A+

Core 1

1.0 Mobile Devices

1.1 Given a scenario, install and configure laptop hardware and components.

Hardware/device replacement
- Battery
- Keyboard/keys
- Random-access memory (RAM)
- Hard disk drive (HDD)/solid state drive (SSD) migration
- HDD/SSD replacement
- Wireless cards

Physical privacy and security components
- Biometrics
- Near-field scanner features

1.2 Compare and contrast the display components of mobile devices.

Types
- Liquid crystal display (LCD)
  - In-plane switching (IPS)
  - Twisted nematic (TN)
  - Vertical alignment (VA)
- Organic light-emitting diode (OLED)

Mobile display components
WiFi antenna connector/placement
Camera/webcam
Microphone
Touch screen/digitizer
Inverter

1.3 Given a scenario, set up and configure accessories and ports of mobile devices.

Connection methods
- Universal Serial Bus (USB)/USB-C/microUSB/miniUSB
- Lightning
- Serial interfaces
- Near-field communication (NFC)
- Bluetooth
- Hotspot

Accessories
- Touch pens
- Headsets
- Speakers
- Webcam
Docking station
Port replicator
Trackpad/drawing pad

1.4 Given a scenario, configure basic mobile-device network connectivity and application support.

Wireless/cellular data network (enable/disable)
- 2G/3G/4G/5G
- Hotspot
- Global System for Mobile Communications (GSM) vs. code-division multiple access (CDMA)
- Preferred Roaming List (PRL) updates
Bluetooth
- Enable Bluetooth
- Enable pairing
- Find a device for pairing
- Enter the appropriate PIN code
- Test connectivity
Location services
- Global Positioning System (GPS) services
- Cellular location services

Mobile device management (MDM)/mobile application management (MAM)
- Corporate email configuration
- Two-factor authentication
- Corporate applications
Mobile device synchronization
- Account setup
  - Microsoft 365
  - Google Workspace
  - iCloud
- Data to synchronize
  - Mail
  - Photos
  - Calendar
  - Contacts
  - Recognizing data caps

2.0 Networking

2.1 Compare and contrast Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports, protocols, and their purposes.

Ports and protocols
- 20/21 - File Transfer Protocol (FTP)
- 22 - Secure Shell (SSH)
- 23 - Telnet
- 25 - Simple Mail Transfer Protocol (SMTP)
- 53 - Domain Name System (DNS)
- 67/68 - Dynamic Host Configuration Protocol (DHCP)
- 80 - Hypertext Transfer Protocol (HTTP)
- 110 - Post Office Protocol 3 (POP3)
- 137/139 - Network Basic Input/Output System (NetBIOS)/NetBIOS over TCP/IP (NetBT)
- 143 - Internet Mail Access Protocol (IMAP)
- 161/162 - Simple Network Management Protocol (SNMP)
- 389 - Lightweight Directory Access Protocol (LDAP)
- 443 - Hypertext Transfer Protocol Secure (HTTPS)
- 445 - Server Message Block (SMB)/Common Internet File System (CIFS)
- 3389 - Remote Desktop Protocol (RDP)

TCP vs. UDP
- Connectionless
  - DHCP
  - Trivial File Transfer Protocol (TFTP)
- Connection-oriented
  - HTTPS
  - SSH

2.2 Compare and contrast common networking hardware.

Routers
Switches
- Managed
- Unmanaged
Access points
Patch panel
Firewall

Power over Ethernet (PoE)
- Injectors
- Switch
- PoE standards
Hub
Cable modem
Digital subscriber line (DSL)
Optical network terminal (ONT)
Network interface card (NIC)
Software-defined networking (SDN)

2.3 Compare and contrast protocols for wireless networking.

Frequencies
- 2.4GHz
- 5GHz
Channels
- Regulations
- 2.4GHz vs. 5GHz
Bluetooth

802.11
- a
- b
- g
- n
- ac (WiFi 5)
- ax (WiFi 6)

Long-range fixed wireless
- Licensed
- Unlicensed
- Power
- Regulatory requirements for wireless power
NFC
Radio-frequency identification (RFID)

2.4 Summarize services provided by networked hosts.

Server roles
- DNS
- DHCP
- Fileshare
- Print servers
- Mail servers
- Syslog
- Web servers
- Authentication, authorization, and accounting (AAA)

Internet applicances
- Spam gateways
- Unified threat management (UTM)
- Load balancers
- Proxy servers
Legacy/embedded systems
- Supervisory control and data acquisition (SCADA)
Internet of Things (IoT) devices

2.5 Given a scenario, install and configure basic wired/wireless small office/home office (SOHO) networks.

Internet Protocol (IP) addressing
- IPv4
  - Private addresses
  - Public addresses
- IPv6
- Automatic Private IP Addressing (APIPA)
- Static
- Dynamic
- Gateway

2.6 Compare and contrast common network configuration concepts.

DNS
- Address
  - A
  - AAAA
- Mail exchanger (MX)
- Text (TXT)
  - Spam management
    - DomainKeys Identified Mail (DKIM)
    - Sender Policy Framework (SPF)
    - Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DHCP
- Leases
- Reservations
- Scope
Virtual LAN (VLAN)
Virtual private network (VPN)

2.7 Compare and contrast Internet connection types, network types, and their features.

Internet connection types
- Satellite
- Fiber
- Cable
- DSL
- Cellular
- Wireless Internet service provider (WISP)

Network types
- Local area network (LAN)
- Wide area network (WAN)
- Personal area network (PAN)
- Metropolitan area network (MAN)
- Storage area network (SAN)
- Wireless local area network (WLAN)

2.8 Given a scenario, use networking tools.

Crimper
Cable stripper
WiFi analyzer
Toner probe

Punchdown tool
Cable tester
Loopback plug
Network tap

3.0 Hardware

3.1 Explain basic cable types and their connectors, features, and purposes.

Network cables
- Copper
  - Cat 5
  - Cat 5e
  - Cat 6
  - Cat 6a
  - Coaxial
  - Shielded twisted pair
    - Direct burial
  - Unshielded twisted pair
- Plenum
- Optical
  - Fiber
- T568A/T568B

Peripheral cables
- USB 2.0
- USB 3.0
- Serial
- Thunderbolt
Video cables
- High-Definition Multimedia Interface (HDMI)
- DisplayPort
- Digital Visual Interface (DVI)
- Video Graphics Array (VGA)
Hard drive cables
- Serial Advanced Technology Attachment (SATA)
- Small Computer System Interface (SCSI)
- External SATA (eSATA)
- Integrated Drive Electronics (IDE)

3.2 Given a scenario, install the appropriate RAM.

RAM types
- Virtual RAM
- Small outline dual inline memory module (SODIMM)
- Double Data Rate 3 (DDR3)
- Double Data Rate 4 (DDR4)
- Double Data Rate 5 (DDR5)
- Error correction code (ECC) RAM

Single-channel
Dual-channel
Triple-channel
Quad-channel

3.3 Given a scenario, select and install storage devices.

Hard drives
- Speeds
  - 5,400rpm
  - 7,200rpm
  - 10,000rpm
  - 15,000rpm
- Form factor
  - 2.5
  - 3.5

SSDs
- Communications interfaces
  - Non-volatile Memory Express (NVMe)
  - SATA
  - Peripheral Component Interconnect Express (PCIe)
- Form factors
  - M.2
  - mSATA

Drive configurations
- Redundant Array of Independent (or Inexpensive) Disks (RAID) 0, 1, 5, 10
Removable storage
- Flash drives
- Memory cards
- Optical drives

3.4 Given a scenario, install and configure motherboards, central processing units (CPUs), and add-on cards.

Motherboard form factor
- Advanced Technology eXtended (ATX)
- Information Technology eXtended (ITX)
Motherboard connector types
- Peripheral Component Interconnect (PCI)
- PCI Express (PCIe)
- Power connectors
- SATA
- eSATA
- Headers
- M.2
Motherboard compatibility
- CPU sockets
  - Advanced Micro Devices, Inc. (AMD)
  - Intel
- Server
- Multisocket
- Desktop
- Mobile
Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) settings
- Boot options
- USB permissions
- Trusted Platform Module (TPM) security features
- Fan considerations
- Secure Boot
- Boot password

Encryption
- TPM
- Hardware security module (HSM)
CPU architecture
- x64/x86
- Advanced RISC Machine (ARM)
- Single-core
- Multicore
- Multithreading
- Virtualization support
Expansion cards
- Sound card
- Video card
- Capture card
- NIC
Cooling
- Fans
- Heat sink
- Thermal paste/pads
- Liquid

3.5 Given a scenario, install or replace the appropriate power supply.

Input 110-120 VAC vs. 220-240 VAC
Output 3.3V vs. 5V vs. 12V
20-pin to 24-pin motherboard adapter

Redundant power supply
Modular power supply
Wattage rating

3.6 Given a scenario, deploy and configure multifunction devices/printers and settings.

Properly unboxing a device – setup location considerations
Use appropriate drivers for a given OS
- Printer Control Language (PCL) vs. PostScript
Device connectivity
- USB
- Ethernet
- Wireless
Public/shared devices
- Printer share
- Print server

Configuration settings
- Duplex
- Orientation
- Tray settings
- Quality
Security
- User authentication
- Badging
- Audit logs
- Secured prints
Network scan services
- Email
- SMB
- Cloud services
Automatic document feeder (ADF)/flatbed scanner

3.7 Given a scenario, install and replace printer consumables.

Laser
- Imaging drum, fuser assembly, transfer belt, transfer roller, pickup rollers, separation pads, duplexing assembly
- Imaging process: processing, charging, exposing, developing, transferring, fusing, and cleaning
- Maintenance: Replace toner, apply maintenance kit, calibrate, clean
Inkjet
- Ink cartridge, print head, roller, feeder, duplexing assembly, carriage belt
- Calibration
- Maintenance: Clean heads, replace cartridges, calibrate, clear jams

Thermal
- Feed assembly, heating element
- Special thermal paper
- Maintenance: Replace paper, clean heating element, remove debris
- Heat sensitivity of paper
Impact
- Print head, ribbon, tractor feed
- Impact paper
- Maintenance: Replace ribbon, replace print head, replace paper
3-D printer
- Filament
- Resin
- Print bed

4.0 Virtualization and Cloud Computing

4.1 Summarize cloud-computing concepts.

Common cloud models
- Private cloud
- Public cloud
- Hybrid cloud
- Community cloud
- Infrastructure as a service (IaaS)
- Software as a service (SaaS)
- Platform as a service (PaaS)

Cloud characteristics
- Shared resources
- Metered utilization
- Rapid elasticity
- High availability
- File synchronization
Desktop virtualization
- Virtual desktop infrastructure (VDI) on premises
- VDI in the cloud

4.2 Summarize aspects of client-side virtualization.

Purpose of virtual machines
- Sandbox
- Test development
- Application virtualization
  - Legacy software/OS
  - Cross-platform virtualization
Resource requirements
Security requirements

5.0 Hardware and Network Troubleshooting

5.1 Given a scenario, apply the best practice methodology to resolve problems.

Always consider corporate policies, procedures, and impacts before implementing changes:

1. Identify the problem

Gather information from the user, identify user changes, and, if applicable, perform backups before making changes
Inquire regarding environmental or infrastructure changes

2. Establish a theory of probable cause (question the obvious)

If necessary, conduct external or internal research based on symptoms

3. Test the theory to determine the cause

Once the theory is confirmed, determine the next steps to resolve the problem
If the theory is not confirmed, re-establish a new theory or escalate

4.Establish a plan of action to resolve the problem and implement the solution

Refer to the vendor’s instructions for guidance

5.Verify full system functionality and, if applicable, implement preventive measures
6.Document the findings, actions, and outcomes

5.2 Given a scenario, troubleshoot problems related to motherboards, RAM, CPU, and power.

Common symptoms
- Power-on self-test (POST) beeps
- Proprietary crash screens (blue screen of death [BSOD]/pinwheel)
- Black screen
- No power
- Sluggish performance
- Overheating
- Burning smell
- Intermittent shutdown
- Application crashes
- Grinding noise
- Capacitor swelling
- Inaccurate system date/time

5.3 Given a scenario, troubleshoot and diagnose problems with storage drives and RAID arrays.

Common symptoms
- Light-emitting diode (LED) status indicators
- Grinding noises
- Clicking sounds
- Bootable device not found
- Data loss/corruption
- RAID failure
- Self-monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) failure
- Extended read/write times
- Input/output operations per second (IOPS)
- Missing drives in OS

5.4 Given a scenario, troubleshoot video, projector, and display issues.

Common symptoms
- Incorrect data source
- Physical cabling issues
- Burned-out bulb
- Fuzzy image
- Display burn-in
- Dead pixels
- Flashing screen
- Incorrect color display
- Audio issues
- Dim image
- Intermittent projector shutdown

5.5 Given a scenario, troubleshoot common issues with mobile devices.

Common symptoms
- Poor battery health
- Swollen battery
- Broken screen
- Improper charging
- Poor/no connectivity
- Liquid damage
- Overheating
- Digitizer issues
- Physically damaged ports
- Malware
- Cursor drift/touch calibration

5.6 Given a scenario, troubleshoot and resolve printer issues.

Common symptoms
- Lines down the printed pages
- Garbled print
- Toner not fusing to paper
- Paper jams
- Faded print
- Incorrect paper size
- Paper not feeding
- Multipage misfeed
- Multiple prints pending in queue
- Speckling on printed pages
- Double/echo images on the print
- Incorrect color settings
- Grinding noise
- Finishing issues
  - Staple jams
  - Hole punch
- Incorrect page orientation

5.7 Given a scenario, troubleshoot problems with wired and wireless networks.

Common symptoms
- Intermittent wireless connectivity
- Slow network speeds
- Limited connectivity
- Jitter
- Poor Voice over Internet Protocol (VoIP) quality
- Port flapping
- High latency
- External interference

Core 2

1.0 Operating Systems

1.1 Identify basic features of Microsoft Windows editions.

Windows 10 editions
- Home
- Pro
- Pro for Workstations
- Enterprise
Upgrade paths
- In-place upgrade

Feature differences
- Domain access vs. workgroup
- Desktop styles/user interface
- Availability of Remote Desktop Protocol (RDP)
- Random-access memory (RAM) support limitations
- BitLocker
- gpedit.msc

1.2 Given a scenario, use the appropriate Microsoft command-line tool.

Navigation
- cd
- dir
- md
- rmdir
- Drive navigation inputs:
  - C: or D: or x:

Command-line tools
- ipconfig
- ping
- hostname
- netstat
- nslookup
- chkdsk
- net user
- net use
- tracert
- format
- xcopy
- copy
- robocopy
- gpupdate
- gpresult
- shutdown
- sfc
- [command name] /?
- diskpart
- pathping
- winver

1.3 Given a scenario, use features and tools of the Microsoft Windows 10 operating system (OS).

Task Manager
- Services
- Startup
- Performance
- Processes
- Users

Microsoft Management Console (MMC) snap-in
- Event Viewer (eventvwr.msc)
- Disk Management (diskmgmt.msc)
- Task Scheduler (taskschd.msc)
- Device Manager (devmgmt.msc)
- Certificate Manager (certmgr.msc)
- Local Users and Groups (lusrmgr.msc)
- Performance Monitor (perfmon.msc)
- Group Policy Editor (gpedit.msc)

Additional tools
- System Information (msinfo32.exe)
- Resource Monitor (resmon.exe)
- System Configuration (msconfig.exe)
- Disk Cleanup (cleanmgr.exe)
- Disk Defragment (dfrgui.exe)
- Registry Editor (regedit.exe)

1.4 Given a scenario, use the appropriate Microsoft Windows 10 Control Panel utility.

Internet Options
Devices and Printers
Programs and Features
Network and Sharing Center
System
Windows Defender Firewall
Mail
Sound
User Accounts
Device Manager
Indexing Options
Administrative Tools
Ease of Access

File Explorer Options
- Show hidden files
- Hide extensions
- General options
- View options
Power Options
- Hibernate
- Power plans
- Sleep/suspend
- Standby
- Choose what closing the lid does
- Turn on fast startup
- Universal Serial Bus (USB) selective suspend

1.5 Given a scenario, use the appropriate Windows settings.

Time and Language
Update and Security
Personalization
Apps
Privacy

System
Devices
Network and Internet
Gaming
Accounts

1.6 Given a scenario, configure Microsoft Windows networking features on a client/desktop.

Workgroup vs. domain setup
- Shared resources
- Printers
- File servers
- Mapped drives
Client network configuration
- Internet Protocol (IP) addressing scheme
- Domain Name System (DNS) settings
- Subnet mask
- Gateway
- Static vs. dynamic

Establish network connections
- Virtual private network (VPN)
- Wireless
- Wired
- Wireless wide area network (WWAN)
Proxy settings
Public network vs. private network
File Explorer navigation – network paths
Metered connections and limitations
Local OS firewall settings
- Application restrictions and exceptions
- Configuration

1.7 Given a scenario, apply application installation and configuration concepts.

System requirements for applications
- 32-bit vs. 64-bit dependent application requirements
- Dedicated graphics card vs. integrated
- Video random-access memory (VRAM) requirements
- RAM requirements
- Central processing unit (CPU) requirements
- External hardware tokens
- Storage requirements

OS requirements for applications
- Application to OS compatibility
- 32-bit vs. 64-bit OS
Distribution methods
- Physical media vs. downloadable
- ISO mountable
Other considerations for new applications
- Impact to device
- Impact to network
- Impact to operation
- Impact to business

1.8 Explain common OS types and their purposes.

Workstation OSs
- Windows
- Linux
- macOS
- Chrome OS
Cell phone/tablet OSs
- iPadOS
- iOS
- Android

Various filesystem types
- New Technology File System (NTFS)
- File Allocation Table 32 (FAT32)
- Third extended filesystem (ext3)
- Fourth extended filesystem (ext4)
- Apple File System (APFS)
- Extensible File Allocation Table (exFAT)
Vendor life-cycle limitations
- End-of-life (EOL)
- Update limitations
Compatibility concerns between OSs

1.9 Given a scenario, perform OS installations and upgrades in a diverse OS environment.

Boot methods
- USB
- Optical media
- Network
- Solid-state/flash drives
- Internet-based
- External/hot-swappable drive
- Internal hard drive (partition)
Types of installations
- Upgrade
- Recovery partition
- Clean install
- Image deployment
- Repair installation
- Remote network installation
- Other considerations
  - Third-party drivers

Partitioning
- GUID [globally unique identifier] Partition Table (GPT)
- Master boot record (MBR)
Drive format
Upgrade considerations
- Backup files and user preferences
- Application and driver support/ backward compatibility
- Hardware compatibility
Feature updates
- Product life cycle

1.10 Identify common features and tools of the macOS/desktop OS.

Installation and uninstallation of applications
- File types
  - .dmg
  - .pkg
  - .app
- App Store
- Uninstallation process
Apple ID and corporate restrictions
Best practices
- Backups
- Antivirus
- Updates/patches
System Preferences
- Displays
- Networks
- Printers
- Scanners
- Privacy
- Accessibility
- Time Machine

Features
- Multiple desktops
- Mission Control
- Keychain
- Spotlight
- iCloud
- Gestures
- Finder
- Remote Disc
- Dock
Disk Utility
FileVault
Terminal
Force Quit

1.11 Identify common features and tools of the Linux client/desktop OS.

Common commands
- ls
- pwd
- mv
- cp
- rm
- chmod
- chown
- su/sudo
- apt-get
- yum
- ip
- df
- grep
- ps
- man
- top
- find
- dig
- cat
- nano

Best practices
- Backups
- Antivirus
- Updates/patches
Tools
- Shell/terminal
- Samba

2.0 Security

2.1 Summarize various security measures and their purposes.

Physical security
- Access control vestibule
- Badge reader
- Video surveillance
- Alarm systems
- Motion sensors
- Door locks
- Equipment locks
- Guards
- Bollards
- Fences
Physical security for staff
- Key fobs
- Smart cards
- Keys
- Biometrics
  - Retina scanner
  - Fingerprint scanner
  - Palmprint scanner
- Lighting
- Magnetometers

Logical security
- Principle of least privilege
- Access control lists (ACLs)
- Multifactor authentication (MFA)
- Email
- Hard token
- Soft token
- Short message service (SMS)
- Voice call
- Authenticator application
Mobile device management (MDM)
Active Directory
- Login script
- Domain
- Group Policy/updates
- Organizational units
- Home folder
- Folder redirection
- Security groups

2.2 Compare and contrast wireless security protocols and authentication methods.

Protocols and encryption
- WiFi Protected Access 2 (WPA2)
- WPA3
- Temporal Key Integrity Protocol (TKIP)
- Advanced Encryption Standard (AES)

Authentication
- Remote Authentication Dial-In User Service (RADIUS)
- Terminal Access Controller Access-Control System (TACACS+)
- Kerberos
- Multifactor

2.3 Given a scenario, detect, remove, and prevent malware using the appropriate tools and methods.

Malware
- Trojan
- Rootkit
- Virus
- Spyware
- Ransomware
- Keylogger
- Boot sector virus
- Cryptominers

Tools and methods
- Recovery mode
- Antivirus
- Anti-malware
- Software firewalls
- Anti-phishing training
- User education regarding common threats
- OS reinstallation

2.4 Explain common social-engineering attacks, threats, and vulnerabilities.

Social engineering
- Phishing
- Vishing
- Shoulder surfing
- Whaling
- Tailgating
- Impersonation
- Dumpster diving
- Evil twin

Threats
- Distributed denial of service (DDoS)
- Denial of service (DoS)
- Zero-day attack
- Spoofing
- On-path attack
- Brute-force attack
- Dictionary attack
- Insider threat
- Structured Query Language (SQL) injection
- Cross-site scripting (XSS)
Vulnerabilities
- Non-compliant systems
- Unpatched systems
- Unprotected systems (missing antivirus/missing firewall)
- EOL OSs
- Bring your own device (BYOD)

2.5 Given a scenario, manage and configure basic security settings in the Microsoft Windows OS.

Defender Antivirus
- Activate/deactivate
- Updated definitions
Firewall
- Activate/deactivate
- Port security
- Application security
Users and groups
- Local vs. Microsoft account
- Standard account
- Administrator
- Guest user
- Power user

Login OS options
- Username and password
- Personal identification number (PIN)
- Fingerprint
- Facial recognition
- Single sign-on (SSO)
NTFS vs. share permissions
- File and folder attributes
- Inheritance
Run as administrator vs. standard user
- User Account Control (UAC)
BitLocker
BitLocker To Go
Encrypting File System (EFS)

2.6 Given a scenario, configure a workstation to meet best practices for security.

Data-at-rest encryption
Password best practices
- Complexity requirements
  - Length
  - Character types
- Expiration requirements
- Basic input/output system (BIOS)/Unified Extensible Firmware Interface (UEFI) passwords
End-user best practices
- Use screensaver locks
- Log off when not in use
- Secure/protect critical hardware (e.g., laptops)
- Secure personally identifiable information (PII) and passwords

Account management
- Restrict user permissions
- Restrict login times
- Disable guest account
- Use failed attempts lockout
- Use timeout/screen lock
Change default administrator’s user account/password
Disable AutoRun
Disable AutoPlay

2.7 Explain common methods for securing mobile and embedded devices.

Screen locks
- Facial recognition
- PIN codes
- Fingerprint
- Pattern
- Swipe
Remote wipes
Locator applications
OS updates

Device encryption
Remote backup applications
Failed login attempts restrictions
Antivirus/anti-malware
Firewalls
Policies and procedures
- BYOD vs. corporate owned
- Profile security requirements
Internet of Things (IoT)

2.8 Given a scenario, use common data destruction and disposal methods

Physical destruction
- Drilling
- Shredding
- Degaussing
- Incinerating

Recycling or repurposing best practices
- Erasing/wiping
- Low-level formatting
- Standard formatting
Outsourcing concepts
- Third-party vendor
- Certification of destruction/ recycling

2.9 Given a scenario, configure appropriate security settings on small office/home office (SOHO) wireless and wired networks.

Home router settings
- Change default passwords
- IP filtering
- Firmware updates
- Content filtering
- Physical placement/secure locations
- Dynamic Host Configuration Protocol (DHCP) reservations
- Static wide-area network (WAN) IP
- Universal Plug and Play (UPnP)
- Screened subnet

Wireless specific
- Changing the service set identifier (SSID)
- Disabling SSID broadcast
- Encryption settings
- Disabling guest access
- Changing channels
Firewall settings
- Disabling unused ports
- Port forwarding/mapping

2.10 Given a scenario, install and configure browsers and relevant security settings.

Browser download/installation
- Trusted sources
  - Hashing
- Untrusted sources
Extensions and plug-ins
- Trusted sources
- Untrusted sources
Password managers

Secure connections/sites – valid certificates
Settings
- Pop-up blocker
- Clearing browsing data
- Clearing cache
- Private-browsing mode
- Sign-in/browser data synchronization
- Ad blockers

3.0 Software Troubleshooting

3.1 Given a scenario, troubleshoot common Windows OS problems.

Common symptoms
- Blue screen of death (BSOD)
- Sluggish performance
- Boot problems
- Frequent shutdowns
- Services not starting
- Applications crashing
- Low memory warnings
- USB controller resource warnings
- System instability
- No OS found
- Slow profile load
- Time drift

Common troubleshooting steps
- Reboot
- Restart services
- Uninstall/reinstall/update applications
- Add resources
- Verify requirements
- System file check
- Repair Windows
- Restore
- Reimage
- Roll back updates
- Rebuild Windows profiles

3.2 Given a scenario, troubleshoot common personal computer (PC) security issues.

Common symptoms
- Unable to access the network
- Desktop alerts
- False alerts regarding antivirus protection
- Altered system or personal files
  - Missing/renamed files
- Unwanted notifications within the OS
- OS update failures
Browser-related symptoms
- Random/frequent pop-ups
- Certificate warnings
- Redirection

3.3 Given a scenario, use best practice procedures for malware removal.

Investigate and verify malware symptoms
Quarantine infected systems
Disable System Restore in Windows
Remediate infected systems
1. Update anti-malware software
2. Scanning and removal techniques (e.g., safe mode, preinstallation environment)
Schedule scans and run updates
Enable System Restore and create a restore point in Windows
Educate the end user

3.4 Given a scenario, troubleshoot common mobile OS and application issues.

Common symptoms
- Application fails to launch
- Application fails to close/crashes
- Application fails to update
- Slow to respond
- OS fails to update
- Battery life issues
- Randomly reboots
- Connectivity issues
  - Bluetooth
  - WiFi
  - Near-field communication (NFC)
  - AirDrop
- Screen does not autorotate

3.5 Given a scenario, troubleshoot common mobile OS and application security issues.

Security concerns
- Android package (APK) source
- Developer mode
- Root access/jailbreak
- Bootleg/malicious application
  - Application spoofing

Common symptoms
- High network traffic
- Sluggish response time
- Data-usage limit notification
- Limited Internet connectivity
- No Internet connectivity
- High number of ads
- Fake security warnings
- Unexpected application behavior
- Leaked personal files/data

4.0 Operational Procedures

4.1 Given a scenario, implement best practices associated with documentation and support systems information management.

Ticketing systems
- User information
- Device information
- Description of problems
- Categories
- Severity
- Escalation levels
- Clear, concise written communication
  - Problem description
  - Progress notes
  - Problem resolution
Asset management
- Inventory lists
- Database system
- Asset tags and IDs
- Procurement life cycle
- Warranty and licensing
- Assigned users

Types of documents
- Acceptable use policy (AUP)
- Network topology diagram
- Regulatory compliance requirements
  - Splash screens
- Incident reports
- Standard operating procedures
  - Procedures for custom installation of software package
- New-user setup checklist
- End-user termination checklist
Knowledge base/articles

4.2 Explain basic change-management best practices.

Documented business processes
- Rollback plan
- Sandbox testing
- Responsible staff member

Change management
- Request forms
- Purpose of the change
- Scope of the change
- Date and time of the change
- Affected systems/impact
- Risk analysis
  - Risk level
- Change board approvals
- End-user acceptance

4.3 Given a scenario, implement workstation backup and recovery methods.

Backup and recovery
- Full
- Incremental
- Differential
- Synthetic

Backup testing
- Frequency
Backup rotation schemes
- On site vs. off site
- Grandfather-father-son (GFS)
- 3-2-1 backup rule

4.4 Given a scenario, use common safety procedures.

Electrostatic discharge (ESD) straps
ESD mats
Equipment grounding
Proper power handling
Proper component handling and storage
Antistatic bags
Compliance with government regulations

Personal safety
- Disconnect power before repairing PC
- Lifting techniques
- Electrical fire safety
- Safety goggles
- Air filtration mask

4.5 Summarize environmental impacts and local environmental controls.

Material safety data sheet (MSDS)/documentation for handling and disposal
- Proper battery disposal
- Proper toner disposal
- Proper disposal of other devices and assets
Temperature, humidity-level awareness, and proper ventilation
- Location/equipment placement
- Dust cleanup
- Compressed air/vacuums
Power surges, under-voltage events, and power failures
- Battery backup
- Surge suppressor

4.6 Explain the importance of prohibited content/activity and privacy, licensing, and policy concepts.

Incident response
- Chain of custody
- Inform management/law enforcement as necessary
- Copy of drive (data integrity and preservation)
- Documentation of incident

Licensing/digital rights management (DRM)/end-user license agreement (EULA)
- Valid licenses
- Non-expired licenses
- Personal use license vs. corporate use license
- Open-source license
Regulated data
- Credit card transactions
- Personal government-issued information
- PII
- Healthcare data
- Data retention requirements

4.7 Given a scenario, use proper communication techniques and professionalism.

Professional appearance and attire
- Match the required attire of the given environment
  - Formal
  - Business casual
Use proper language and avoid jargon, acronyms, and slang, when applicable
Maintain a positive attitude/ project confidence
Actively listen, take notes, and avoid interrupting the customer
Be culturally sensitive
- Use appropriate professional titles, when applicable
Be on time (if late, contact the customer)
Avoid distractions
- Personal calls
- Texting/social media sites
- Personal interruptions

Dealing with difficult customers or situations
- Do not argue with customers or be defensive
- Avoid dismissing customer problems
- Avoid being judgmental
- Clarify customer statements (ask open-ended questions to narrow the scope of the problem, restate the issue, or question to verify understanding)
- Do not disclose experience via social media outlets
Set and meet expectations/time line and communicate status with the customer
- Offer repair/replacement options, as needed
- Provide proper documentation on the services provided
- Follow up with customer/user at a later date to verify satisfaction
Deal appropriately with customers’ confidential and private materials
- Located on a computer, desktop, printer, etc.

4.8 Identify the basics of scripting.

Script file types
- .bat
- .ps1
- .vbs
- .sh
- .js
- .py
Use cases for scripting
- Basic automation
- Restarting machines
- Remapping network drives
- Installation of applications
- Automated backups
- Gathering of information/data
- Initiating updates
Other considerations when using scripts
- Unintentionally introducing malware
- Inadvertently changing system settings
- Browser or system crashes due to mishandling of resources

4.9 Given a scenario, use remote access technologies.

Methods/tools
- RDP
- VPN
- Virtual network computer (VNC)
- Secure Shell (SSH)
- Remote monitoring and management (RMM)
- Microsoft Remote Assistance (MSRA)
- Third-party tools
  - Screen-sharing software
  - Video-conferencing software
  - File transfer software
  - Desktop management software
Security considerations of each access method

Network+

1.0 Networking Concepts

1.1 Explain concepts related to the Open Systems Interconnection (OSI) reference model.

1.2 Compare and contrast networking appliances, applications, and functions.

Physical and virtual appliances
- Router
- Switch
- Firewall
- Intrusion detection system (IDS)/intrusion prevention system (IPS)
- Load balancer
- Proxy
- Network-attached storage (NAS)
- Storage area network (SAN)
- Wireless
  - Access point (AP)
  - Controller

Applications
- Content delivery network (CDN)
Functions
- Virtual private network (VPN)
- Quality of service (QoS)
- Time to live (TTL)

1.3 Summarize cloud concepts and connectivity options.

Network functions virtualization (NFV)
Virtual private cloud (VPC)
Network security groups
Network security lists
Cloud gateways
- Internet gateway
- Network address translation (NAT) gateway
Cloud connectivity options
- VPN
- Direct Connect

Deployment models
- Public
- Private
- Hybrid
Service models
- Software as a service (SaaS)
- Infrastructure as a service (IaaS)
- Platform as a service (PaaS)
Scalability
Elasticity
Multitenancy

1.4 Explain common networking ports, protocols, services, and traffic types.

See Quizlet.
Protocols	Ports
File Transfer Protocol (FTP)	20/21
Secure File Transfer Protocol (SFTP)	22
Secure Shell (SSH)	22
Telnet	23
Simple Mail Transfer Protocol (SMTP)	25
Domain Name System (DNS)	53
Dynamic Host Configuration Protocol (DHCP)	67/68
Trivial File Transfer Protocol (TFTP)	69
Hypertext Transfer Protocol (HTTP)	80
Network Time Protocol (NTP)	123
Simple Network Management Protocol (SNMP)	161/162
Lightweight Directory Access Protocol (LDAP)	389
Hypertext Transfer Protocol Secure (HTTPS)	443
Server Message Block (SMB)	445
Syslog	514
Simple Mail Transfer Protocol Secure (SMTPS)	587
Lightweight Directory Access Protocol over SSL (LDAPS)	636
Structured Query Language (SQL) Server	1433
Remote Desktop Protocol (RDP)	3389
Session Initiation Protocol (SIP)	5060/5061

Internet Protocol (IP) types
- Internet Control Message Protocol (ICMP)
- Transmission Control Protocol (TCP)
- User Datagram Protocol (UDP)
- Generic Routing Encapsulation (GRE)
- Internet Protocol Security (IPSec)
  - Authentication Header (AH)
  - Encapsulating Security Payload (ESP)
  - Internet Key Exchange (IKE)
Traffic types
- Unicast
- Multicast
- Anycast
- Broadcast

1.5 Compare and contrast transmission media and transceivers.

Wireless
- 802.11 standards
- Cellular
- Satellite
Wired
- 802.3 standards
- Single-mode vs. multimode fiber
- Direct attach copper (DAC) cable
  - Twinaxial cable
- Coaxial cable
- Cable speeds
- Plenum vs. non-plenum cable

Transceivers
- Protocol
  - Ethernet
  - Fibre Channel (FC)
- Form factors
  - Small form-factor pluggable (SFP)
  - Quad small form-factor pluggable (QSFP)
Connector types
- Subscriber connector (SC)
- Local connector (LC)
- Straight tip (ST)
- Multi-fiber push on (MPO)
- Registered jack (RJ)11
- RJ45
- F-type
- Bayonet Neill–Concelman (BNC)

1.6 Compare and contrast network topologies, architectures, and types.

Three-tier hierarchical model
- Core
- Distribution
- Access
Collapsed core
Traffic flows
- North-south
- East-west

1.7 Given a scenario, use appropriate IPv4 network addressing.

Public vs. private
- Automatic Private IP Addressing (APIPA)
- RFC1918
- Loopback/localhost
Subnetting
- Variable Length Subnet Mask (VLSM)
- Classless Inter-domain Routing (CIDR)

IPv4 address classes
- Class A
- Class B
- Class C
- Class D
- Class E

1.8 Summarize evolving use cases for modern network environments

Software-defined network (SDN) and software-defined wide area network (SD-WAN)
- Application aware
- Zero-touch provisioning
- Transport agnostic
- Central policy management
Virtual Extensible Local Area Network (VXLAN)
- Data center interconnect (DCI)
- Layer 2 encapsulation
Zero trust architecture (ZTA)
- Policy-based authentication
- Authorization
- Least privilege access
Secure Access Secure Edge (SASE)/Security Service Edge (SSE)

Infrastructure as code (IaC)
- Automation
  - Playbooks/templates/reusable tasks
  - Configuration drift/compliance
  - Upgrades
  - Dynamic inventories
- Source control
  - Version control
  - Central repository
  - Conflict identification
  - Branching
IPv6 addressing
- Mitigating address exhaustion
- Compatibility requirements
  - Tunneling
  - Dual stack
  - NAT64

2.0 Network Implementation

2.1 Explain characteristics of routing technologies.

Static routing
Dynamic routing
- Border Gateway Protocol (BGP)
- Enhanced Interior Gateway Routing Protocol (EIGRP)
- Open Shortest Path First (OSPF)
Route selection
- Administrative distance
- Prefix length
- Metric

Address translation
- NAT
- Port address translation (PAT)
First Hop Redundancy Protocol (FHRP)
Virtual IP (VIP)
Subinterfaces

2.2 Given a scenario, configure switching technologies and features.

Virtual Local Area Network (VLAN)
- VLAN database
- Switch Virtual Interface (SVI)
Spanning tree
Maximum transmission unit (MTU)
- Jumbo frames

Interface configuration
- Native VLAN
- Voice VLAN
- 802.1Q tagging
- Link aggregation
- Speed
- Duplex

2.3 Given a scenario, select and configure wireless devices and technologies.

Channels
- Channel width
- Non-overlapping channels
- Regulatory impacts
  - 802.11h
Frequency options
- 2.4GHz
- 5GHz
- 6GHz
- Band steering

Service set identifier (SSID)
- Basic service set identifier (BSSID)
- Extended service set identifier (ESSID)

Network types
- Mesh networks
- Ad hoc
- Point to point
- Infrastructure
Encryption
- Wi-Fi Protected Access 2 (WPA2)
- WPA3
Guest networks
- Captive portals
Authentication
- Pre-shared key (PSK) vs. Enterprise
Antennas
- Omnidirectional vs. directional
Autonomous vs. lightweight access point

2.4 Explain important factors of physical installations.

Important installation implications
- Locations
  - Intermediate distribution frame (IDF)
  - Main distribution frame (MDF)
- Rack size
- Port-side exhaust/intake
- Cabling
  - Patch panel
  - Fiber distribution panel
- Lockable

Power
- Uninterruptible power supply (UPS)
- Power distribution unit (PDU)
- Power load
- Voltage
Environmental factors
- Humidity
- Fire suppression
- Temperature

3.0 Network Operations

3.1 Explain the purpose of organizational processes and procedures.

Documentation
- Physical vs. logical diagrams
- Rack diagrams
- Cable maps and diagrams
- Network diagrams
  - Layer 1
  - Layer 2
  - Layer 3
- Asset inventory
  - Hardware
  - Software
  - Licensing
  - Warranty support
- IP address management (IPAM)
- Service-level agreement (SLA)
- Wireless survey/heat map

Life-cycle management
- End-of-life (EOL)
- End-of-support (EOS)
- Software management
  - Patches and bug fixes
  - Operating system (OS)
  - Firmware
- Decommissioning
Change management
- Request process tracking/service request
Configuration management
- Production configuration
- Backup configuration
- Baseline/golden configuration

3.2 Given a scenario, use network monitoring technologies.

Methods
- SNMP
  - Traps
  - Management information base (MIB)
  - Versions
  - v2c
  - v3
  - Community strings
  - Authentication
- Flow data
- Packet capture
- Baseline metrics
  - Anomaly alerting/notification
- Log aggregation
  - Syslog collector
  - Security information and event management (SIEM)
- Application programming interface (API) integration
- Port mirroring

Solutions
- Network discovery
  - Ad hoc
  - Scheduled
- Traffic analysis
- Performance monitoring
- Availability monitoring
- Configuration monitoring

3.3 Explain disaster recovery (DR) concepts.

DR metrics
- Recovery point objective (RPO)
- Recovery time objective (RTO)
- Mean time to repair (MTTR)
- Mean time between failures (MTBF)
DR sites

High-availability approaches
- Active-active
- Active-passive
Testing
- Tabletop exercises
- Validation tests

3.4 Given a scenario, implement IPv4 and IPv6 network services.

Dynamic addressing
- DHCP
  - Reservations
  - Scope
  - Lease time
  - Options
  - Relay/IP helper
  - Exclusions
- Stateless address autoconfiguration (SLAAC)
Time protocols
- NTP
- Precision Time Protocol (PTP)
- Network Time Security (NTS)

Name resolution
- DNS
  - DNS Security Extensions (DNSSEC)
  - DNS over HTTPS (DoH) and DNS over TLS (DoT)
  - Record types
  - Address (A)
  - AAAA
  - Canonical name (CNAME)
  - Mail exchange (MX)
  - Text (TXT)
  - Nameserver (NS)
  - Pointer (PTR)
  - Zone types
  - Forward
  - Reverse
  - Authoritative vs. non-authoritative
  - Primary vs. secondary
  - Recursive
- Hosts file

3.5 Compare and contrast network access and management methods.

Site-to-site VPN
Client-to-site VPN
- Clientless
- Split tunnel vs. full tunnel
Connection methods
- SSH
- Graphical user interface (GUI)
- API
- Console
Jump box/host
In-band vs. out-of-band management

4.0 Network Security

4.1 Explain the importance of basic network security concepts.

Logical security
- Encryption
  - Data in transit
  - Data at rest
- Certificates
  - Public key infrastructure (PKI)
  - Self-signed
- Identity and access management (IAM)
  - Authentication
  - Multifactor authentication (MFA)
  - Single sign-on (SSO)
  - Remote Authentication Dial-in User Service (RADIUS)
  - LDAP
  - Security Assertion Markup Language (SAML)
  - Terminal Access Controller Access Control System Plus (TACACS+)
  - Time-based authentication
  - Authorization
  - Least privilege
  - Role-based access control
- Geofencing

Physical security
- Camera
- Locks
Deception technologies
- Honeypot
- Honeynet
Common security terminology
Audits and regulatory compliance
- Data locality
- Payment Card Industry Data Security Standards (PCI DSS)
- General Data Protection Regulation (GDPR)
Network segmentation enforcement
- Internet of Things (IoT) and Industrial Internet of Things (IIoT)
- Supervisory control and data acquisition (SCADA), industrial control system (ICS), operational technology (OT)
- Guest
- Bring your own device (BYOD)

4.2 Summarize various types of attacks and their impact to the network.

Denial-of-service (DoS)/distributed denial-of-service (DDoS)
VLAN hopping
Media Access Control (MAC) flooding
Address Resolution Protocol (ARP) poisoning
ARP spoofing
DNS poisoning
DNS spoofing

4.3 Given a scenario, apply network security features, defense techniques, and solutions.

Device hardening
- Disable unused ports and services
- Change default passwords
Network access control (NAC)

Key management
Security rules
- Access control list (ACL)
- Uniform Resource Locator (URL) filtering
- Content filtering
Zones
- Trusted vs. untrusted
- Screened subnet

5.0 Network Troubleshooting

5.1 Explain the troubleshooting methodology.

1. Identify the problem

Gather information
Question users
Identify symptoms
Determine if anything has changed
Duplicate the problem, if possible
Approach multiple problems individually

2. Establish a theory of probable cause

Question the obvious
Consider multiple approaches
- Top-to-bottom/bottom-to-top OSI model
- Divide and conquer

3. Test the theory to determine the cause

If theory is confirmed, determine next steps to resolve problem
If theory is not confirmed, establish a new theory or escalate

4. Establish a plan of action to resolve the problem and identify potential effects

5. Implement the solution or escalate as necessary

6. Verify full system functionality and implement preventive measures if applicable

7. Document findings, actions, outcomes, and lessons learned throughout the process

5.2 Given a scenario, troubleshoot common cabling and physical interface issues.

Cable issues
- Incorrect cable
  - Single mode vs. multimode
  - Category 5/6/7/8
  - Shielded twisted pair (STP) vs. unshielded twisted pair (UTP)
- Signal degradation
  - Crosstalk
  - Interference
  - Attenuation
- Improper termination
- Transmitter (TX)/Receiver (RX) transposed

Interface issues
- Increasing interface counters
  - Cyclic redundancy check (CRC)
  - Runts
  - Giants
  - Drops
- Port status
  - Error disabled
  - Administratively down
  - Suspended
Hardware issues
- Power over Ethernet (PoE)
  - Power budget exceeded
  - Incorrect standard
- Transceivers
  - Mismatch
  - Signal strength

5.3 Given a scenario, troubleshoot common issues with network services.

Switching issues
- STP
  - Network loops
  - Root bridge selection
  - Port roles
  - Port states
- Incorrect VLAN assignment
- ACLs

Route selection
- Routing table
- Default routes
Address pool exhaustion
Incorrect default gateway
Incorrect IP address
- Duplicate IP address
Incorrect subnet mask

5.4 Given a scenario, troubleshoot common performance issues.

Wireless
- Interference
  - Channel overlap
- Signal degradation or loss
- Insufficient wireless coverage
- Client disassociation issues
- Roaming misconfiguration

5.5 Given a scenario, use the appropriate tool or protocol to solve networking issues.

Software tools
- Protocol analyzer
- Command line
  - ping
  - traceroute/tracert
  - nslookup
  - tcpdump
  - dig
  - netstat
  - ip/ifconfig/ipconfig
  - arp
- Nmap
- Link Layer Discovery Protocol (LLDP)/Cisco Discovery Protocol (CDP)
- Speed tester

Hardware tools
- Toner
- Cable tester
- Taps
- Wi-Fi analyzer
- Visual fault locator
Basic networking device commands
- show mac-address-table
- show route
- show interface
- show config
- show arp
- show vlan
- show power

Security+

1.0 General Security Concepts

1.1 Compare and contrast various types of security controls

Security control
Control categories
- Technical
- Managerial
- Operational
- Physical

Control types
- Preventive
- Deterrent
- Detective
- Corrective
- Compensating
- Directive

1.2 Summarize fundamental security concepts

Confidentiality, Integrity, and Availability (CIA)
Non-repudiation
Authentication, Authorization, and Accounting (AAA)
- Authenticating people
- Authenticating systems
- Authorization models
Gap analysis
Zero Trust
- Control Plane
  - Adaptive identity
  - Threat scope reduction
  - Policy-driven access control
  - Policy Administrator
  - Policy Engine
- Data Plane
  - Implicit trust zones
  - Subject/System
  - Policy Enforcement Point

Physical security
- Bollards
- Access control vestibule
- Fencing
- Video surveillance
- Security guard
- Access badge
- Lighting
- Sensors
  - List of sensors
  - Infrared
  - Pressure
  - Microwave
  - Ultrasonic
Deception and disruption technology
- Honeypot
- Honeynet
- Honeyfile
- Honeytoken

1.3 Explain the importance of change management processes and the impact to security.

Business processes impacting security operation
- Approval process
- Ownership
- Stakeholders
- Impact analysis
- Test results
- Backout plan
- Maintenance window
- Standard operating procedure

Technical implications
- Allow lists/deny lists
- Restricted activities
- Downtime
- Service restart
- Application restart
- Legacy applications
- Dependencies
Documentation
- Updating diagrams
- Updating policies/procedures
Version control

1.4 Explain the importance of using appropriate cryptographic solutions.

Public key infrastructure (PKI)
- Public key
- Private key
- Key escrow
Encryption
- Level
  - Full-disk
  - Partition
  - File
  - Volume
  - Database
  - Record
- Transport/communication
- Asymmetric
- Symmetric
- Key exchange
- Algorithms
- Key length

Tools
- Trusted Platform Module (TPM)
- Hardware security module (HSM)
- Key management system
- Secure enclave
Obfuscation
- Steganography
- Tokenization
- Data masking
Hashing
Salting
Digital signatures
Key stretching
Blockchain
Open public ledger
Certificates
- Certificate authorities
- Certificate revocation lists (CRLs)
- Online Certificate Status Protocol (OCSP)
- Self-signed
- Third-party
- Root of trust
- Certificate signing request (CSR) generation
- Wildcard

2.0 Threats, Vulnerabilities, and Mitigations

2.1 Compare and contrast common threat actors and motivations.

Threat actors
- Nation-state
- Unskilled attacker
- Hacktivist
- Insider threat
- Organized crime
- Shadow IT
Attributes of actors
- Internal/external
- Resources/funding
- Level of sophistication/capability

Motivations
- Data exfiltration
- Espionage
- Service disruption
- Blackmail
- Financial gain
- Philosophical/political beliefs
- Ethical
- Revenge
- Disruption/chaos
- War

2.2 Explain common threat vectors and attack surfaces.

Message-based
- Email
- Short Message Service (SMS)
- Instant messaging (IM)
Image-based
File-based
Voice call
Removable device
Vulnerable software
- Client-based vs. agentless
Unsupported systems and applications
Unsecure networks
- Wireless
- Wired
- Bluetooth
Open service ports

Default credentials
Supply chain
- Managed service providers (MSPs)
- Vendors
- Suppliers
Human vectors/social engineering
- Phishing
- Vishing
- Smishing
- Misinformation/disinformation
- Impersonation
- Business email compromise
- Pretexting
- Watering hole
- Brand impersonation
- Typosquatting

2.3 Explain various types of vulnerabilities.

Application
- Memory injection
- Buffer overflow
- Race conditions
  - Time-of-check (TOC)
  - Time-of-use (TOU)
- Malicious update
Operating system (OS)-based
Web-based
- Structured Query Language injection (SQLi)
- Cross-site scripting (XSS)
Hardware
- Firmware
- End-of-life
- Legacy

Virtualization
- Virtual machine (VM) escape
- Resource reuse
Cloud-specific
Supply chain
- Service provider
- Hardware provider
- Software provider
Cryptographic
Misconfiguration
Mobile device
- Side loading
- Jailbreaking
Zero-day

2.4 Given a scenario, analyze indicators of malicious activity.

Malware attacks
- Ransomware
- Trojan
- Worm
- Spyware
- Bloatware
- Virus
- Keylogger
- Logic bomb
- Rootkit
Physical attacks
- Brute force
- Radio frequency identification (RFID) cloning
- Environmental
Network attacks
- Distributed denial-of-service (DDoS)
  - Amplified
  - Reflected
- Domain Name System (DNS) attacks
- Wireless
- On-path
- Credential replay
- Malicious code

Application attacks
- Injection
- Buffer overflow
- Replay
- Privilege escalation
- Forgery
- Directory traversal
Cryptographic attacks
- Downgrade
- Collision
- Birthday
Password attacks
- Spraying
- Brute force
Indicators
- Account lockout
- Concurrent session usage
- Blocked content
- Impossible travel
- Resource consumption
- Resource inaccessibility
- Out-of-cycle logging
- Published/documented
- Missing logs

2.5 Explain the purpose of mitigation techniques used to secure the enterprise.

Segmentation
Access control
- Access control list (ACL)
- Permissions
Application allow list
Isolation
Patching
Encryption
Monitoring
Least privilege

Configuration enforcement
Decommissioning
Hardening techniques
- Encryption
- Installation of endpoint protection
- Host-based firewall
- Host-based intrusion prevention system (HIPS)
- Disabling ports/protocols
- Default password changes
- Removal of unnecessary software

3.0 Security Architecture

3.1 Compare and contrast security implications of different architecture models.

Architecture and infrastructure concepts
- Cloud
  - Responsibility matrix
  - Hybrid considerations
  - Third-party vendors
- Infrastructure as code (IaC)
- Serverless
- Microservices
- Network infrastructure
  - Physical isolation
    - Air-gapped
  - Logical segmentation
  - Software-defined networking (SDN)
- On-premises
- Centralized vs. decentralized
- Containerization
- Virtualization
- IoT
- Industrial control systems (ICS)/ supervisory control and data acquisition (SCADA)
- Real-time operating system (RTOS)
- Embedded systems
- High availability

Considerations
- Availability
- Resilience
- Cost
- Responsiveness
- Scalability
- Ease of deployment
- Risk transference
- Ease of recovery
- Patch availability
- Inability to patch
- Power
- Compute

3.2 Given a scenario, apply security principles to secure enterprise infrastructure.

Infrastructure considerations
- Device placement
- Security zones
- Attack surface
- Connectivity
- Failure modes
  - Fail-open
  - Fail-closed
- Device attribute
  - Active vs. passive
  - Inline vs. tap/monitor
- Network appliances
  - Jump server
  - Proxy server
  - Intrusion prevention system (IPS)/intrusion detection system (IDS)
  - Load balancer
  - Sensors
- Port security
  - 802.1X
  - Extensible Authentication Protocol (EAP)
- Firewall types
  - Web application firewall (WAF)
  - Unified threat management (UTM)
  - Next-generation firewall (NGFW)
  - Layer 4/Layer 7

Secure communication/access
- Virtual private network (VPN)
- Remote access
- Tunneling
  - Transport Layer Security (TLS)
  - Internet protocol security (IPSec)
- Software-defined wide area network (SD-WAN)
- Secure access service edge (SASE)
Selection of effective controls

3.3 Compare and contrast concepts and strategies to protect data.

Data types
- Regulated
- Trade secret
- Intellectual property
- Legal information
- Financial information
- Human- and non-human-readable
Data classifications
- Sensitive
- Confidential
- Public
- Restricted
- Private
- Critical

General data considerations
- Data states
  - Data at rest
  - Data in transit
  - Data in use
- Data sovereignty
- Geolocation
Methods to secure data
- Geographic restrictions
- Encryption
- Hashing
- Masking
- Tokenization
- Obfuscation
- Segmentation
- Permission restrictions

3.4 Explain the importance of resilience and recovery in security architecture.

High availability
- Load balancing vs. clustering
Site considerations
- Hot
- Cold
- Warm
- Geographic dispersion
Platform diversity
Multi-cloud systems
Continuity of operations
Capacity planning
- People
- Technology
- Infrastructure

Testing
- Tabletop exercises
- Fail over
- Simulation
- Parallel processing
Backups
- Onsite/offsite
- Frequency
- Encryption
- Snapshots
- Recovery
- Replication
- Journaling
Power
- Generators
- Uninterruptible power supply (UPS)

4.0 Security Operations

4.1 Given a scenario, apply common security techniques to computing resources.

Secure baselines
- Establish
- Deploy
- Maintain
Hardening targets
- Mobile devices
- Workstations
- Switches
- Routers
- Cloud infrastructure
- Servers
- ICS/SCADA
- Embedded systems
- RTOS
- IoT devices
Wireless devices
- Installation considerations
  - Site surveys
  - Heat maps

Mobile solutions
- Mobile device management (MDM)
- Deployment models
  - Bring your own device (BYOD)
  - Corporate-owned, personally enabled (COPE)
  - Choose your own device (CYOD)
- Connection methods
  - Cellular
  - Wi-Fi
  - Bluetooth
Wireless security settings
- Wi-Fi Protected Access 3 (WPA3)
- AAA/Remote Authentication Dial-In User Service (RADIUS)
- Cryptographic protocols
- Authentication protocols
Application security
- Input validation
- Secure cookies
- Static code analysis
- Code signing
Sandboxing
Monitoring

4.2 Explain the security implications of proper hardware, software, and data asset management.

Acquisition/procurement process
Assignment/accounting
- Ownership
- Classification
Monitoring/asset tracking
- Inventory
- Enumeration

Disposal/decommissioning
- Sanitization
- Destruction
- Certification
- Data retention

4.3 Explain various activities associated with vulnerability management.

Identification methods
- Vulnerability scan
- Application security
  - Static analysis
  - Dynamic analysis
  - Package monitoring
- Threat feed
  - Open-source intelligence (OSINT)
  - Proprietary/third-party
  - Information-sharing organization
  - Dark web
- Penetration testing
- Responsible disclosure program
  - Bug bounty program
- System/process audit

Analysis
- Confirmation
  - False positive
  - False negative
- Prioritize
- Common Vulnerability Scoring System (CVSS)
- Common Vulnerability Enumeration (CVE)
- Vulnerability classification
- Exposure factor
- Environmental variables
- Industry/organizational impact
- Risk tolerance
Vulnerability response and remediation
- Patching
- Insurance
- Segmentation
- Compensating controls
- Exceptions and exemptions
Validation of remediation
- Rescanning
- Audit
- Verification
Reporting

4.4 Explain security alerting and monitoring concepts and tools.

Monitoring computing resources
- Systems
- Applications
- Infrastructure
Activities
- Log aggregation
- Alerting
- Scanning
- Reporting
- Archiving
- Alert response and remediation/validation
  - Quarantine
  - Alert tuning

Tools
- Security Content Automation Protocol (SCAP)
- Benchmarks
- Agents/agentless
- Security information and event management (SIEM)
- Antivirus
- Data loss prevention (DLP)
- Simple Network Management Protocol (SNMP) traps
- NetFlow
- Vulnerability scanners

4.5 Given a scenario, modify enterprise capabilities to enhance security.

Firewall
- Rules
- Access lists
- Ports/protocols
- Screened subnets
IDS/IPS
- Trends
- Signatures
Web filter
- Agent-based
- Centralized proxy
- Universal Resource Locator (URL) scanning
- Content categorization
- Block rules
- Reputation
Operating system security
- Group Policy
- SELinux

Implementation of secure protocols
- Protocol selection
- Port selection
- Transport method
DNS filtering
Email security
- Domain-based Message Authentication Reporting and Conformance (DMARC)
- DomainKeys Identified Mail (DKIM)
- Sender Policy Framework (SPF)
- Gateway
File integrity monitoring
DLP
Network access control (NAC)
Endpoint detection and response (EDR)/extended detection and response (XDR)
User behavior analytics

4.6 Given a scenario, implement and maintain identity and access management.

Provisioning/de-provisioning user accounts
Permission assignments and implications
Identity proofing
Federation
Single sign-on (SSO)
- Lightweight Directory Access Protocol (LDAP)
- Open authorization (OAuth)
- Security Assertions Markup Language (SAML)
Interoperability
Attestation
Access controls
- Mandatory
- Discretionary
- Role-based
- Rule-based
- Attribute-based
- Time-of-day restrictions
- Least privilege

Multifactor authentication
- Implementations
  - Biometrics
  - Hard/soft authentication tokens
  - Security keys
- Factors
  - Something you know
  - Something you have
  - Something you are
  - Somewhere you are
Password concepts
- Password best practices
  - Length
  - Complexity
  - Reuse
  - Expiration
  - Age
- Password managers
- Passwordless
Privileged access management tools
- Just-in-time permissions
- Password vaulting
- Ephemeral credentials

4.7 Explain the importance of automation and orchestration related to secure operations.

Use cases of automation and scripting
- User provisioning
- Resource provisioning
- Guard rails
- Security groups
- Ticket creation
- Escalation
- Enabling/disabling services and access
- Continuous integration and testing
- Integrations and Application programming interfaces (APIs)

Benefits
- Efficiency/time saving
- Enforcing baselines
- Standard infrastructure configurations
- Scaling in a secure manner
- Employee retention
- Reaction time
- Workforce multiplier
Other considerations
- Complexity
- Cost
- Single point of failure
- Technical debt
- Ongoing supportability

4.8 Explain appropriate incident response activities.

Process
- Preparation
- Detection
- Analysis
- Containment
- Eradication
- Recovery
- Lessons learned
Training
Testing
- Tabletop exercise
- Simulation

Root cause analysis
Threat hunting
Digital forensics
- Legal hold
- Chain of custody
- Acquisition
- Reporting
- Preservation
- E-discovery

4.9 Given a scenario, use data sources to support an investigation

Log data
- Firewall logs
- Application logs
- Endpoint logs
- OS-specific security logs
- IPS/IDS logs
- Network logs
- Metadata

Data sources
- Vulnerability scans
- Automated reports
- Dashboards
- Packet captures

5.0 Security Program Management and Oversight

5.1 Summarize elements of effective security governance.

Guidelines
Policies
- Acceptable use policy (AUP)
- Information security policies
- Business continuity
- Disaster recovery
- Incident response
- Software development lifecycle (SDLC)
- Change management
Standards
- Password
- Access control
- Physical security
- Encryption
Procedures
- Change management
- Onboarding/offboarding
- Playbooks

External considerations
- Regulatory
- Legal
- Industry
- Local/regional
- National
- Global
Monitoring and revision
Types of governance structures
- Boards
- Committees
- Government entities
- Centralized/decentralized
Roles and responsibilities for systems and data
- Owners
- Controllers
- Processors
- Custodians/stewards

5.2 Explain elements of the risk management process

Risk identification
Risk assessment
- Ad hoc
- Recurring
- One-time
- Continuous
Risk analysis
- Qualitative
- Quantitative
- Single loss expectancy (SLE)
- Annualized loss expectancy (ALE)
- Annualized rate of occurrence (ARO)
- Probability
- Likelihood
- Exposure factor
- Impact
Risk register
- Key risk indicators
- Risk owners
- Risk threshold

Risk tolerance
Risk appetite
- Expansionary
- Conservative
- Neutral
Risk management strategies
- Transfer
- Accept
  - Exemption
  - Exception
- Avoid
- Mitigate
Risk reporting
Business impact analysis
- Recovery time objective (RTO)
- Recovery point objective (RPO)
- Mean time to repair (MTTR)
- Mean time between failures (MTBF)

5.3 Explain the processes associated with third-party risk assessment and management.

Vendor assessment
- Penetration testing
- Right-to-audit clause
- Evidence of internal audits
- Independent assessments
- Supply chain analysis
Vendor selection
- Due diligence
- Conflict of interest

Agreement types
- Service-level agreement (SLA)
- Memorandum of agreement (MOA)
- Memorandum of understanding (MOU)
- Master service agreement (MSA)
- Work order (WO)/statement of work (SOW)
- Non-disclosure agreement (NDA)
- Business partners agreement (BPA)
Vendor monitoring
Questionnaires
Rules of engagement

5.4 Summarize elements of effective security compliance.

Compliance reporting
- Internal
- External
Consequences of non-compliance
- Fines
- Sanctions
- Reputational damage
- Loss of license
- Contractual impacts
Compliance monitoring
- Due diligence/care
- Attestation and acknowledgement
- Internal and external
- Automation

Privacy
- Legal implications
  - Local/regional
  - National
  - Global
- Data subject
- Controller vs. processor
- Ownership
- Data inventory and retention
- Right to be forgotten

5.5 Explain types and purposes of audits and assessments.

Attestation
Internal
- Compliance
- Audit committee
- Self-assessments
External
- Regulatory
- Examinations
- Assessment
- Independent third-party audit

Penetration testing
- Physical
- Offensive
- Defensive
- Integrated
- Known environment
- Partially known environment
- Unknown environment
- Reconnaissance
  - Passive
  - Active

5.6 Given a scenario, implement security awareness practices.

Phishing
- Campaigns
- Recognizing a phishing attempt
- Responding to reported suspicious messages
Anomalous behavior recognition
- Risky
- Unexpected
- Unintentional

User guidance and training
- Policy/handbooks
- Situational awareness
- Insider threat
- Password management
- Removable media and cables
- Social engineering
- Operational security
- Hybrid/remote work environments
Reporting and monitoring
- Initial
- Recurring
Development
Execution

Secure Infrastructure Specialist/Objectives

A+