use regsvr32 to re-register DLL components. Services Not StartingCheck if disabled. Check dependencies (a required service may be stopped). Verify sufficient privilege to start. Run sfc /scannow if core Windows services affected. Time DriftSystem clock desynced. Kerberos fails with >5 minute skew. Sync with NTP server (port 123). Check CMOS battery if clock resets after power off.
MOD 15

Securing Windows

Obj 2.1 · 2.2 · 1.7
Logical Security Concepts
CIA TriadConfidentiality (access controls, encryption), Integrity (hashing, digital signatures), Availability (redundancy, backups). Foundation of all security decisions. Least PrivilegeUsers and processes receive only the minimum permissions needed for their function. Nothing more. Reduces blast radius of compromised accounts. Implicit DenyDefault state is deny. Access must be explicitly granted. If no rule permits an action, it is blocked. Basis of ACL design. Access Control Lists (ACLs)List of permissions associated with a resource. Each entry is an ACE (Access Control Entry) defining what a principal (user or group) can do. UAC (User Account Control)Prompts for elevation before allowing admin-level changes. Standard users get credential prompt (enter admin password). Admins get consent prompt. Prevents silent privilege escalation. Implements JIT (Just-In-Time) access principles. PAM (Privileged Access Management)Controls, monitors, and secures access to privileged accounts. Logs and audits all privileged activity. Enforces separation of duties.
Windows Authentication Methods
Username & PasswordBasic authentication. Subject to phishing, brute force, and credential theft. Should be combined with MFA. Windows HelloModern authentication options: PIN (something you know, stored locally and device-bound), Fingerprint (something you are), Facial recognition via IR camera (something you are), Security key (something you have). MFATwo or more factors from different categories: something you know (password/PIN), something you have (smart card, token, phone), something you are (biometric). 2-step verification uses a soft token (authenticator app). TOTPTime-Based One-Time Password. Changes every 30 seconds. Google Authenticator, Microsoft Authenticator. Requires time sync between client and server. HOTPHMAC-Based One-Time Password. Counter-based. Valid until used. Physical tokens often use HOTP. SSO with SAMLSingle Sign-On using Security Assertions Markup Language. One authentication grants access to multiple systems. Reduces password fatigue.
Active Directory & Group Policy
Domain Controller (DC)Hosts Active Directory. Authenticates users and computers. Enforces Group Policy. Must have at least two DCs for redundancy. Member ServerJoined to domain but not a DC. Provides file/print/application services. Under control of domain administrators. Organizational Units (OUs)Containers in AD that group objects (users, computers, groups) for management. GPOs can be applied to OUs to configure settings for all members. Security GroupsAssign permissions to groups, then add users. Much easier to manage than per-user permissions. Types: Domain Local, Global, Universal. Group Policy Objects (GPOs)Apply configuration settings to users and computers in the domain. Control security settings, software deployment, login scripts, desktop configuration. Applied: Local → Site → Domain → OU (LSDOU). Last applied wins. Login ScriptsScripts that run at logon. Map network drives, install printers, apply settings. Assigned via GPO or user account properties.
NTFS vs Share Permissions
NTFS PermissionsApply both locally AND over the network. More granular. Full Control, Modify, Read & Execute, List Folder Contents, Read, Write. Applied at folder and individual file level. Inherited from parent by default. Share PermissionsApply ONLY when accessed over the network. Three options: Full Control, Change, Read. Less granular than NTFS. Effective PermissionsWhen both apply (network access), the MORE RESTRICTIVE of the two wins. NTFS=Modify + Share=Read → Effective=Read over network. Locally: only NTFS applies (no share permissions). Explicit DenyOverrides any Allow permission. Even if a user is in a group that has Allow, an explicit Deny on the user or another group beats it. InheritanceNTFS permissions flow from parent to child folders/files by default. Can be blocked at any point to create isolated permission sets.
NTFS permissions always apply — locally and over the network. Share permissions only apply over the network. When both are in effect, the most restrictive combination wins. Explicit Deny beats Explicit Allow every time.
Home Folders, Roaming Profiles & Folder Redirection
Home FolderPrivate mapped network drive for user personal files. Configured in AD user account properties. Data stored on file server, not local PC — enables centralized backup. Roaming ProfileUser profile stored on a server. Follows the user to any domain-joined computer. Downloads on login, uploads on logout. Large profiles = slow login/logout. Folder RedirectionGPO-based. Redirects specific folders (Documents, Desktop, AppData) to a network location. Transparent to user. Combined with offline files for laptop users.
MOD 16

Installing Operating Systems

Obj 1.2 · 1.3
Windows Editions
EditionKey FeaturesMax RAM (64-bit)Notes
HomeBasic features. No domain join, no Group Policy, no BitLocker, no RDP host.128 GBOEM or retail license. Consumer only.
ProDomain join, Group Policy Editor, BitLocker, RDP host, Hyper-V, Windows Sandbox.2 TBBusiness standard. Most common in enterprise desktops.
EnterpriseAll Pro features + DirectAccess, AppLocker, Credential Guard, App-V, BranchCache.2 TBVolume license only. Largest organizations.
EducationBased on Enterprise. For educational institutions.2 TBRequires institutional agreement.
If a feature requires Group Policy, BitLocker, RDP, or domain join — the answer is Windows Pro or higher. Windows Home does NOT support these features. This distinction is heavily tested.
32-bit vs 64-bit
32-bit CPUOnly runs 32-bit OS editions. Maximum 4 GB RAM addressable. Cannot run 64-bit software. 64-bit CPURuns both 32-bit and 64-bit OS. Supports vastly more RAM. 64-bit apps run faster on 64-bit OS. Modern standard. N EditionsEU-specific editions that exclude Windows Media Player and related technologies to comply with EU regulations. Home N, Pro N, etc.
Installation Types
Clean InstallWipes the target drive and installs a fresh OS. No settings or apps carried over. Best for troubleshooting or new hardware. Custom (advanced) install option in setup. In-Place UpgradeInstalls new OS version over existing. Preserves apps, settings, and user data. Requires compatible source OS version. Slower but less disruptive. Unattended / Answer FileAutomated install using an XML answer file (unattend.xml). Provides answers to all setup prompts without human interaction. Used for mass deployments. Network-Based / PXEBoot from network via DHCP + TFTP. Downloads OS image from deployment server. Requires no physical media. Scales to hundreds of machines simultaneously. MultibootMultiple OSes installed on one computer. Each OS requires its own partition. Boot menu appears at startup to select OS. Consider partition layout carefully before setup. Repair InstallReinstalls Windows while preserving user data and apps. Used when OS files are corrupted. Run from installation media, choose "Repair your computer."
Windows 11 Requirements
  • TPM 2.0 — Required. Must be enabled in BIOS/UEFI.
  • UEFI with Secure Boot — Required. Legacy BIOS is not supported.
  • Supported CPU — Intel 8th gen+ or AMD Ryzen 2000+. Some older CPUs blocked.
  • 64-bit only — No 32-bit edition of Windows 11.
  • RAM — 4 GB minimum.
  • Storage — 64 GB minimum.
  • Display — 720p minimum, 9" diagonal or greater.
TPM 2.0 + UEFI Secure Boot = hard requirements for Windows 11. If upgrading from Win10 and the check fails, most commonly TPM is disabled in BIOS or Secure Boot is disabled. Enable both in UEFI settings.
Disk Configuration
MBR (Master Boot Record)Legacy partitioning. Max 4 primary partitions. Max 2.2 TB per disk. Used with BIOS boot. Cannot use GPT features. GPT (GUID Partition Table)Modern standard. Max 128 partitions (Windows). No practical disk size limit. Required for UEFI boot and disks >2.2 TB.
MOD 17

Supporting Other Operating Systems

Obj 1.8 · 1.9
Linux Command Line

Navigation & File Management

lsList directory contents. ls -la shows all files including hidden, with permissions and details. cdChange directory. cd ~ = home directory. cd / = root. cd .. = up one level. pwdPrint working directory. Shows current path. cpCopy files or directories. cp -r for directories (recursive). mvMove or rename files/directories. rmDelete files. rm -r = delete directory and all contents. No Recycle Bin — permanent. mkdir / rmdirCreate / remove empty directory. df -hShow disk free space in human-readable format. du -shShow disk usage of a specific directory. cat / lessDisplay file contents. less allows scrolling. grepSearch for patterns in files. grep "error" /var/log/syslog finds error lines in the syslog. findSearch for files. find /home -name "*.txt" mount / umountMount or unmount filesystems. /etc/fstab defines filesystems to mount automatically at boot.

User & Permission Management

sudoRun command with superuser (root) privileges. Logs the command. Preferred over su for security. suSwitch user. su - switches to root with root's environment. chmodChange file permissions. Symbolic: chmod u+x file. Numeric (octal): chmod 755 file. Owner only can change. Read=4, Write=2, Execute=1. chownChange file ownership. Requires superuser. chown user:group file. Permission Formatrwxr-xr-- = Owner(rwx) Group(r-x) Other(r--). Each set: r=read(4), w=write(2), x=execute(1). Octal: 754.
Linux permission octal: 7=rwx, 6=rw-, 5=r-x, 4=r--, 0=---. chmod 755 = Owner rwx, Group r-x, Other r-x. Common: 644 (files) and 755 (directories/executables). Only the file owner or root can change permissions with chmod.

Package Management

APT (Debian/Ubuntu)apt updateapt upgradeapt install packageapt remove package. Package files: .deb DNF (RHEL/Fedora/CentOS)dnf check-updatednf upgradednf install packagednf remove package. Package files: .rpm

Network & Process Commands

pingTest connectivity. Ctrl+C to stop (Linux ping runs continuously by default). tracerouteLinux equivalent of Windows tracert. Traces path to destination. digDNS query tool. More detailed than nslookup. dig google.com MX queries MX records. curlTransfer data via URLs. Tests APIs. Downloads files. Supports HTTP, HTTPS, FTP. ps auxShow all running processes with details. top / htopReal-time process monitor (similar to Windows Task Manager). killTerminate a process by PID. kill -9 PID = force kill. crontab -eEdit scheduled tasks (cron jobs). Format: minute hour day month weekday command. Cron runs every minute, checks all user crontabs.
macOS Features
InterfaceMenu bar (top of screen), Dock (bottom — quick app/file access), Mission Control (F3 or gestures — manage windows and desktops), Spotlight (Cmd+Space — system-wide search). Terminal / ShellmacOS uses Zsh (Z shell) by default in modern versions. Bash was default before macOS Catalina. Access via Applications → Utilities → Terminal. System Folders/System = OS files (protected, do not modify). /Library = system-wide app resources. ~/Library = per-user app data. /Applications = installed apps. FindermacOS file manager equivalent to Windows File Explorer. Access iCloud Drive, local files, network shares. System SettingsSettings → System Settings (macOS Ventura+). Configure users, security, network, displays, sound, peripherals, privacy. Time MachineAutomatic backup to APFS or HFS+ drives. Hourly backups (last 24 hours), daily (last month), weekly (earlier). Oldest deleted when drive full. Can restore individual files or entire system. FileVaultmacOS full-disk encryption. Requires iCloud or recovery key. Encrypts entire startup drive using XTS-AES-128. iCloud & ContinuityLink Apple ID to macOS for iCloud sync (files, photos, keychain). Continuity features: Handoff (pass tasks between devices), AirDrop, Universal Clipboard. App InstallationApp Store (sandboxed, verified) or .dmg files (drag to Applications). Gatekeeper validates apps are signed by identified developers. Notarization provides additional validation.
MOD 18

Configuring SOHO Network Security

Obj 2.3 · 2.5 · 2.10 · 2.1
Social Engineering & Common Attacks
PhishingMass email attack using spoofed senders, fake websites, or malicious attachments. Tricks victims into revealing credentials or downloading malware. Spear PhishingTargeted phishing using personal details to appear legitimate. Higher success rate than generic phishing. WhalingSpear phishing targeting executives (CEO, CFO). Often requests wire transfers or confidential data. VishingVoice phishing via phone call. May use AI-generated voices to impersonate executives or support staff. SmishingSMS phishing. Text messages containing malicious links. QuishingQR code phishing. Malicious QR codes redirect victims to fake login pages or download malware. Evil TwinRogue Wi-Fi access point broadcasting same SSID as legitimate network. Victims connect unknowingly. Enables credential harvesting and MITM attacks. SQL InjectionInjects malicious SQL into input fields processed by a database. Can read, modify, or delete data. Prevent with parameterized queries, input sanitization, and stored procedures. Cross-Site Scripting (XSS)Injects malicious scripts into web pages viewed by other users. Steals cookies or executes code in victim's browser. Prevent with output encoding and input validation.
Wireless Security Protocols
ProtocolEncryptionAuthStatus
WEPRC4 (40/128-bit)Open / SharedBroken. Never use. Crackable in minutes.
WPA2-PSKAES-CCMPPre-shared key + 4-way handshakeCurrent standard. Handshake can be captured and cracked offline.
WPA3-SAEGCMP-128 / AES-CCMPSimultaneous Auth of Equals (SAE)Strongest. Resistant to offline dictionary attacks. Perfect forward secrecy.

Enterprise Authentication (802.1X)

802.1XPort-based access control. Three roles: Supplicant (client), Authenticator (switch/AP), Authentication Server (RADIUS). Client cannot access network until RADIUS server approves credentials. EAP-TLSMost secure. Both client and server use certificates. Mutual authentication. Requires PKI infrastructure for client certificates. PEAPProtected EAP. Server certificate only. Username/password inside TLS tunnel. Easier to deploy than EAP-TLS. RADIUSAAA server for Wi-Fi and VPN. Forwards credentials via shared secret. Port 1812 (auth) / 1813 (accounting). TACACS+Cisco-preferred for device administration (router/switch CLI access). Encrypts entire session. Port 49. TCP. KerberosTicket-based SSO. Used in Active Directory. RADIUS/TACACS+ access points support Kerberos in domain environments.
SOHO Router Security
Change Default CredentialsDefault admin username/password is publicly known. Change immediately on first login. Strong, unique password. Firmware UpdatesRouter firmware contains security vulnerabilities. Check manufacturer website or router admin interface regularly. Apply updates promptly. Inbound FilteringBlocks all inbound ports by default. Open specific ports via port forwarding only when needed. Never expose unnecessary services to the internet. Outbound FilteringAllows outbound connections by default. Restrict with content filters to block specific categories. Content FilteringBlocks malicious sites, URLs, and keywords. Parental controls can limit internet access times per device. Port ForwardingMaps an external port on the router's WAN IP to an internal device. Required for hosting services. Only forward what is needed. UPnP (Universal Plug and Play)Allows devices to automatically open ports. Convenience feature but significant security risk — disable UPnP if not needed for gaming consoles or VoIP only. Screened Subnet (DMZ)Isolated network segment for public-facing services. Separates internet-facing hosts from the internal LAN. In SOHO: router's DMZ host feature exposes one device to the internet. Wi-Fi Best PracticesUse WPA3 or WPA2-AES. Disable WPS (Wi-Fi Protected Setup — known vulnerabilities). Change default SSID. Use a guest network for IoT devices and visitors. Disable SSID broadcast if needed.
Physical Security Controls
Cable LockPhysically secures laptop to a desk via Kensington-style lock port. Deters opportunistic theft. Biometric LocksDoor locks using fingerprint, retina, or facial recognition. "Something you are" — hardest to fake. Smart Card / BadgeRFID-based access control. Logged entry/exit. Can be revoked remotely. "Something you have." Access Control Vestibule (Mantrap)Two-door airlock. Prevents tailgating. First door must close before second opens. RFID Asset TagsTrack physical assets. Tagged items trigger alarms if removed without authorization. Cameras / SurveillanceDeterrent and detective control. PTZ cameras for flexible coverage. Motion-triggered recording.
MOD 19

Managing Security Settings

Obj 2.2 · 2.4 · 2.6 · 2.7 · 2.11 · 3.4
Account Security Hardening
Password Best Practices12+ characters. Avoid personal info. Allow long passphrases. Don't require frequent expiration (NIST guidance). No deprecated complexity rules (special char every 90 days = outdated). Enable password managers. Change Default Admin AccountsRename or disable the built-in Administrator account. Change all default passwords. Limit who knows admin credentials. Log and monitor all admin account usage. Disable Guest AccountDisable unless required for specific use. Monitor guest Wi-Fi. Ensure compliance with security policies. Account Lockout PolicyLock account after X failed attempts (typically 3–5). Lockout duration or manual unlock. Prevents brute force attacks. Restrict PermissionsPrinciple of least privilege. Standard accounts for daily use. Admin accounts only for admin tasks. Limit number of admin accounts.
Workstation Security Tools
Windows Defender AntivirusBuilt-in AV. Uses signature-based and heuristic detection. Automatically replaced by third-party AV if installed. Real-time protection can be temporarily disabled (auto re-enables). Manage exclusions for false positives (VMs, etc.). Windows Defender FirewallHost-based firewall. Managed via Settings, Control Panel, or wf.msc. Configure rules by port, application, or address. Domain, Private, and Public profiles. Default: block inbound, allow outbound. EFS (Encrypting File System)File and folder encryption on NTFS volumes. Transparent to the encrypting user — files auto-decrypt on access. Only the encrypting user (and admin with recovery agent) can access. NOT available on Windows Home. Back up EFS certificate or risk permanent data loss. BitLockerFull volume encryption. Requires TPM 2.0 (preferred) or USB startup key. Requires Windows Pro or higher. BitLocker To Go = BitLocker for removable drives (USB). Recovery key must be backed up (AD, Microsoft account, or print). AutoRun/AutoPlayLegacy AutoRun auto-executed programs on inserted media — disable to prevent malware. Modern AutoPlay prompts user to choose action — safer but still review settings. Disable AutoRun completely via Group Policy. Execution ControlTrusted vs untrusted software sources. Only install from vetted, signed sources. AppLocker (Enterprise) restricts which executables can run.
EFS vs BitLocker: EFS = file/folder level, per-user, NTFS only, not available on Home. BitLocker = full disk/volume, TPM-based, requires Pro or higher. EFS protects files from other local users. BitLocker protects the whole drive if stolen. Both can be used together.
Browser Security
Trusted Download SourcesDownload browsers from official vendor sites only. Verify with hash check (certutil -hashfile filename SHA256). Avoid third-party download sites — common source of bundled malware. Extensions & Plug-insInstall only from official browser stores. Disable unused extensions. Plug-ins (Flash, Java) largely replaced by HTML5. Each extension is a potential attack surface. HTTPS & CertificatesPadlock icon = valid TLS certificate. Certificate validates identity of the server. CA (Certificate Authority) issues and signs certs. Enterprise: internal CA certs must be added to browsers. Private/Incognito BrowsingDoesn't save browsing history, cookies, or form data locally. Does NOT make you anonymous online — ISP, employer, and websites can still see traffic. Does NOT prevent malware. Clear Cache / Browsing DataRemoves stored cookies, cached files, browsing history. Useful for troubleshooting site issues or clearing sensitive session data. Browser HardeningKeep browser patched. Use ad blockers. Enable DNS over HTTPS (DoH). Disable password saving if using a password manager. Configure cookie settings. Enterprise: manage via Group Policy (GPMC).
Malware Removal Process
Identify and verify symptoms. Slow performance, pop-ups, redirections, fake alerts, unknown processes, high CPU/network usage.
Quarantine the infected system. Disconnect from network immediately. Prevents spread to other systems and stops C2 communication.
Disable System Restore. Prevents malware from hiding in restore points that would reinfect after cleaning.
Update definitions and scan in Safe Mode. Boot to Safe Mode to prevent malware from running during scan. Update AV definitions before scanning.
Remediate detected malware. Follow scanner recommendations. Quarantine or delete infected files.
Schedule scans and re-enable System Restore. Create a new, clean restore point.
Educate the user on how the infection occurred and how to prevent recurrence.
Quarantine first, then disable System Restore — in that order. The exam tests this sequence. Quarantine prevents spread. Disabling System Restore prevents reinfection from a restore point containing malware.

Common Malware Symptoms

Pop-ups and fake alerts Browser redirects Toolbars appeared Slow performance High CPU/network usage Unknown processes Files encrypted / ransom note AV disabled Accounts compromised
MOD 20

Supporting Mobile Software

Obj 2.1 · 2.8 · 3.2 · 3.3
Mobile OS Security
Screen LockPIN, password, pattern, fingerprint, or facial recognition. Prevents unauthorized physical access. Failed login attempts trigger increasing lockouts. Required for encryption to be meaningful. Data Protection EncryptioniOS: Full-device encryption enabled automatically when a passcode is set. Android: File-based encryption for user data and settings when screen lock is configured. Both use hardware-backed keys. Biometric AuthenticationFace ID / Touch ID (iOS), fingerprint / face unlock (Android). "Something you are." Faster than PIN. Backup PIN/password always required. MFA on MobileAuthenticator apps (Google Authenticator, Microsoft Authenticator) generate TOTP codes. More secure than SMS 2FA. SMS susceptible to SIM swapping. Remote WipeErase all data from a lost/stolen device remotely. Full wipe (everything) or selective wipe (corporate data only via MDM containerization). Find My Device (Android), Find My (iOS). Locator AppsGPS + Wi-Fi + Bluetooth triangulation. Can track, lock, send message, or wipe remotely. Requires device to be powered on and connected.
Mobile Device Management (MDM)
MDM FunctionCentrally manages and enforces security policies on enterprise and BYOD devices. Enroll devices, push configs, monitor compliance, remote wipe. Key MDM CapabilitiesConfigure Wi-Fi and VPN profiles, enforce passcode/encryption, manage installed apps, regulate network access, enable/disable device features, remote updates, compliance monitoring. Microsoft IntuneCloud-based EMM (Enterprise Mobility Management). Manages iOS, Android, Windows, and macOS. Part of Microsoft 365. Integrates with Azure AD.

Deployment Models

BYODBring Your Own Device. Employee owns. Lower cost to org. Less control and higher security risk. MDM containerization separates personal and corporate data. COPECorporate Owned, Personally Enabled. Org owns, allows limited personal use. Best balance of control and flexibility. COBOCorporate Owned, Business Only. Strictest control. No personal use. Common for shared devices (kiosks, field tablets). CYODChoose Your Own Device. Employee selects from org-approved device list. Org owns.
Mobile Security Threats
Rooting (Android)Gaining superuser access through exploits or authorized unlock methods. Removes OS security restrictions. MDM should detect and block rooted devices from corporate access. Jailbreaking (iOS)Gains root access to iOS. Enables sideloading and customizations. Bypasses Apple's security model. Significantly weakens device security. SideloadingInstalling apps from outside official app stores. Bypasses app vetting. Major source of mobile malware. MDM can prevent sideloading. Android allows it natively; iOS requires jailbreak. Malware SymptomsExcessive ads, fake security warnings, slow response, unexpected data usage, 2FA alerts on accounts you didn't initiate, high battery drain, apps you didn't install. Location PrivacyPhotos contain GPS geotags in EXIF metadata. Strip geotags before sharing publicly. Review which apps have location permission and whether it should be Always, While Using, or Never.
Mobile Troubleshooting
Performance IssuesReboot first (clears RAM). Check storage (low storage degrades performance on both iOS and Android). Identify resource-intensive apps. Consider factory reset if persistent. Safe Mode (Android)Boots with only system apps — disables all third-party apps. Diagnoses whether a third-party app is causing the issue. Access by holding power button → long-press Power Off. App IssuesForce stop → clear cache → clear data → uninstall and reinstall. Check for app updates. Failed OS UpdateCheck: sufficient storage (iOS needs ~2GB free), battery (charge to 50%+), internet connection, device compatibility with new OS version. Connectivity IssuesToggle airplane mode (resets all radios). Forget and reconnect to Wi-Fi network. Check Bluetooth pairing. For NFC: unlock device, enable NFC, hold close to reader. Check carrier signal for cellular. Factory ResetLast resort — erases all data. iOS: Settings → General → Transfer or Reset iPhone → Erase All Content. Android: Settings → General Management → Reset → Factory Data Reset. Back up first.
MOD 21

Using Data Security

Obj 4.3 · 2.1 · 2.9 · 4.6 · 4.10
Backup Methods & Strategy
TypeWhat's Backed UpArchive BitBackup SpeedRestore Speed
FullAll selected data regardless of previous backupClearedSlowestFastest (1 set)
IncrementalChanged since last backup (full OR incremental)ClearedFastestSlowest (full + all incrementals)
DifferentialChanged since last FULL onlyNOT clearedModerate (grows over time)Moderate (full + latest diff)

Backup Best Practices

3-2-1 Rule3 copies of data, on 2 different media types, with 1 copy stored off-site. Gold standard for backup strategy. Protects against hardware failure, local disaster, and site-level events. GFS Rotation SchemeGrandfather-Father-Son. Son = daily (reused weekly). Father = weekly (reused monthly). Grandfather = monthly (reused yearly). Structured tape rotation for long-term retention. Off-site / CloudOff-site reduces risk from local disasters (fire, flood, theft). Cloud backup provides geographic redundancy and accessibility. Backup TestingAn untested backup is not a backup. Regularly perform test restores. Verify backup integrity. Document recovery procedures and test them. Windows Backup ToolsFile History (incremental per-file backup, Previous Versions tab). Backup and Restore Center (system image backup). Reset this PC (not a backup — wipes and reinstalls).
Data Classification & Handling
Regulated DataData subject to legal requirements: PII (Personally Identifiable Information), PHI (Protected Health Information, HIPAA), PCI (cardholder data, PCI DSS), financial records, student records (FERPA). Prohibited ContentData on a system not permitted by policy or regulation. Examples: pirated software, illicit content, unauthorized confidential data. Technicians must report findings through proper channels. Licensing ComplianceSoftware must be properly licensed. Product key generates unique product ID. DRM (Digital Rights Management) limits device count. Violating license terms = compliance risk. Review EULA before installation. NDA (Non-Disclosure Agreement)Legally binding contract protecting sensitive information shared between parties. Prevents disclosure to third parties. Sign before accessing confidential client or company data. Open Source LicensingPermissive (MIT, Apache): free to use, modify, and distribute — even in proprietary products. Copyleft (GPL): derivative works must also be open source. Permissive = less restrictive.
Data Destruction & Disposal
Erasing / WipingSoftware overwrites all data on the drive. Third-party tools (DBAN, Eraser). Secure for HDDs. Not reliable for SSDs due to wear leveling. Low-Level FormatVendor tool that overwrites at the hardware level. More thorough than OS-level format. Still software-based. DegaussingStrong magnetic field destroys magnetic data patterns. Renders HDD permanently unusable. Effective for magnetic media only — useless on SSDs. Physical DestructionShredding (industrial), drilling/punching platters, crushing. Absolute certainty — no data recovery possible. Best for SSDs, optical media, and when degaussing isn't available. SanitizationThorough removal of all data so no file remnants can be recovered. Combination of overwriting and verification. Required before selling, donating, or disposing of any device. Recycling / E-WasteElectronics contain hazardous materials (lead, mercury, cadmium). Must be disposed via certified e-waste facilities. Never standard trash. Batteries require separate recycling.
Artificial Intelligence Basics
NLP (Natural Language Processing)AI understanding and generating human language. Powers chatbots, voice assistants, and text analysis. ML (Machine Learning)AI learning from data to make predictions without being explicitly programmed. Requires quality training data. CV (Computer Vision)AI interpreting visual information from images and video. Used in security cameras, facial recognition, and medical imaging. AI LimitationsBias (AI inherits biases from training data), Hallucinations (generates false/fabricated information confidently), Accuracy (output quality depends on training data quality). Always verify AI output before use. Public vs Private AIPublic (ChatGPT, Gemini): openly accessible, trained on public data. Private: organization-specific, may use internal/proprietary data. Protect sensitive data — never input confidential info into public AI models. AI Policy / AUPOrganizations should establish AI acceptable use policies: what AI tools are permitted, restrictions on inputting sensitive data, attribution rules, prohibition of AI-generated work without disclosure.
MOD 22

Implementing Operational Procedures

Obj 4.1 · 4.2 · 4.4 · 4.5 · 4.8
Change Management
Submit Request for Change (RFC). Document what change is needed, why, and the expected impact.
Risk Analysis. Identify impact on critical systems, safety risks, severity, and cause-effect relationships.
CAB Review. Change Advisory Board evaluates business case, risk, and technical impact. Minor changes approved by supervisor. Major changes require CAB.
Schedule and approve. Define maintenance window. Notify affected users and stakeholders.
Implement. Follow approved change procedure. Peer review verifies accuracy before restoring service.
Rollback plan ready. Define backout procedure if change causes issues. Execute rollback if needed.
End-user acceptance and document. Confirm functionality with users. Update documentation, diagrams, and policies.
Asset Management
Asset InventoryTrack: asset name, ID/tag, manufacturer, model, serial number, specs, purchase date, warranty expiration, location, assigned user. Use CMDB (Configuration Management Database), spreadsheets, or ticketing systems. Lifecycle ManagementProcurement → deployment → maintenance → end-of-life → disposal. Plan replacements before EOL — don't wait until hardware fails or software becomes unsupported. Software LicensingTrack all software licenses. Maintain compliance — audit regularly. License violations = legal and financial risk. Document license type (per seat, per device, concurrent, OEM, volume). Warranty & SupportDocument warranty expiration dates. Know what is covered (parts, labor, on-site). Service plan tiers: on-site 4-hour same day (highest cost), same business day, next business day.
Electrical Safety
General RulesDisconnect power before working on hardware. Never access PSU internals — capacitors retain charge even unplugged. Use insulated tools. Know power shutoff locations. Fire SafetyElectrical fires: use CO₂ extinguisher (Class C). Never use water on electrical fires. Know the location of power shutoffs. ESD (Electrostatic Discharge)Static electricity can damage components invisible to the eye. Mitigate: wear ESD wrist strap (grounded), use anti-static mats, keep components in anti-static bags, avoid carpet areas. Ground yourself before touching components. UPS SizingVA = Wattage × 1.67. Size UPS at 20–30% above calculated load. Runtime depends on battery capacity (Ah) and actual load. UPS bridges gap between power loss and generator start.

Power Issues & Mitigations

Surge / SpikeBrief voltage increase. Can damage components. Mitigate with surge suppressor. BrownoutSustained voltage reduction. High-power equipment causes this. UPS and line conditioner help. BlackoutComplete power loss. UPS allows graceful shutdown. Generator provides extended power for critical systems. Surge SuppressorFilters voltage spikes. NOT the same as a power strip (which has no surge protection). Check joule rating — higher = better protection.
Environmental & Safety Procedures
Hazardous Materials (MSDS/SDS)Material Safety Data Sheet / Safety Data Sheet. Provides handling, storage, and disposal guidelines for hazardous materials. Always consult MSDS before handling toner, chemicals, batteries. Toner HandlingWear gloves, goggles, and mask — toner is a fine particulate. If spilled, use a toner vacuum (not regular vacuum — spreads particles). Use vendor disposal/recycling programs. Battery DisposalNever standard trash. Recycle via certified programs. Lithium batteries can cause fires if punctured or disposed of incorrectly. E-Waste DisposalElectronics contain lead, mercury, cadmium, and other toxins. Use certified e-waste recycling facilities. Document the disposal for compliance. Temperature & HumidityAllow new equipment to adjust to room temperature before powering on (prevents condensation). Maintain ~50% relative humidity. Ventilation prevents heat buildup. Dust CleanupUse compressed air or PC vacuum. Wear mask (fine dust). Never use toner in a regular vacuum. Clean regularly — dust causes overheating. Lifting SafetyKeep load close to body, at waist level. Bend at knees, not waist. No twisting. Get help for heavy objects. Use proper equipment (dolly, lift) for servers and UPS units. Trip HazardsSecure cables — use cable management trays, ties, and covers. Never run cables across walkways without covers. Comply with building codes.
Scripting Basics
LanguageExtensionPlatformNotes
Bash.shLinux / macOSSet execute: chmod +x script.sh. Run: ./script.sh. Comment: #. Shebang: #!/bin/bash.
PowerShell.ps1Windows (also Linux/macOS)Cmdlets use Verb-Noun format (Get-Process, Set-Item). Edit in PowerShell ISE or VS Code. Comment: #.
Batch.bat / .cmdWindows (legacy)CMD-based. Simple automation. Comment: REM. Limited compared to PowerShell.
VBScript.vbsWindowsLegacy. Runs via wscript.exe or cscript.exe. Comment: ' (apostrophe).
Python.py / .pywCross-platformPython 3 current standard (Python 2 EOL 2020). Interpreter-based. Comment: #.
JavaScript.jsBrowsers / serversWeb scripting. Node.js for server-side. JXA for macOS automation.

Core Script Constructs

VariablesStore values. Bash: NAME="value" (no spaces). PowerShell: $name = "value". Reference with $NAME (Bash) / $name (PS). Comments# in Bash, PowerShell, Python. REM in Batch. ' in VBScript. Comments are not executed — used for documentation. Shebang (#!)First line of Unix scripts. Specifies interpreter. #!/bin/bash. NOT a comment despite starting with #. Control FlowIf/else (conditional branching). For/while/until loops (repetition). Prevent infinite loops — always include an exit condition. OperatorsComparison: ==, !=, <, >. Logical: && (AND), || (OR).

Scripting Best Practices

  • Test in development before deploying to production. Never test destructive scripts live.
  • Run with minimal privileges — don't run scripts as admin unless absolutely required.
  • Scan for vulnerabilities — scripts can be attack vectors; restrict who can modify them.
  • Avoid infinite loops — always include exit conditions and handle edge cases.
  • Comment your code — future maintainers (and future you) will thank you.
  • Store securely — restrict access to script files; treat scripts containing credentials as secrets.