Categorias: Todos - symptoms - documentation - troubleshooting - communication

por David Sanchez 1 ano atrás

433

The CompTIA A+ Journey

Effective troubleshooting involves several critical steps to diagnose and resolve computer-related issues. Initially, it is essential to establish a theory and conduct thorough research, as users may not always provide an accurate or comprehensive description of the problem.

The CompTIA A+ Journey

Environmental

Material Handling

Proper Disposal
Circuit boards
Toner
Material Safety Data Sheet

Building Power

Battery backups
Uninterruptable Power Supply

Amp hours

Volt-amperes rating

Surge Protectors
Amperage
Joules rating
Clamping voltage
Power failure
Under-voltage
Surges

Electrostatic Discharge

Dissipative packaging
Antistatic bags
Touch bare metal
Work in anti-ESD environment

Safety Hazards

Safety Glasses and Masks
Lifting Techniques
Bend knees
Trip
Secure heavy equipment
Secure cabling

Electrical Safety

Electrical Fire
Carbon Dioxide Extinguisher
Power Handling
Disconnecting power
Equipment Grounding
Fuses
13A
5A
3A

Regulations

Environmental Regulations
Building codes
Health and Safety Laws
OSHA

Professionalism

Difficult Situations

Not posting on social media
Collaborate on finding a solution
Positive attitud

Communication

Questioning
Closed
Open ended
Active listening

Appearance

Cultural sensitivity
Formal language
Business casual
Formal

Support Delivery

Appropriately deal with sensitive matters
Avoid distractions
Be on time

Professional Support

Follow up
Repair and replace options
Meet expectations
Set expectation and timeline
Proper Documentation

Documentation

Policy Documentation

Acceptable Use Policy
Splash Screen

Change Approval

End-User Acceptance
Training and education
UAT
Test the change plan
Risk Analysis
Qualitative
Quantitative
Change Board

Change Management

Change Requests
Purpose
IT Infrastructure Library
Configuration Management

Asset Documentation

Support Documentation
Knowledge Base articles
Assigned Users
Warranty

Asset Identification

Network topology diagrams
Asset tags
Barcode
Database systems

Ticket Management

Incident reports
Clear communication
Progress resolution
Progress notes
Problem description
Escalation Levels
Tier 3
Tier 2
Tier 1
Tier 0

Ticketing Systems

Severity
Category
Device information
Asset ID
User information

Standard Operating Procedure

Windows Scripts

Batch Files

CMD
.bat

VBScript

Visual Basic
.vbs

Windows Powershell

PowerShell Integrated Scripting Environment
.ps1

Scripting

Best Practices

System Crashes
Faulty API
Infinite loops
Creating files
Inadvertent System Changes
Malware Risks
Code scanning
Access Control

Use Cases

Application Programming Interface
Gathering of Data
Automated Backups
Initiating Updates
Installation of apps
Remmaping Network Drives
Restarting Machines

Python

PyPy
.pyw
.py
CPython

Javascript

Javascript for Automation
HTML
.js

Constructs

Operators
OR
AND
-lt

-gt

-ge

-le

-eq

-ne

Loops
While
For
Branches
else
Variables
Comments
#
Programming Language
Integrated Development Enviornment

Executable File

Scripting Language (Glue Language)
Interpreter

OS

.sh

Data Handling

Disposal

Drill
Hammer
Certificate of Destruction
Degaussing
Incenerating
Shredding

Data Destruction

Low level formatting
Instant Secure Erase
Secure Erase
Erasing / Wiping
Sanitization
Standard formatting

Data Integrity

Chain of Custody
Documentation of Incident and Recovery of Evidence
  1. Identify the scope of the incident and the host systems and/or removable drives that are likely to contain evidence. If appropriate, these systems should be isolated from the network.
  2. Document the scene of the incident using photographs and ideally video and audio. Investigators must record every action they take in identifying, collecting, and handling evidence.
  3. If possible, gather any available evidence from a system that is still powered on, using live forensic tools to capture the contents of cache, system memory, and the file system. If live forensic tools are not available, it might be appropriate to video record evidence from the screen.
  4. If appropriate, disable encryption or a screen lock and then power off each device.
  5. Use a forensic tool to make image copies of fixed disk(s) and any removable disks. A forensic imaging tool uses a write blocker to ensure that no changes occur to the source disk during the imaging process.
  6. Make a cryptographic hash of each source disk and its forensic image. This can be used to prove that the digital evidence collected has not been modified subsequent to its collection.
  7. Collect physical devices using tamper-evident bags and a chain-of-custody form, and transport to secure storage.


Digital Forensics

Incident Response

Computer Security Incident Response Team

Licenses

Digital Rights Management
Open Source
License Compliance Monitoring
End-User License Agreement

Prohibited Data

Illegal content

Regulated Data

Credit Card Transactions
Payment Card Industry Data Security Standard

National Institute of Standards and Technology

Healthcare Data
Government Issued Information
Personal Identifiable Information

Procedures

Backup

Testing
Retention
Frequency
Backup chains

Synthetic Full Backup

Job type that combines incremental backup jobs to synthesize a full backup job. Synthetic full backups have the advantage of being easy to restore from while also being easy on bandwidth across the network as only changes are transmitted.


  1. The chain starts with an initial full backup as normal and subsequently makes a series of incremental backups.
  2. When the next full backup is scheduled, the backup software makes one more incremental backup. It then synthesizes a new full backup from the previous full and incremental backups.


Full with Differential

It means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job. A differential chain has moderate time and storage requirements and slightly less recovery complexity than incremental as it requires a maximum of two jobs (the full backup plus the differential job).

Full with Incremental

The chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job. An incremental job has the lowest time and storage requirement. However, this type of chain has the most recovery complexity as it can involve two or more jobs, each of which might be stored on different media.

Full Backup

Remote Access Tools

File Transfer

Nearby Share
Nearby Sharing
AirDrop

Video Conferencing

Zoom
Microsoft Teams

Screen-Sharing

LogMeIn
TeamViewer

Desktop Management

Endpoint Detection and Response
Unified Endopoint Management / MDM
AMD PRO
Intel vPRO
Wake-On LAN
Remote Monitoring and Management
Managed Service Providers
TCP Port 22
Public / Private Encryption Key Pair

Host key fingerprint

Microsoft Remote Assstance

Quick Assist
HTTPS/443
Ports 49152 to 65535

XRDP

Screen Sharing

Virtual Network Computing
TCP port 5900
RDP Restricted Admin Mode
Remote Credential Guard
Advanced Settings
Network Level Authentication

Mobile OS Security

App Source Concerns

Bootleg App Stores
Enterprise Apps
APK Sideloading

Managed Google Play

Apple Business Manager

Public Stores
App Spoofing

Root Access Concerns

Developer Mode
Jailbreaking
Root access
Regular Audits
Security Awareness Training
Mesh Networking
Zigbee
Z-Wave
Hub / System Control

Locator Apps / Remote Wipe

Enterprise wipe
Device wipe

Data Security

Remote Backup Apps
MDM
iTunes
Profile of security requirements
Choose Your Own Device
Corporate Owned, Personally Enabled
Corporate Owned, Business Only

Security Software

OS Updates

Screen Locks

Malware Removal

Malware Infection Prevention

Enable System Restore
Configure firewall
Verify DNS configuration
Create a Restore Point / Image
Schedule scans
Configure On-Access Scanning

Educate the End User

Anti-phish training
Secure use of software
Education about common social engineering
Passowrd and Account Best Practices

Enable System Restore and Create a Restore Point

Schedule Scans and Run Updates

Remediate Infected Systems

OS Reinstallation
Restore files from backup
Reformatting disk
Recovery Mode
regedit

msconfig

Remove disk

Scanning and removal tools
Pre-installation enviornment
Update Antivirus

Disable System Restore in Windows

Quarantine Infected Systems

Investigate and verify symptoms

Malware

Ransomware

Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment.

Cryptominer

Rootkits

Class of malware that modifies system files, often at the kernel level, to conceal its presence

Spyware

Software that records information about a PC and its users, often installed without the user's consent.

Keylogger
USB Adapter
DNS Redirection

Backdoor

Mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.

Command and Control
Remote Access Trojan
DDos

Fileless

Exploit techniques that use the host's scripting environment to create malicious processes. This refers to malicious code that uses the host’s scripting environment, such as Windows PowerShell or PDF JavaScript, to create new malicious processes in memory. As it may be disguised as script instructions or a document file rather than an executable image file, this type of malware can be harder to detect.

Worms

Type of malware that replicates between processes in system memory and can spread over client/server network connections.

These replicate between processes in system memory rather than infecting an executable file stored on disk. Worms can also exploit vulnerable client/server software to spread between hosts in a network.

Trojan

Malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer.


This is malware concealed within an installer package for software that appears to be legitimate. The malware will be installed alongside the program and execute with the same privileges. It might be able to add itself to startup locations so that it always runs when the computer starts or the user signs in. This is referred to as persistence.

Boot Sector Viruses

These infect the boot sector code or partition table on a disk drive. When the disk is attached to a computer, the virus attempts to hijack the bootloader process to load itself into memory.

Viruses

Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.

.jar
.scr
.com
.dll

Browser Security

Privacy

Incognito Mode
Cache
Ad Blocekrs
Pop-up Blockers

Connections

Certificate Authority
Transport Layer Security
Password Manager
Data Synchronization

Extensions

Plug-ins
Themes
Search Engine

Workstation Security

Bitlocker / Bitlocker To Go

Recovery Key
TPM

Encrypting File System

Windows Defender

Execution Control

Trusted Software Sources
Digital Certificates
UAC

Account Management

User permissions

End User

Clean desk policy
Cable locks
Cases
Screensavers
BIOS / UEFI
Rules

Security Measures

Alarms

Lighting
Video / CCTV
Duress
Proximity
Motion sensor
Circuit
Equipment
Lockable rack
Chassis
Kesington
Biometric
Retina
Palmprint
Fingerprint reader
Door Lock
Badge reader
Electronic
Key operated

Physical Access Control

Security Guards
Magnometers
Vestibules
Fencing
Perimeter Security

SOHO Router Security

Initial Setup

Screened Subnets
Demilitirized zone
Universal Plug-and-Play
Port Forwarding
Disable ports
Port triggering
Port mapping
Static IP / DHCP Reservations
Inbound / Outbound Filtering
LAN/WAN Configuration

Channels

Guest Access

Firmware Updates
Network Configuration

http://192.168.0.1

Location / Placement

Security Protocols

Enterprise Authentication Protocols

802.1X
Extensible Authentication Protocol

EAP with Transport Layer Security

Digital Certificate

Encryption Key Pair

Trusted Platform Module

PIN / Password

Server Handshake

EAP over Wireless

Authentication, Authorizations and Accounting Server

Pairwise Master Key

Master Key

AAA Server

Kerberos
Single Sign-On

Permissions

Terminal Access Controller Access Control System +
EAPoW
Administrative access to Switches, Routers and Access Points
Remote Authentication Dial-in User Service
VPN / Wireless

WI-FI Protected Access

WPA 3 Personal Authentication
Simultaneous Authentication of Equals Protocol

GCMP

WPA 2 Pre-Shared Authentication
AES
CCMP

Dangers

Encryption

Key Exchange
Asymmetric Encryption
Public Key
Private Key
Digital Signatures
Symmetric Encryption
Single Key

Advanced Encryption Standard

Cryptohgraphic Hashes
Message Digest
Secure Hash Algorithm

Website

SQL Injection
Cross-Site Scripting

Threats

Password related
Brute Force
Dictionary
DoS
DDoS

Botnet

On-path
Spoofing
Footprinting
Insider Threat

Phishing / Evil Twin

Evil Twin
Vishing
Whaling
Spear Phishing

Social Engineering

Tailgating
Piggybacking
Shoulder Surfing
Dumpster Diving
Impersonification
Pretexting

Weakness that could be accidentally triggered or intentionally exploited to cause a security breach.

Bring Your Own Device
Unpatched / EOL
Zero-Day

Vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

Unprotected system
Non-compliant systems

Cybersecurity

Risk

It's the likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

Threat

Potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional.

Theat Actor

Attack Vector

Vulnerability

Information Security

Availabilty
Integrity
Confidentiality

Kernel

Package Manager

Distro

Windows Shares

Share Permissions

Inheritance
NTFS

Printer Sharing

Network Browsing and Mapping Drives

net view command
net use command

Network Discovery and File Sharing

Workgroup

Windows Security

Mobile Management

Active Directory

Login script
Group Policy Object
gpresult
gpupdate
Organizational Unit
Security Groups
Member Server

Authentication

Hard token
2-step
Soft token
Multifactor

User and Account Groups

Security Group
Guest

Power

Standard
Administrators

net user command

Microsoft Account
Local Account

Logical Security Control

Access Control List
Implicit deny
Least priviledge
Logical
Authentication
Firewall
Antivirus
Procedure
Training programs
Physical
Locks
Doors
Fences

Windows Networking

Virtual Private Network/ Wireless Wide Area Network

Wired Connection

128 bits
32 bits

Supporting Windows

Boot Recovery Tools

Windows Recovery
Windows Recovery Enviornment
Startup repair
Create Recovery Drive
Advanced Boot Options

Boot Process

WINLOAD.EFI
BOOTMGFW.EFI
GPT
HAL.DLL
NTOSKRNL.EXE
WINLOAD.EXE
BOOTMGR.EXE
Power-On Self Test

Distribution Methods

Apple
.exe
.msi

Disk Configuration

Globally Unique Identifier Partition Table
Master Boot Record

Boot Method

Hard Drive
Network Boot
USB and Flash Drives
Optical Media

Upgrade

Feature updates
Backup files
Hardware compatibility

Installation

Repair
Reset Windows
Recovery partition
In-place install
Clean install
Image deployment

Volume Licensing

Retail License

Original Manufacturer Equipment

Windows Versions

Enterprise

6 TB RAM Limit
Microsoft Desktop Optimization
Applocker
Microsoft DirectAccess
4 way multiprosessing 256 cores

Education

2 way multiprocessing 128 cores

Pro

2TB RAM limit
Bitlocker
Advanced hardware features

File System Types

Apple File System
Network File System
ext4
exFAT

64-bit version of FAT designed for use with removable hard drives and flash media. Like NTFS, exFAT supports large volumes (128 petabytes) and file sizes (16 exabytes). There is also support for access permissions but not encryption.

FAT32

The FAT file system is a very early type named for its method of organization—the file allocation table. The FAT provides links from one allocation unit to another. FAT32 is a variant of FAT that uses a 32-bit allocation table, nominally supporting volumes up to 2 TB. The maximum file size is 4 GB minus 1 byte.

FAT32 does not support any of the reliability or security features of NTFS. It is typically used to format the system partition (the one that holds the boot loader). It is also useful when formatting removable drives and memory cards intended for multiple operating systems and devices.

New Technology File System

The New Technology File System (NTFS) is a proprietary file system developed by Microsoft for use with Windows. It provides a 64-bit addressing scheme, allowing for very large volumes and file sizes. In theory, the maximum volume size is 16 Exabytes, but actual implementations of NTFS are limited to between 137 GB and 256 Terabytes, depending on the version of Windows and the allocation unit size. The key NTFS features are:


Linux

Command Interface

Backup and Scheduling
cron

crontab

Network Management
Samba
dig
ifconfig

ip

Process Monitoring
ps
top
Package Management
ClamAV
yum

.rpm

get-apt

.deb

File Permissions
chown

chgrp

chmod
r

w

x

User Account
groupadd

groupmod

groupdel

newgrp

useradd

usermod

userdel

passwd

sudo
su
df

du

rm
mv
cp
Search
grep
find
cat
ls
pwd
File Editors
vi
Nano
KDE
Gnome
Xorg

Shell

ksh
Bash

MacOS

App Installation

Setup files
.app
.dmg
.pkg
Updates

Finder

System Preferences

Time Machine
Disk Utility
Remote Disk
Printers & Scanners
FileVault
Keychain
Internet Account
Security & Privacy
Users & Groups
Apple ID
Accesibility
Displays
Apple Magic Mouse
Apple Keyboards
Option / Alt
Command / Ctrl
Apple/Power Key

Mission Control / Multiple Desktops

Terminal

zsh

Spotlight Search

Dock

Top Menu

Network

Operating System Market

Mobile

Home

Network Operating System

Business

Windows Tools

System Configuration

Tools
Boot
Safe Mode
General

Resource Monitor

Task Manager

Startup
Services
Performance
Monitoring
Details
Set priority
Processes

Event Viewer

Event sources and severity levels
Critical
Error
Warning
Information
Audit success/ audit
Log Files
Setup log
Security logs
Application logs
System logs

System Information

Microsoft Management Console

Snap-ins

Registry Editor

Registry Keys
Hives

.SAV file

.LOG file

Group Policy Editor

Certificate Manager

Local Users and Groups

Default Groups
Guest Accounts
Administrator Accounts
Standard Accounts
Security Accounts

Task Scheduler

Disk Maintenence

Disk Clean-Up
Disk Defragmenter

Disk Management Console

Repartitioning
Formatting
Partitioning
Initializing Disks
Disabling devices
Update and troubleshooting devices

Command-line interface

System Management

winver
sfc
shutdown

Disk Management

chkdsk
format
diskpart

File Management

rmdir
md
robocopy
xcopy

Navigation

cd
dir

Help

Kernel Files

Microsoft Windows

Store Apps
Windows Features

File Explorer

Options
Indexing
View
C:\
Windows

System 32

Drivers

Program Files (x86)
Users

Settings

Shortcuts
Network Settings
Windows Defender Firewall
Gaming Settings
App Settings
Power Settings
Hibernate

Power-saving state where the contents of memory are saved to hard disk (hiberfil.sys) and the computer is powered off. Restarting the computer restores the desktop.

Standby

Power-saving mode where power to all compatible components except system memory is cut. Note that systems on standby still consume some electricity.

Display and Sound Settings
Resolution
Multiple Displays
Device Settings
Ease of Access
Desktop Settings
Personalization
Time and Language
Privacy Settings
Control Panel
Administrative Tools

A Microsoft Management Console (MMC) contains one or more snap-ins that are used to modify advanced settings for a subsystem, such as disks or users. The principal consoles available via Administrative Tools are:


Internet Options
Network and Sharing Center
Mail
Programs and Features
Power Options
Device Manager
User Account Control
Update & Security Settings
WindowsUpdate.txt
OS Settings

Interfaces

Desktop

Types

3-D

Filament
Selective Laser Sintering
Stereolithography
Acrylonitrile Butadiene Styrene
Polylactid Acid
Fused Filament Fabrication

Impact

Plain paper

Impact paper

Tractor fed

Thermal

Ensure correct paper size and that it's thermal
Heating element
Feed assembly
Thermal paper

Inkjet

Print head cleaning
Print head alignment

Laser

Maintenence
Calibrating
Maintenence kit
Regular cleaning
Replace toner when needed
Paper

Use good quality and clean paper.

Insert the paper in the correct orientation and do not overload the input tray

Process
Finishing Stage
Fusing Stage
Transferring Stage
Developing stage
Exposing Stage
Charging Stage
Processing Stage

When in need to display digital content onto physical paper, a printer will be utilized

Print Devices

Scanner

Network Services
Scan to cloud
SMB
Scan to email
Optical Character Recognition

Security

Audit logs
Secured print and badging
User authentication

Properties

Duplex unit or finishing unit
Configurations
Sharing and permissions
Printing Port selection
Updating Drivers

Drviers and Page Description Languages

XML
Printer Control Language
Postscript
Color Printing
CMYK
Vector Graphics
Scalable Fonts

Connectivity

Wireless
WI-FI Direct
Infrastructure Mode
USB
Type B
Ethernet

DNS

Baseline level on mobile device components and basic features

Battery

AC Adapter

Form Factors

Smartphones

IOS

App Store

Android

Google Play Store

Account Setup

Location Services

Indoor Positioning System
Global System Positioning

Enterprise Mobility Management

Two-Factor Authentication
Mobile Application Management
Mobile Device Management
Subtopic

iCloud

Data Synchronization

Passwords
Apps
Calendar
Email
Corporate
Commericial
Contacts

Microsoft 365

Mobile Devices

Wired Connections

Docking Stations

USB

Thunderbolt

HDMI

Ethernet


USB-C

Audio Jack

Lightning

Replicators

Wireless Connections

Near Field Communcation
Mobile Hotspot and Tethering
Cellular Antenna
Code Division Multiple Access

Preferred Roaming List

Global System for Mobile Communications
Airplane Mode

Accessories

Camera
Speaker
Microphone
Touchpen
Touchpad

Display Types

Touchscreen
Accelorometer
Gyroscope
Digitizer
Liquid Crystal Display
Organic Light Emitting Diodes
Light Emitting Diodes

Thin Film Transistor

Vertical Alignment

In-Plane Switching

Twisted Nematic

As technology grows, computers are now able to emulate and work remotely, many services now work over the Internet and not depend much on local infrastructure

Inside those standards, a computer needs to be told where exactly that data will be stored and sent to

On the internet, there needs to be an order and standards for all computers to work properly and communicate efficiently

A computer needs a means of being able to communicate with other computers

Cloud Computing

Common Services

Software-Defining Networking
File Storage
Virtual Desktop Infrastructure

Cloud Characteristics

Computing architecture where on-demand resources provisioned with the attributes of high availability, scalability, and elasticity are billed to customers on the basis of metered utilization.

Scalability

The cost for maintaining more users is linear, meaning that if the number of users double, then the cost would also double.

High Availability

The service guarantees that it'll run at high performance for the most part and experiences very little downtime.

Service Models
Software as a Service

Provides fully developed applications, rather than paying for a number of licenses, you can obtain the software running on the cloud servers and paying as you go.

Google Workspace

Salesforce

Microsoft Office 365

Platform as a Service

Provides in between IaaS and SaaS, meaning it provisions application and database services. A typical PaaS solution would deploy servers and storage network infrastructure (as per IaaS) but also provide a multi-tier web application/database platform on top.

Google Engine App

Microsoft Azure SQL

Oracle Database

Infrastructure as a Service

Provides the network and physical resources to the client, such as servers, load balancers, SAN's, etc.

OpenStack

AWS

Microsoft Azure

Deployment Models
Hybrid
Community
Private
Public
Elasticity
Metered Utilization

Feature of cloud service models that allows customers to track and pay for precise compute, storage, and network resource units.

Type 2 Hypervisor

Parallels Workstation

Oracle Virtual Box

VM Workstation

Type 1 Hypervisor (Bare Metal)

Hardware
Hypervisor

Guest OS

Virutal Machine Manager

Hypervisors

Computing environment where multiple independent operating systems can be installed to a single hardware platform and run simultaneously.

Virtual Machine
Purposes

Container Virtualization

Server

Host OS

Docker Engine

Applications

Application Virtualization

This is where applications are running on a server and streamed to a client OS, as this allows for clients to always have the latest version.

Server-Side Virtualization

This means running a server role machine as a VM, since servers use for about 10% of hardware resources, this allows for up to 9 programs to be running on a single server with the same performance.

Client-Side Virtualization

Refers to any solution designed to run on "ordinary" desktops or workstations. Each user will be interacting with the virtualization host directly. Desktop virtual platforms, usually based on some sort of guest OS hypervisor, are typically used for testing and development

Training

Cross-Platform Virtualization

This allows for testing and development for applications to run on different OS's, this feature allows you to test that in one single machine.

Support Legacy software and OS's

Some applications are no longer supported in later OS versions, this allows the possibility for those programs to still execute by running on a VM an older OS version.

Sandbox

An environment where safe testing and development can occur as the host OS and the VM cannot communicate to each other, making malware impenetrable to the host OS.

OS

Security Requirements

Resource Requirements

Mass Storage

Although VM's run on image files, they require a lot of storage, especially if snapshots are wanting to be created so that you can roll back to a specific settings in a particular session. However, in large enterprises, this usually isn't an issue as SAN's are available to use.

System Memory

Each guest OS requires more memory than the host OS, for example if one Windows machine requires 2GB of RAM, then at least 4GB are required for it to be able to run both the host and guest OS, and it can add up quickly if more VM's are running.

CPU Virtualization Extensions
AMD

AMD-V

Rapid Virtualization Indexing

Intel

VT-x

Extended Page Table

Internet of Things

Smart Devices

Hub/ Control System

Embbeded System

Supervisory Control and Data Acquisition

Operational Technology

Industrial Control System

Programmable Logic Controllers
Human Machine Interface
514
SNMP trap operation
162
161
139
DHCP Client
68
67
3389
Server Message Block
445
HTTP Secure
443
389
Internet Mail Access Protocol
993
143
NetBIOS
137
995
110
HyperText Transfer Protocoll
80
53
587
25
23
Secure Shell
22
File Transfer Protocol Control connection
21
File Transfer Protocol Data connection
20

Network Protocols

Syslog

Simple Network Management Protocol

Remote Desktop Protocol

Lightweight Directory Access Protocol

Internet Message Access Protocol

Post Office Protocol

Simple Mail Transfer Protocol

A/AAAA
MX

HyperText Transfer Protocol

HTTPS
TLS
URL
FQDN

Network Basic Input/Output System

Simple Message Block

SMB3
SMB1 (Common Internet File System)

File Transfer Protocol

FTPS
SFTP
SSH

Telnet

VPN

AAA
RADIUS
Netowrk Access Server
Supplicant
LAN Servers
Router/ Firewall

VPN Gateway

Virtual LAN

Fully Qualified Domain Name
Domain-Based Message Authentication, Reporting, and Conformance
DomainKeys Identified Mail
Sender Policy Framework
TXT Record
Mail Exchange
AAAA
A

Dynamic Host Configuration Protocol

Reservations
Leases
Scope

User Datagram Protocol

Transmission Control Protocol

SYN/ACK

Network Addressing

TCP/IP

Application
POP3
IMAP
HTTP
DHCP
Transport
UDP
TCP
IP

IPv6

Interface ID

Network ID

StateLess Address Auto Configuration

IPv4

Subnet Mask

Domain Name System

Default Gateway

Network Address Translation

Host Number

Network Number

Public IP Address

Facilitated by an ISP

Private IP Address

Class C

192.168.0.0 to 192.168.255.255

Class B

172.16.0.0 to 172.31.255.255

Class A

10.0.0.0 to 10.255.255.255

Link / Network Interface
Ethernet Wi-FI

If the computer faces operation failure, we need to ensure to find the problem cause and solve it.

Connection Types

Cellular

5G
4G
3G
Code Division Multiple Access

Method of multiplexing a communications channel using a code to key the modulation of a particular signal. CDMA is associated with Sprint and Verizon cellular phone networks.

Global System for Mobile Communication

Standard for cellular radio communications and data transfer. GSM phones use a SIM card to identify the subscriber and network provider. 4G and later data standards are developed for GSM.

SIM Card

Wireless Internet Service Provider

long-range fixed access wireless
WI-FI

Geostationary Orbital Satellite Internet Access

Very small aperture terminal satellite
Round Trip Time

Low Earth Orbital Satellite Internet Access

Low Orbit Satellite

Plain Old Telephone System

Public Switched Telephone Network

Fiber Optic
Fiber to the Premesis

Is run all the way to the customer’s building. This full fiber connection type is implemented as a passive optical network (PON)

Optical Network Terminal

Fiber to the Curb

Retains some sort of copper wiring to the customer premises while extending the fiber link from the point of presence to a communications cabinet servicing multiple subscribers.

Digital Line Subscriber
Symmetrical
Asymmetrical

Cable Modem

Data Over Cable Service Interface Specification

DSL Modem

Splitter (if applicable)

RJ11

RJ45

Networking Hardware

Wireless Connection

Short range connections
RFID
Long-range fixed wireless
Unlicensed

5 GHz

2.4 GHz

900 MHz

Licensed

FCC

WI-FI Analyzers
Signal-to-noise-ratio
dB
Access Points
BSSID

Frequency Bands

5 GTz

Channels (23) Spaced at 20 MHz

Dynamic Frecuency Selection

802.11ac (WI-FI 5)

MU-MIMO

Use of spatial multiplexing to allow a wireless access point to support multiple client stations simultaneously.

802.11a

Channel Bonding

802.11ax (WI-FI 6)

OFDMA

Feature of Wi-Fi 6 allowing an access point to serve multiple client stations simultaneously.

802.11n (WI-FI 4)

MIMO

2.4 GTz

Channels (14) Spaced at 5 MHz

802.11g

802.11b

Physical Connection

Unmanaged
Managed

PoE

Not all switches support PoE.

If so, there are power injectors that will make it possible.

802.3bt

51 W

802.3at (PoE+)

25 W

802.3af

13 W

Hub
Patch Panels
NIC

MAC Address

Coaxial
F-Type
Optic Fiber
Multi Mode Fiber

Has a larger core (62.5 or 50 microns) and is designed to carry a shorter wavelength infrared light (850 nm or 1,300 nm). MMF uses less expensive and less coherent LEDs or vertical cavity surface emitting lasers (VCSELs) and consequently is less expensive to deploy than SMF. However, MMF does not support such high signaling speeds or long distances as single-mode and so is more suitable for LANs than WANs.

Single Mode Fiber

Has a small core (8–10 microns) and is designed to carry a long wavelength (1,310 or 1,550 nm) infrared signal, generated by a high-power, highly coherent laser diode. Single-mode cables support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics.

Lucent Connector

Subscriber Connector

Straight Tip

Copper
UTP

CAT Standards

6A

6

5e

5

STP

Internet

SOHO

Load Balancer
Router
Proxy Server
Spam Gateways and Unified Threat Management
VPN/ Firewall

Access Point

Mobile devices

Laptops

Workgroup Switch

Patch Panel

Wall Ports

Desktops

Switch

Network Servers

Printers

Networking

802.11 Standard

PAN
NFC
Bluetooth
WLAN (WI-FI)

Network scope and type that uses wireless radio communications based on some variant of the 802.11 (Wi-Fi) standard series.

SSID

802.3 Ethernet

Standards developed as the IEEE 802.3 series describing media types, access methods, data rates, and distance limitations at OSI layers 1 and 2 using xBASE-y designations.

WAN

Network scope that spans a large geographical area, incorporating more than one site and often a mix of different media types and protocols plus the use of public telecommunications networks.

ISP
MAN

Can be used to mean a specific network type covering an area equivalent to a city or other municipality. It could mean a company with multiple connected networks within the same metropolitan area—so, larger than a LAN but smaller than a WAN.

LAN

local area network (LAN) is a group of computers connected by cabling and one or more network switches that are all installed at a single geographical location. A LAN might span a single floor in a building, a whole building, or multiple nearby buildings (a campus). Any network where the nodes are within about 1 or 2 km (or about 1 mile) of one another can be thought of as "local." LAN cabling and devices are typically owned and managed by the organization that uses the network.

1000BASE-T
10GBASE-T
100BASE-T
SAN

Network dedicated to provisioning storage resources, typically consisting of storage devices and servers connected to switches via host bus adapters.


A SAN is isolated from the main network. It is only accessed by servers, not by client PCs and laptops. SAN clients are servers running databases or applications. Provisioning a shared storage pool as a SAN is more flexible and reliable than using local disks on each server machine. SANs use connectivity technologies such as Fiber Channel and Internet SCSI (iSCSI).

Servers

You press the Power button and the computer starts

Troubleshooting

For more details, visit the Troubleshooting Mind Map

Verify and Document

Implement Preventive Measures


To fully solve a problem, you should implement preventive measures. This means eliminating any factors that could cause the problem to reoccur. For example, if the power cable on a PC blows a fuse, you should not only replace the fuse, but also check to see if there are any power problems in the building that may have caused the fuse to blow in the first place. If a computer is infected with a virus, ensure that the antivirus software is updating itself regularly and users are trained to avoid malware risks.


Document Findings, Actions, and Outcomes


Most troubleshooting takes place within the context of a ticket system. This shows who is responsible for any particular problem and what its status is. This gives you the opportunity to add a complete description of the problem and its solution (findings, actions, and outcomes).

This is very useful for future troubleshooting, as problems fitting into the same category can be reviewed to see if the same solution applies. Troubleshooting steps can be gathered into a "Knowledge Base" or Frequently Asked Questions (FAQ) of support articles. It also helps to analyze IT infrastructure by gathering statistics on what types of problems occur and how frequently.

The other value of a log is that it demonstrates what the support department is doing to help the business. This is particularly important for third-party support companies, who need to prove the value achieved in service contracts. When you complete a problem log, remember that people other than you may come to rely on it. Also, logs may be presented to customers as proof of troubleshooting activity. Write clearly and concisely, checking for spelling and grammar errors.


Establish a Plan of Action

There are typically three generic approaches to resolving an IT problem:


Establish a Plan of Action


When you determined the best solution, you must devise a plan of action to put the solution in place. You have to assess the resources, time, and cost required. Another consideration is potential impacts on the rest of the system that your plan of action may have. A typical example is applying a software patch, which might fix a given problem but cause other programs not to work.

An effective change and configuration management system will help you to understand how different systems are interconnected. You must seek the proper authorization for your plan and conduct all remedial activities within the constraints of corporate policies and procedures.


Implement the Solution


If you do not have authorization to implement a solution, you will need to escalate the problem to more senior personnel. If applying the solution is disruptive to the wider network or business, you also need to consider the most appropriate time to schedule the reconfiguration work and plan how to notify other network users.

When you make a change to the system as part of implementing a solution, test after each change. If the change does not fix the problem, reverse it, and then try something else. If you make a series of changes without recording what you have done, you could find yourself in a tricky position.


Refer to Vendor Instructions


If you are completing troubleshooting steps under instruction from another technician—the vendor's support service, for instance—make sure you properly understand the steps you are being asked to take, especially if it requires disassembly of a component or reconfiguration of software that you are not familiar with.



Establish a New Theory or Escalate

If you cannot solve a problem yourself, it is better to escalate it than to waste a lot of time trying to come up with an answer. Formal escalation routes depend on the type of support service you are operating and the terms of any warranties or service contracts that apply. Some generic escalation routes include:


Choosing whether to escalate a problem is complex because you must balance the need to resolve a problem in a timely fashion against the possibility of incurring additional costs or adding to the burdens/priorities that senior staff are already coping with. You should be guided by policies and practices in the company you work for. When you escalate a problem, make sure that what you have found out or attempted so far is documented. After that, describe the problem clearly to whoever is taking over or providing you with assistance.

Establish a Theory

Conduct Research


You cannot always rely on the user to describe the problem accurately or comprehensively. You may need to use research techniques to identify or clarify symptoms and possible causes. One of the most useful troubleshooting skills is being able to perform research to find information quickly. Learn to use web and database search tools so that you can locate information that is relevant and useful. Identify different knowledge sources available to you. When you research a problem, be aware of both internal documentation and information and external support resources, such as vendor support or forums.

Question the Obvious


As you identify symptoms and diagnose causes, take care not to overlook the obvious—sometimes seemingly intractable problems are caused by the simplest things. Diagnosis requires both attention to detail and a willingness to be systematic.

One way to consider a computer problem systematically is to step through what should happen, either by performing the steps yourself or by observing the user. Hopefully, this will identify the exact point at which there is a failure or error.

If this approach does not work, break the troubleshooting process into compartments or categories, such as power, hardware components, drivers/firmware, software, network, and user actions. If you can isolate your investigation to a particular subsystem by eliminating "non-causes," you can troubleshoot the problem more quickly. For example, when troubleshooting a PC, you might work as follows:

  1. Decide whether the problem is hardware or software related (Hardware).
  2. Decide which hardware subsystem is affected (Disk).
  3. Decide whether the problem is in the disk unit or connectors and cabling (Connectors).
  4. Test your theory.


Identify the Problem

Gather Information from the User


The first report of a problem will typically come from a user or another technician, and this person will be one of the best sources of information if you can ask the right questions. Before you begin examining settings in Windows or taking the PC apart, spend some time gathering information from the user about the problem. Ensure you ask the user to describe all the circumstances and symptoms. Some good questions to ask include:

Perform Backups


Consider the importance of data stored on the local computer when you open a support case. Check when a backup was last made. If a backup has not been made, perform one before changing the system configuration, if possible.

We are now entering the Mobile Device world

The CompTIA A+ Journey

Components

Network Interface Card

Although the motherboard already has an Ethernet port, additional ports may be needed. The NIC provides just that.

Sound Card

The component in charge of providing an audio signal to a speaker or headphones. They contain audio jack ports to connect both in and out signal

Storage

SSD or HDD.


Removable storage devices:

RAID

RAID 0 (Striping without parity) is when data is spread across two disks, this is not fault-tolerant.


RAID 1 (Mirroring) is when data is replicated between two disks, this is more fault-tolerant as if one disk fails the other has the exact data.


RAID 5 (Striping with Distributed Parity) is similar to RAID 0 however, the three disks share a parity so if one disk fails it will allow to reconstruct of data from the parity.


RAID 10 (Stripe of mirrors) is when you combine RAID 1 but with more disks as at least four disks are required as two arrays are mirrored between two disks, so it provides the best fault-tolerance.

RAM

If there is not enough system RAM, the memory space can be extended by using disk storage. This is referred to as a pagefile or swap space. The total amount of addressable memory (system RAM plus swap space) is referred to as virtual memory or virtual RAM . With virtual memory, the OS assigns memory locations to processes in 4 kilobyte chunks called pages. The memory controller moves inactive pages of memory to the swap space to free up physical RAM and retrieves pages from the swap space to physical RAM when required by process execution. An excessive amount of such paging activity will slow the computer down because disk transfer rates are slower than RAM transfer rates.


Types of RAM:


Each DDR generation sets an upper limit on the maximum possible capacity. DDR for desktop system memory is packaged in a form factor called dual inline memory module (DIMM). The notches (keys) on the module’s edge connector identify the DDR generation (DDR3/DDR4/DDR5) and prevent it from being inserted into an incompatible slot or inserted the wrong way around. DDR DIMMs typically feature heat sinks, due to the use of high clock speeds.

Modules:

Video Card

The component that is in charge of providing a signal to the monitor or projector.

Many motherboards contain an embedded video card, but often they are not powerful enough.

Most commonly a video card will contain a GPU capability and graphics memory alongside video ports such as HDMI, Displayport, and Thunderbolt.

Capture Card

CPU

The central processing unit (CPU), or simply the processor, executes program instruction code. When a software program runs (whether it be system firmware, an operating system, antivirus utility, or word-processing application), it is assembled into instructions utilizing the fundamental instruction set of the CPU platform and loaded into system memory. The CPU then performs the following basic operations on each instruction:

  1. The control unit fetches the next instruction in sequence from system memory to the pipeline.
  2. The control unit decodes each instruction in turn and either executes it itself or passes it to the arithmetic logic unit (ALU) or floating-point unit (FPU) for execution.
  3. The result of the executed instruction is written back to a register, to cache, or to system memory.


There exist different architectures like:

Virtualization
Multicore
Multithreading

CPU architecture that exposes two or more logical processors to the OS, delivering performance benefits similar to multicore and multi socket to threaded applications.

Motherboard

The motherboard is the heart of a computer, it has attached all of the components and runs.

These processing and storage components are connected by bus interfaces implemented on the motherboard. The instructions and data are stored using transistors and capacitors and transmitted between components over the bus using electrical signals.


Motherboard Form Factors are:

Cables

Power cables that go directly into the motherboard are:

Ports

Input/Output Ports examples:



BIOS/UEFI

Boot options

Boot passwords and secure boot

Trusted Platform Module (TPM)


Connectors

Like as powering the motherboard itself and where components obtain their power like the fans and disk drives.


Storage Connectors are:


Power Connectors are:

Slots

Like the RAM slots and adapter card slots.


Adapter connector slots:

Sockets

Such as the CPU socket.


There are only two CPU manufacturers: Intel and AMD.

Intel uses the LGA socket

AMD uses the PGA socket

Cooling System

A computer needs to be at all times under optimal temperature at, because all the components generate heat, a cooling system is required to maintain a moderate temperature so that the computer doesn't overheat.

Liquid
Water
Tubes
Fans
Heat Sinks

Power Supply Unit

The PSU is in charge of providing electrical charge to all of the components of the computer, especially the motherboard.

It has various cables with different types of connectors that'll go on different components

Wattage Rating
PSU Connectors