Network+ Troubleshooting Model

If you plan to take the Network+ exam, you should be aware of the Network+ troubleshooting model concepts listed by CompTIA. The good news is that this is rather straight forward if you look at the objectives. However, without an understanding of the Network+ troubleshooting model, question like the following might be challenging.

Sample Network+ Troubleshooting Model Questions

Can you answer these questions?

Q1. Sally has told you that she can no longer access a data share on a server within the network. Of the following choices, what is the BEST choice as your first step?

A. Check the server

B. Check the router

C. Check the switch

D. Ask Sally if anything on her computer has changed

Answer later in this blog.

Q2. Bob is troubleshooting a problem where a user is unable to access some network resources. He has determined that the fault is within a managed switch. However, he isn’t familiar with this switch and does not know how to access the configuration page. What should he do?

A. Gather information

B. Escalate the problem

C. Establish a plan of action

D. Document findings, actions, and outcomes

Answer later in this blog.

Over 275 realistic practice test questions available in the
CompTIA Network+ N10-005: Practice Test Questions (Get Certified Get Ahead)Kindle book.
Only $9.99. Free Kindle apps available for any platform.

Network+ Troubleshooting Model Objectives

CompTIA provides specific troubleshooting steps within the objectives. If you took the A+ exam, these should look familiar to you though they aren’t exactly the same. You should understand the specific steps and their order. They are:

• Identify the problem:
  • Information gathering
  • Identify symptoms
  • Question users
  • Determine if anything has changed
• Establish a theory of probable cause
  • Question the obvious
• Test the theory to determine cause:
  • Once theory is confirmed determine next steps to resolve problem.
  • If theory is not confirmed, re-establish new theory or escalate.
• Establish a plan of action to resolve the problem and identify potential effects
• Implement the solution or escalate as necessary
• Verify full system functionality and if applicable implement preventative measures
• Document findings, actions and outcomes

If you know the order of the steps in the Network+ troubleshooting model, it will be easier to answer many of the questions that use phrases such as  “What should you do FIRST?” or “What should you do LAST?” It also allows you to answer other questions about the model through logic and elimination.  The only thing that might be confusing is when to escalate a problem.

Escalating Problems

There are times when you need to escalate a problem. This means that you pass the problem onto someone else within your organization. For example, many organizations use multiple tiers or levels of support. Personnel working in lower levels have very basic knowledge and do not have sufficient rights or permissions to resolve some problems. Instead, they need to escalate problems to higher-level technicians that have more knowledge and adequate rights and permissions. Common tiers or levels used in organizations are:

• Tier 1 support is the most basic support. Personnel have basic skills, knowledge, and permissions to resolve simple problems. If technicians working at Tier 1 cannot resolve a problem, they can escalate it to Tier 2.
• Tier 2 support technicians have a higher level of knowledge, experience, and permissions than Tier 1 personnel do. They assist Tier 1 personnel and can handle problems that are more complex. If Tier 2 support technicians cannot resolve a problem, they can escalate it to Tier 3.
• Tier 3 support is often the highest level of support within an organization. Administrators and technicians at this level resolve the most complex problems. If they cannot resolve the problem, they might need to get assistance from outside the organization.

Network+ Troubleshooting Model Flowcharts

The first three steps of the Network+ troubleshooting model are shown in the following flow chart. This shows how a technician can loop between establishing a theory and testing a theory multiple times. At some point, the technician either confirms the theory and moves on to the next step in the troubleshooting model, or escalates the problem.

At this stage, the primary reason technicians escalate a problem is when they run out of ideas for new theories. In other words, the technicians have exhausted their current knowledge and experience.

The next flow chart shows the last four stages of the Network+ troubleshooting model. This also has a decision point and an option to escalate the problem, though it’s for a different reason. At this stage, the primary reason technicians escalate a problem is when they lack the rights or permissions to implement a solution. As an example, a technician might determine that a network switch has failed and should be replaced. However, if the technician doesn’t have adequate rights or permissions to replace a switch, the technician escalates the problem.

Sample Network+ Troubleshooting Theory Question and Answer

Here’s the answer to the question posted at the beginning of this blog.

Q1. Sally has told you that she can no longer access a data share on a server within the network. Of the following choices, what is the BEST choice as your first step?

A. Check the server

B. Check the router

C. Check the switch

D. Ask Sally if anything on her computer has changed

Answer D is correct. The first step in the CompTIA troubleshooting model is to identify the problem and this includes questioning users and determining if anything has changed. You might choose to check the server, the router, and the switch later in your troubleshooting steps, but you should first identify the problem by gathering information, identifying symptoms, questioning users, and determining if anything has changed.

Q2. Bob is troubleshooting a problem where a user is unable to access some network resources. He has determined that the fault is within a managed switch. However, he isn’t familiar with this switch and does not know how to access the configuration page. What should he do?

A. Gather information

B. Escalate the problem

C. Establish a plan of action

D. Document findings, actions, and outcomes

Answer B is correct. When technicians do not have enough knowledge or experience to troubleshoot further, they should escalate the problem and in this case, Bob doesn’t know how to access the configuration page of the managed switch. Gathering information is part of the first step (identifying the problem) but Bob has already done this step. If Bob had the knowledge of how to configure the switch, he should establish a plan of action but without this knowledge, he should escalate the problem. The last step is to document findings, actions, and outcomes but this is done after the problem is resolved.

Network+ Kindle Shorts

Topics in this blog came from the CompTIA Network+ Basic Networking Components (A Get Certified Get Ahead Kindle Short) ebook. This Kindle Short will be Chapter 1 in the upcoming  CompTIA Network+ Get Certified Get Ahead Study Guide written in the same style as the top selling CompTIA Security+: Get Certified Get Ahead Study Guide. Network+ Kindle shorts currently available are: Basic Components. CompTIA Network+ Basic Networking Components (A Get Certified Get Ahead Kindle Short) covers objectives related to core networking components and topics. This includes basic networking components, network types, topology types, and tips on planning and implementing a small office home office (SOHO) network. It includes 29 realistic practice test questions for this Kindle short, but 15 bonus questions from other Kindle shorts. Tools. CompTIA Network+: Tools (A Get Certified Get Ahead Kindle Short) covers objectives related to command line tools, hardware tools, and software tools. It includes a full chapter on tools and 60 practice test questions to test your comprehension of these topics. OSI. CompTIA Network+: OSI Topics (A Get Certified Get Ahead Kindle Short) covers the OSI and TCP/IP Model objectives for the Network+ exam. It includes a full chapter on OSI and TCP/IP model topics and practice test questions to test your comprehension of these topics. Wireless. CompTIA Network+: Wireless Topics (A Get Certified Get Ahead Kindle Short) covers the wireless objectives for the Network+ exam. It includes a full chapter on Wireless topics and 55 practice test questions to test your comprehension of these topics.

The post Network+ Troubleshooting Model appeared first on Get Certified Get Ahead by Darril.

I recently moved some WordPress sites and came across a WordPress permalinks problem that befuddled me for quite a while. As traffic has increased on the GetCertifiedGetAhead and Blogs.GetCertifiedGetAhead sites, I’ve noticed that pages were sometimes slow in loading. I finally decided to upgrade the account and move to a new server to increase the performance.

In a perfect world, this would be a rather simple process but in reality, it was quite challenging and consumed much of my time this past week. Thankfully, I made it through the hurdles and testing shows that this new site is much quicker. I hope you find it useful.

WordPress Permalinks Problem

If you run a WordPress site and are migrating to a different server, you might find this useful. I’m running my site on a Microsoft IIS server and this information applies if your site is on an IIS server.

My biggest challenge was that the migration broke all the links in the blogs.getcertifiedgetahead.com site. The original installation used a custom permalinks structure of /%postname%/. For example, if you wanted to view the page listing Security+ blogs, the URL looks like this: http://blogs.getcertifiedgetahead.com/security-blog-links/.  Unfortunately, this resulted in 404 page not found errors on the new server.

I was able to change the permalinks structure to Post Name, but this added “/index.php” in the URL resulting in a link of http://blogs.getcertifiedgetahead.com/index.php/security-blog-links/.  While my site worked with this setting, all external links to the original pages still resulted in  404 page not found errors. This just wasn’t good enough.

The Hunt

I spent hours researching solutions on the Internet. I’m very grateful for Google and all the people that post useful information on the Internet. Many times I’m able to get my answer in minutes, if not seconds. However, this hunt took me on several different paths until I finally found the solution.

One of the primary challenges I faced with this problem is that many of the solutions simply don’t work for the current version of Word Press. I’m running Word Press 3.5.1 and many of the solutions worked on older versions, but not with 3.5.1.

In short, the solution required a change to the web.config file and the options-permalink.php file (located in the wp-admins folder). I ultimately found the solution from a post by Ansh on Webloggerz.com: http://webloggerz.com/how-to-remove-index-php-from-wordpress-url/

Options-Permalink File

Ansh has good instructions on his page related to this fix. I’ll summarize them here:

1. Open the wp-admin/option-permalink.php file
2. Locate line 81. It  looks like this: $prefix = ‘/index.php’;
3. Modify line 81 to look like this: $prefix = ”
   This should end in two apostrophe characters (”) not a single double quote character (“)
4. Save the file in the original location.

While I didn’t see the warning on Ansh’s page, I frequently see warnings about not modifying php files directly in Word Press installations. I’m sure there are times when it’s appropriate, and times when it’s not. I modified this php file as a last resort. When I upgrade to a new Word Press installation, it’s very possible this fix will be overwritten and break all my links. This will be one of the first things I check if an upgrade breaks the links.

As another note, this modified the Permalinks page some. It now looks like this:

Before implementing this solution, the Post name link looked like this: http://blogs.getcertifiedgetahead.com/index.php/sample-post/.

Web Config File

Next, the web-config file needs to have some code in it. This is located in the root directory of the web site (typically called wwwroot).

Again, Ansh has good instructions on his page. He even has a sample web-config file you can use as a guide. You can look at it here: http://webloggerz.com/wp-content/uploads/web-config.txt

The primary code you need is this:

    <rewrite>
        <rules>
            <rule name="wordpress" patternSyntax="Wildcard">
                <match url="*" />
                    <conditions>
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                    </conditions>
                <action type="Rewrite" url="index.php" />
            </rule>
        </rules>
    </rewrite>

This code must be within the <system.webServer> </system.webServer> XML tags.

Your web.config file will likely have some additional data in it. You probably won’t need to modify anything else for this solution. I did find that I had a <handlers> </handlers> tag related to php that I needed to remove.

.htaccess File Not Needed

The .htaccess file is not used with an IIS installation.  A question I should have asked earlier and didn’t was “What type of server is my Word Press site installed on?” A Microsoft installation with an IIS server does not use .htaccess.

During my hunt, I ran across many web pages that indicated my problem was related to this file. I spent quite a bit of time modifying it and changing it’s permissions to get my site to work. Nothing I did seemed to matter and when I found the ultimate fix, I deleted the .htaccess file.

If your system is running on Apache server or something else, the fixes to the .htaccess file might help you and my solution might not matter at all.

Hosting Provider Won’t Help

One of the important lessons with this experience is that the hosting provider provided next to zero help. Admittedly, their stated policy is that they would set up the sites on the new servers and move the files but I was responsible for getting the sites to work. I certainly didn’t expect so many problems with the move.

I asked several questions, but only received one coherent answer. Instead, my queries were often unanswered, or answered with a form reply. They even modified some of the settings in the control panel that I had configured for testing and troubleshooting, while I was still testing and troubleshooting.

Also, after they moved it, they wanted to remove access to the old site. After three days of troubleshooting, and several unanswered queries, I received an email stating “We cannot keep a site alive on 2 servers indefinitely.” Thanks.

In retrospect, I wonder if I would have been better served by creating the sites on a completely different provider. I could have kept the old sites live while I worked on getting the new sites operational.

Here are some of the other problems I faced.

• Posts on ycda.com and blogs.getcertifiedgetahead.com had funky characters like â€“ “ ’ â€.
  This was caused by an incompatibility with the character set. My original wp-config.php file included this line:
  define(‘DB_CHARSET’, ‘utf8′);
  I removed the line on the new server and the problem disappeared. I have since noticed that the collation set on the new server for the MySQL databases is “utf8_general_ci”
  I changed the line to this:
  define(‘DB_CHARSET’, ‘utf8_unicode_ci’);
  This also eliminated the funky characters, and is a better solution because it accurately identifies the collation.
• Database gives this error when I access it through the provider’s control panel:
  Your PHP MySQL library version 5.0.51a differs from your MySQL server version 5.5.28. This may cause unpredictable behavior.
  I suspected this error was causing some of my problems, and it might still be causing some problems. I still occasionally get errors in the control panel indicating a problem with database connectivity. Unfortunately, my query about this error to the hosting provider has not been answered.
• One of the new sites was not created on the new server. While a simple problem to resolve, it just added to the challenge of getting everything moved.

Celebrating Success Today

While I still might have some problems to work through with this, I have enabled the last site on the new server and am celebrating success today. This WordPress permalinks problem was quite a challenge, but thanks to the posts by many other people on the Internet (such as Ansh at Webloggerz.com), I was able to resolve it and the other problems I faced with this move.  I might be quiet for a couple of days, but I’m doing well.

The post WordPress Permalinks Problem and Solution appeared first on Get Certified Get Ahead by Darril.

Social Engineering Phone Tactics

Do you recognize the social engineering phone tactics commonly used by criminals today? The criminals are active and they continue to evolve their tactics.

Contacted by Security Expert

I had an interesting phone call earlier today. I didn’t recognize the phone number, but the name was “Alberta.” I later verified the area code (780) was from Alberta Canada.

A guy with a foreign accent identifying himself as a security expert called. He said he was working for some company with “Secure” in its name, and they noticed that my computer was sending out errors.

It sounded like a scam, but I played along.

He stressed a couple of times that they deploy and support Windows systems. I remembered an old scam where someone called unsuspecting users saying they were from Microsoft. They used a similar line to establish credibility and raise alarm in the user.

Viewing Errors

To verify that the errors were coming from my computer, he guided me through the process of opening a program called Event Viewer.

He helped me find the CTRL key on my keyboard, then the Windows key, and had me open the Run window by pressing the Windows Key + R. He then had me type letters one at a time. “E as in Edward” he said. “V as Victor” and so on until I had finally typed “eventvwr”. Once he verified I typed the correct letters, he had me click OK.

Next, he guided me to the Administrative Events node that looked something like this.

If you don’t know what this is, it can be pretty scary will all these red errors.

He had me describe what I saw and eventually said “Oh my God!” with the voice of a well-seasoned actor. He explained that this was a clear indication that my computer was seriously infected. He said that his company detected about 1000 errors but they had no idea that my computer was so heavily infected.

Not Serious Errors

As a side note, these errors are not serious and do not indicate the system is infected. This is just a special view used by administrators to focus on error and critical events. Any system will have some errors. Depending on how old the system is and how big the logs are, it can easily show hundreds or even thousands of events.

My Lucky Day

After seriously explaining how much trouble I was in with my computer, he then added a smile to his voice and said “But this is your lucky day. I’m going to help you.”

He offered to guide me through the process of fixing my computer before it was permanently damaged.

Once I agreed, he had me open up the Run window again. Next, he had me type in a web site address within Run window.

He followed through with the full address of a website, which I don’t want to repeat here. He then told me to press OK.

This is where I stopped. I didn’t click OK.

I tried to get him to answer some questions but he was very evasive. Eventually, I heard a click. My “lucky day” experience with the social engineering criminal was over.

What If I Clicked OK

If I clicked OK after entering the website address, it would have opened my web browser and taken me to that site.

I haven’t investigated the site, but I have no doubt it is malicious. It might have included a driveby download that would have tried to download and install a virus on my system without any other action by me.

More than likely, I’m betting he would have guided me through the process of downloading and installing a Trojan horse onto my computer. He probably would have explained that this program would help me rid my computer of these nasty viruses.

It’s called a Trojan horse (after the famed Trojan horse of Greek mythology) because it appears to be something useful but instead is malicious. In this case, he might have guided me through the process of installing a program he would describe as antivirus software. Instead, it would give him or other criminals full access to my computer from any Internet location.

After installing the software, they might copy all of my files, and scanned them for something useful. Some users store all their passwords in a file named Passwords, and place it on their Windows desktop. The criminals will quickly find this file.

The Trojan might include a keylogger to capture my keystrokes. When I accessed a banking site, the keylogger would capture my username and password, and later email the data to the criminals. In time, they would simply empty all my banking accounts.

It would probably add my computer to one of the hundreds of botnets around the world. The criminals would then use my computer to send spam or possible help in the attack of other computers.

Criminal Social Engineering Phone Tactics

From a psychology perspective, this criminal used several common ploys.

1. Built credibility. He tried to show credibility as he mentioned his company and by using keywords like security and Windows.
2. He had me find the errors. He wasn’t just asking me to believe him. Instead, I typed in the commands and saw the errors.
3. Good acting skills. He sounded genuinely surprised and even used some soft swear words. He changed the tone, brought warmth into his voice, and offered to help.
4. Used unfamiliar tasks. He had in the web address in the Run windows instead of in a web browser. Some users might be suspicious if they were asked to go to a web site. However, opening the web site from the Run window might seem less dangerous. It is a little more technical so it could easily distract an uneducated user. 

While talking to him, I could hear a lot of voices in the background. They sounded quite busy as though dozens of phone operators were going through the same script with others. Unfortunately, I’m sure that some people would be fooled by these skilled criminals.

The only thing that stops them is educated users.

Hopefully, you’re educated about these tactics.

Would your family members recognize them? Would your friends?

If not, let them know.

The post Social Engineering Phone Tactics appeared first on Get Certified Get Ahead by Darril.

Save 50% on *All* Ebooks from Microsoft Press

In celebration of TechEd, happening now in New Orleans, you can save 50% on all ebooks from Microsoft Press through shop.oreilly.com. Whether you’re learning A+, CISSP, PowerShell 3.0, or deep into Windows Server 2012, or just about any other IT topic, you can  save now on the titles that will make your job easier.

Ebooks from shop.oreilly.com are DRM-free. You get free lifetime access, multiple file formats, and free updates. Sync with Dropbox — your files, anywhere.

Use discount code CFTECH - Deal expires June 7, 2013 at 5:00am PT, and cannot be combined with other offers. Offer does not apply to Print, or “Print & Ebook” bundle pricing.

Here are some books you can get in this promotion.

CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802)

Ace your preparation for the CompTIA A+ Exams 220-801 and 220-802 with this 2-in-1 Training Kit from Microsoft Press®. Work at your own pace through a series of lessons and practical exercises, and then assess your computing technology skills with the online practice test—featuring multiple, customizable testing options to meet your specific needs.

Your Training Kit includes:

• In-depth coverage of all 10 CompTIA domains in Exams 220-801 and 220-802
• Instructive case studies to enhance your performance on the job
• Online practice tests to help you assess your exam readiness
• The entire Training Kit in searchable eBook format

http://shop.oreilly.com/product/0790145335333.do

If you want a paperback copy, you can get it here: CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802).

This book is getting great reviews on Amazon. Here are some comments.

Was the only resource I needed

If you have a background in PC hardware and already know your way around and computer, then this should be all you really need to be able to pass the exams.

From the arrival of the book, to taking the tests took only 3 weeks until I felt I was prepared enough. Really, a good piece of reference material to pick up and keep.

Great Tool for Certification or Refresher

I’ve worked as a computer technician for about eight years, getting my A+ certification just prior to being hired and re-certifying as part of a company-wide training curriculum a couple years later. When I’m not studying for something new, I like to pick up a study guide for one of the basic certifications as a refresher. Mike Meyers got me through my actual certifications and up until now he has been, without question, my favorite author on the subject. Darril Gibson will be my first choice from now on.

Terrific and Exhaustively Complete Test Prep

If you’re going to prep for this test, I cannot imagine a better resource than this book.

Personally, I found the following topics very well-handled: Understanding the File Systems, Expansion Cards and Peripherals, and Configuring Windows.

Excellent resource for CompTIA A+

This book is really pleasant to read and learn from. At first I took cbtnuggets.com videos for CompTIA A+ and I am really happy I did it. 95% of the info you need its there but sometimes you need some more specific info on particular subjects like how basses work, clock speeds etc. This book can fill this gap and at the same time it will be really enjoyable to read because of the clear and concise writing approach that the author uses. One more advantage is that it covers all new topics CompTIA A+ has included like Mobile Devices Chapter.

CompTIA A+ Rapid Review

Assess your readiness for CompTIA A+ Exams 220-801 and 220-802—and quickly identify where you need to focus and practice. This practical, streamlined guide walks you through each exam objective, providing “need to know” checklists, review questions, tips, and links to further study—all designed to help bolster your preparation.

http://shop.oreilly.com/product/0790145349637.do

If you want a paperback copy, you can get it here: CompTIA A+ Rapid Review (Exam 220-801 and Exam 220-802) .

This book is intended to be a late stage review book and can be used as a supplement to the CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802).

CISSP Rapid Review

Assess your readiness for the CISSP Exam—and quickly identify where you need to focus and practice. This practical, streamlined guide provides objective overviews, exam tips, “need-to-know” checklists, review questions, and a list of valuable resources—all designed to help evaluate and reinforce your preparation.

http://shop.oreilly.com/product/0790145349200.do

If you want a paperback copy, you can get it here: CISSP Rapid Review.

This book is intended to be a late stage review book and can be used as a supplement to the CISSP: Certified Information Systems Security Professional Study Guide.

Ebooks from Microsoft Press Summary

Save 50% on all ebooks from shop.oreilly.com with discount code CFTECH. This deal expires  June 7, 2013.

The post Save 50% on All Ebooks from Microsoft Press appeared first on Get Certified Get Ahead by Darril.

Security+ Forensic Performance Based Question

If you’re planning to take the Security+ exam you can expect to see some performance based questions and you might even see a Security+ forensic performance based question. Performance based questions expect you to perform some action rather than simply answer a multiple choice question.

While the performance based questions are new, the actual Security+ objectives haven’t changed since the SY0-301 objectives were first released. Some of the objectives use active words such as “Implement,” “Execute,” and “Analyze,” and CompTIA is using performance based questions to test candidates for many of these objectives.

One of the objectives that can easily be used in a Security+ forensic performance based question is this:
2.3 Execute appropriate incident response procedures

• Basic forensic procedures
  • Order of volatility

Sample Security+ Forensic Performance Based Question

As an example, you might see a question such as this:

Q. Organize the following list in the correct order based on each item’s volatility. List the items from most volatile to least volatile.

Do you know the correct order? The answer and explanation is included later in this blog.

Order of Volatility

Order of volatility refers to the order in which you should collect evidence. “Volatile” doesn’t mean it’s explosive, but rather that it is not permanent. In general, you should collect evidence starting with the most volatile and moving to the least volatile.

Many forensic tools include the ability to capture volatile data. Once it’s captured, experts can analyze it and gain insight into what the computer and user were doing. You might not be the forensic expert capturing and analyzing the data, but you certainly don’t want to be the technician that destroyed it. With this in mind, you should know the order of volatility of data and what you can do to protect evidence.

A processor can only work on data in random access memory (RAM), so all the data in RAM indicates what the system was doing. This includes data a user has been working on, system processes, network processes, application remnants, and much more. All of this can be valuable evidence in an investigation, but the evidence is lost when the computer is turned off. Because of this, it is important to realize you shouldn’t power a computer down if it’s suspected to be involved in a security incident.

Data worked on by the central processing unit (CPU) is held in the CPU cache. A system has less cache than regular RAM so data in cache is more likely to be overwritten sooner than data in regular RAM. In other words, the CPU cache is more volatile than regular RAM and should be collected first if possible.

In contrast, data on hard disk drives (HDDs) remains on the HDD even after powering a system down. This includes any files and even low-level data such as the master boot record on a disk.

While a computer is running, it maintains a paging file (also called a swap file) as an extension of memory. The paging file is stored on the HDD so it is less volatile than RAM. However, the paging file is rebuilt after rebooting a computer so it is more volatile than regular files stored on a HDD.

Any data stored on a remote system is less volatile than data stored directly on a computer. As an example, many servers send log files to remote systems for centralized collection. Even if the original computer is completely destroyed, these log files are still available.

Last, data stored on archive media such as backup tapes of optical media is the least volatile. This data is offline and much less likely to be destroyed or corrupted than any online data.

The order of volatility from most volatile to least volatile is:

1. Data in RAM, including CPU cache and recently used data and applications
2. Data in RAM, including system and network processes
3. Swap files (also known as paging files) stored on local disk drives
4. Data stored on local disk drives
5. Logs stored on remote systems
6. Archive media

Answer Security+ Forensic Performance Based Question

Q. Organize the following list in the correct order based on each item’s volatility. List the items from most volatile to least volatile.

You would need to use the testing interface to organize the items in the correct order. For example, you might need to drag and drop them so that they are in the correct order. The correct order is:

Explanation

1. Cache – Cache memory is more temporary than regular RAM. This includes central processor (CPU) cache or any other type of cache used in the system. It typically includes recently used data and information used by applications. It is more volatile than regular RAM because a system has significantly less cache memory than regular RAM so it will likely be overwritten quicker than regular RAM.
2. RAM – RAM is slightly less volatile than cache memory. It can include information used by the system and network processes. It will be lost if the system is powered down (as will the cache memory).
3. Paging file – This is also known as the swap file. It is an extension of RAM but it is stored on the hard drive. The paging file is rebuilt each time the system is rebooted so it is more volatile than regular data stored on a hard drive.
4. HDD – Data stored on a hard disk drive (HDD) is semi-permanent. It remains on the hard drive even after the system is powered down and rebooted.
5. Logs stored on remote systems – Any data stored on a remote system is less volatile than data stored on the target system. For this reason, many servers send log data to a remote system for centralized collection. Even if the server is completely destroyed, the centralized logs still have key data.
6. Archive media – This includes any types of backups or copies of data captured for either recovery or archive purposes. They are generally offline and less likely to be destroyed or corrupted. For example, backup tapes and DVDs can be used as archive media.

Performance Based Question Blogs

• CompTIA Performance Based Testing
• Security+ and Performance Based Questions
• Security+ WAP Performance Based Questions
• CompTIA Testing Changes

Other Security+ Resources

• CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
• Security+ Audio Files
• Kindle Version of Security+ Study Guide
• Security+ Practice Test Questions for Your Mobile Phone

Security+ Forensic Performance Based Question Summary

You can expect to see some performance based questions on the Security+ exam and you might even see a Security+ forensic performance based question related to order of volatility. While these are different froma typical multiple choice question, you can still answer them correctly as long as you know the content. The information from this blog was derived from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide.

The post Security+ Forensic Performance Based Question appeared first on Get Certified Get Ahead by Darril.

Network+ Tools

If you’re preparing for the Network+ exam, you can expect to see some questions related to Network+ tools.  This includes:

• Command line tools such as ipconfig/ifconfig, ping, tracert/traceroute, nslookup, dig, arp, netstat, route, and nbtstat.
• Hardware tools such as cable testers, cable certifiers, crimpers, butt sets, toner probes, punch down tools, loop back plugs, TDRs, OTDRs, mulimeters, and environmental monitors.
• Common cable problems and information on how to troubleshoot them using many of these tools.

A new Get Certified Get Ahead Kindle Short is now available. The CompTIA Network+: Tools (A Get Certified Get Ahead Kindle Short) covers all of these tools and will help you master the following Network+ objectives:

• 3.6 Given a scenario, troubleshoot common physical connectivity problems.
• 4.2 Given a scenario, use appropriate hardware tools to troubleshoot connectivity issues.
• 4.3 Given a scenario, use appropriate software tools to troubleshoot connectivity issues.

Network+ Tools Practice Test Questions

Test your readiness with 60 realistic practice test questions in this Kindle short. Each question includes in-depth explanations so that you’ll know why the correct answer is correct and why the incorrect answers are incorrect. Here are two sample practice test questions from this Network+ tools Kindle Short.

1. You are troubleshooting connectivity issues with a Unix server and want to determine if it has valid IP address. What command would you use?

A. Ipconfig

B. Ifconfig

C. Ping

D. Arp

Answer at end of blog

2. Of the following choices, what is the BEST tool to verify a POTS line has a valid tone at the IDF?

A. Butt set

B. Toner probe

C. Punch down tool

D. Cable certifier

Answer at end of blog

Network+ Tools Chapter

This Kindle Short will be part of the full CompTIA Network+ Get Certified Get Ahead Study Guide written in the same style as the top selling CompTIA Security+: Get Certified Get Ahead Study Guide. It includes the following sections:

• Introduction. Full description of the Network+ exam letting you know what you can expect when you take it. The introduction includes a section on the question types you can expect including information on the performance based questions.
• Assessment questions. An 18-question assessment exam with realistic practice test questions to help you assess your understanding of key topics. All questions have in-depth explanations and this Kindle Short covers the content in more depth.
• Full chapter: “Using Tools and Troubleshooting Networks.” A full chapter covering command line tools, hardware tools, software tools, and how to identify and troubleshoot common cable problems. The chapter includes “Remember This” text boxes throughout to help you focus on what you need to know for the exam.
• Exam review. Review key testable information with this concise review section.
• End of chapter practice test questions. 25 realistic practice test questions at the end of the chapter. Use these questions to test your understanding of the objectives covered in this eBook. The explanations help you master the content so that you can answer questions on the live exam no matter how CompTIA words them.
• Practice questions. 17 more realistic practice test questions in an end of book practice exam. As with all other questions in this Kindle Short, these questions include in-depth explanations.
• Acronym list. An acronym list covering all of the acronyms in this eBook plus many more needed for the Network+ exam.

All this for only $2.99. If you have a Kindle and Amazon Prime, you can get it for free from the Kindle Owner’s Lending Library. If you don’t have Amazon Prime, you can sign up for their 30-day free trial here.

If you don’t have a Kindle, you can download free reading apps for just about any device from here.

More Kindle Shorts

You can use this Kindle Short along with other Kindle Shorts in the Get Certified Get Ahead Kindle Short series to focus your preparation for the Network+ exam.

• OSI. CompTIA Network+: OSI Topics (A Get Certified Get Ahead Kindle Short) covers the OSI and TCP/IP Model objectives for the Network+ exam. It includes a full chapter on OSI and TCP/IP model topics and practice test questions to test your comprehension of these topics. Only $2.99.
• Wireless. CompTIA Network+: Wireless Topics (A Get Certified Get Ahead Kindle Short) covers the wireless objectives for the Network+ exam. It includes a full chapter on Wireless topics and 55 practice test questions to test your comprehension of these topics. Only $2.99.

Over 275 realistic practice test questions available in the
CompTIA Network+ N10-005: Practice Test Questions (Get Certified Get Ahead)Kindle book.
Only $9.99.
Free Kindle apps available for any platform.

Can You Identify These Tools?

You should be able to match pictures with tool names on the Network+ exam. The pictures in the following table are from this Kindle Short. Can you name them?

1)	2)
3)	4)

Here’s a hint. The objectives expects you to know about the following hardware tools:  cable tester, cable certifier, crimper, butt set, toner probe, loop back plug, TDR, OTDR, multimeter, or environmental monitor?

Network+ Tools Practice Test Question Answers

1. You are troubleshooting connectivity issues with a Unix server and want to determine if it has valid IP address. What command would you use?

A. Ipconfig

B. Ifconfig

C. Ping

D. Arp

B is correct. You would use the ifconfig command on Unix/Linux-based systems to view TCP/IP configuration information. You would use ipconfig on Windows systems to provide similar information. Ping checks connectivity between systems. Arp shows media access control (MAC) addresses that the system has mapped to IP addresses.

2. Of the following choices, what is the BEST tool to verify a POTS line has a valid tone at the IDF?

A. Butt set

B. Toner probe

C. Punch down tool

D. Cable certifier

A is correct. You would use a butt set to troubleshoot phone issues including issues related to a plain old telephone service (POTS) line terminated at an intermediate distribution frame (IDF). A valid tone on a phone line is a dial tone. You can use a toner probe to help you locate a cable terminated at an IDF but it is not the best choice to verify a POTS line has a valid dial tone. Punch down tools secure cables to a frame. Cable certifiers verify the integrity and operation of a cable.

More Network+ Resources

If you’re studying for the Network+ exam and want to pass the first time you take it, check out these resources:

• CompTIA Network+ N10-005 Practice Test Questions (Get Certified Get Ahead)
• Practice test questions for your mobile device
• CompTIA Network+ Wireless Topics (A Kindle Short)
• CompTIA Network+ OSI Topics (A Kindle Short)

Summary

If you’re preparing for the Network+ exam, you should know the Network+ tools. This includes both software-based command line tools, and hardware-based tools. The CompTIA Network+: Tools (A Get Certified Get Ahead Kindle Short) covers all of these tools and will help you master these Network+ tools objectives so that you can pass the Network+ exam the first time you take it.

The post Network+ Tools appeared first on Get Certified Get Ahead by Darril.

Network+ WAP Performance Based Questions

If you’re planning on taking the Network+ exam you can expect to see some Network+ WAP performance based questions. These questions expect you to know how to configure a wireless access point (WAP). Even if you’ve done it once or twice, it might not be fresh in your mind so it’s good to review the topics.

Networks commonly use wireless access points (WAPs) and configuring security with them is an important skill to have. CompTIA stresses this on both the Network+ and Security+ exams. You should be able to configure basics such as:

• Change the SSID
• Enable/disable SSID broadcast
• Enable MAC address filtering
• Configure security such as WPA and WPA2
• Configure WPA/WPA2 Enterprise

Ideally, you should get your hands on a WAP or a wireless router used in many homes and small offices home offices (SOHOs). They are easily accessible and aren’t expensive. The experience configuring it is valuable for on the job and the exam.

The following sections show how to configure a Cisco M20 wireless router. All devices aren’t exactly the same, but you’ll find similar settings if you click around.

Accessing the Administration Page

Wireless access points have web pages you can use to configure settings. You can access the administration pages by entering the IP address of the access point into the web browser. The IP address of most access points is either 192.168.1.1 or 192.168.0.1.

After entering the IP address, you’re prompted to enter the name and password for the administrator account. These also have defaults such as “admin” for the administrator account and “admin” for the password but it is highly recommended to change the defaults.

Network+ WAP Performance Based Questions - Change the SSID

The service set identifier (SSID) is the name of the network.  It is a case sensitive string of up 32 characters. Devices come with a default SSID and it’s recommended to change the SSID from the default as a best practice.

The following figure shows the basic setting for SSID. On this WAP, you have to select the Wireless main menu and the Basic Wireless Settings submenu.  You then enter the desired network name for in the Network Name (SSID) text box. In the figure, I used the SSID of MyHomeWAP but any name with 32 characters can be used.

Network+ WAP Performance Based Questions - Enable/Disable SSID Broadcast

You can hide a wireless network from casual users by disabling SSID broadcast and a performance based question might require you to select one of these settings. The following figure shows how this is done on a sample access point.

It’s important to realize that even if you disable SSID broadcast, attackers can still discover the SSID with a wireless sniffer. In other words, disabling SSID broadcast doesn’t provide any real security. You can read more about in the  Disable SSID Broadcast or Not? blog.

Enable MAC Address Filtering

Another configuration you might need to implement for Security+ WAP performance based questions is media access control (MAC) address filtering. The MAC address is assigned to the network interface card (NIC) when it is manufactured and you can use it to identify specific devices. When used within a MAC address filter, you can restrict access to the wireless network to specific devices based on their MAC address.

As an example, the following figure shows a MAC address filter configured on a wireless access point.  You can see that it is enabled and configured to “Permit PCs listed below to access the wireless network.” The wireless client list includes five MAC addresses. Devices with these MAC addresses will be allowed access to the network, but other devices will be blocked.

This setting isn’t restricted to only PCs. Any wireless device has a MAC address including tablet devices and smartphones.

You can also configure a MAC address filter to block specific devices. For example, if your neighbor is using your access point to access the Internet, you can block his system using his MAC address. You would select the first setting “Prevent PCs listed below from accessing the wireless network” and enter the MAC address of his system.

Network+ WAP Performance Based Questions -

Configure Security Such as WPA and WPA2

You also need to know how to configure basic security setting such as Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access version 2 (WPA2). You can typically select the appropriate setting from a drop down box and then enter the appropriate passphrase. The settings entered on the access point must be used on all devices that connect to the access point.

The following figure shows these settings.

Configure WPA/WPA2 Enterprise

Both WPA and WPA2 operate in either Personal or Enterprise modes. Most home and small business networks use Personal mode using a passphrase or password.

Larger enterprises add additional security to WAPs with WPA Enterprise or WPA2 Enterprise.  Enterprise mode provides additional security by adding an authentication server and requiring each user to authenticate through this server. Authentication requires all users to prove their identities and a common way authentication is accomplished is with a username and password. A user claims an identity with a username and proves the identity with a password.

Enterprise mode requires an 802.1x server typically configured as a Remote Authentication Dial-In User Service (RADIUS) server, which is configured separately from the access point. The RADIUS server has access to the user’s authentication credentials and can verify when a user has entered authentication information correctly.

The following figure shows the configuration for an access point using WPA2 Enterprise. After selecting WPA2 Enterprise from the drop down box, the  selections change. You then need to enter the IP address of the RADIUS server and the shared secret configured on the RADIUS server. The default port for RADIUS is 1812 and you only need to change this if the RADIUS server is using a non-default port.

Other Network+ Resources

• CompTIA Network+ N10-005 Practice Test Questions (Get Certified Get Ahead)
• CompTIA Testing Changes
• CompTIA Performance Based Testing
• Network+ Performance Based Questions
• Network+ Practice Test Questions for Your Mobile Phone

Kindle Shorts

I’m writing chapters on the Network+ exam and publishing them as Kindle Shorts. So far, I have published two:

• CompTIA Network+ Wireless Topics (A Kindle Short). Comprehensive coverage of the Network+ objectives related to wireless. Includes 55 realistic practice test questions with in-depth explanations.
• CompTIA Network+ OSI Topics (A Kindle Short). A simplified view of the OSI and TCP/IP models to give you exactly what you need to pass them on the exam. Includes realistic practice test questions with in-depth explanations.

Practice Test Questions for your Mobile Device

Instead of the Kindle book, you can purchase these questions for your mobile device. I’ve partnered with Learnzapp and they have published several apps for a variety of different platforms.

Network+ WAP Performance Based Questions Summary

You can expect to see some Network+ WAP performance based questions on the Network+ exam. These questions expect you to know how to configure a wireless access point (WAP) including the SSID, MAC address filtering, and security settings such as WPA2 Personal or WPA2 Enterprise.

The post Network+ WAP Performance Based Questions appeared first on Get Certified Get Ahead by Darril.

Network+ Practice Test Questions Book Update

I just updated the Network+ Practice Test Questions book (CompTIA Network+ N10-005 Practice Test Questions (Get Certified Get Ahead)).

Some of the changes are minor text issues to correct typos. However, a much bigger change is the addition of a section on performance based questions. It provides a list of the different types of performance based questions you might see along with some examples.

I also modified the labels of the different sections for each chapter, hopefully to make them clearer.

• Quiz mode section. It shows a practice test question on one screen so that you can focus on only the question without seeing the answer. When you decide what you think is the correct answer, go to the next Kindle screen to see if you’re correct. 
• Flash cards section.  One Kindle screen shows a flash card type question and the next Kindle screen shows the answer. If the flash card question or answer includes an acronym, it is spelled out on the answer screen.
• Practice test mode section. This section repeats the questions in the Quiz Mode section but it doesn’t have the correct answers and explanations readily available. This allows you to go through all of the questions in the section without seeing the answers as you go through them. Use this section to test your readiness. Ideally, you should be able to look at the answers and know why the correct answer is correct, and why the incorrect answers are incorrect. Don’t worry if you’re not sure though. The next section repeats the question with the full answer and explanation.
• Review mode section. This section repeats the questions from the practice test mode section but also includes the answers on the same screen.

Each chapter includes all four sections and you can use one of the sections to study from, or all of them.

Performance Based Question Links

This page includes links to multiple Network+ blogs I’ve written. It also includes a section titled Network+ Performance Based Questions with these links:

• CompTIA Testing Changes
• CompTIA Performance Based Testing
• Network+ Performance Based Questions
• Security+ WAP Performance Based Questions

Kindle Shorts

I’m also writing chapters on the Network+ exam and publishing them as Kindle Shorts. So far, I have published two:

• CompTIA Network+ Wireless Topics (A Kindle Short)
• CompTIA Network+ OSI Topics (A Kindle Short)

Practice Test Questions for your Mobile Device

Instead of the Kindle book, you can purchase these questions for your mobile device. I’ve partnered with Learnzapp and they have published several apps for a variety of different platforms.

The post Network+ Practice Test Questions Book Update appeared first on Get Certified Get Ahead by Darril.

Performance Based Question Winner

Congratulations to Alan Brown, the Performance Based Question winner on the Get Certified Get Ahead Facebook page. He correctly identified the link page to the blog on Security+ performance based questions.

I was originally going to give away a copy of the new A+ Rapid Review book but Alan recently completed his Security+ exam. I gave him some options and he chose the SSCP Systems Security Certified Practitioner All-in-One Exam Guide instead. My wife got the book into the mail today.

Performance Based Questions

CompTIA only recently starting adding these to the Security+ exam and I’m occasionally hearing from people that are surprised by the performance based questions. I have done a few things to try to raise the awareness of these including:

• Wrote several blogs on them
• Tweeted information on them
• Included information about them in my Get Certified Get Ahead newsletter
• Included a section about them on my main Get Certified Get Ahead page including links on my Contact page

This contest on the Get Certified Get Ahead Facebook page was another attempt to raise the awareness of these questions.

Ideally, I could update the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide with information on these but with the new SY0-401 Security+ exam on the horizon it just isn’t feasible to update it. Thankfully, the study guide covers all of the content that are testable by these types of questions. It just doesn’t talk about anything other than multiple choice questions.

If you know someone that will be taking the Security+exam, make sure that they are a performance based question winner too.  Tell them about the blogs that cover them so that they won’t be surprised.

The post Performance Based Question Winner appeared first on Get Certified Get Ahead by Darril.

Security+ Practice Test Question

Here’s a Security+ Practice Test Question I posted this week on my Get Certified Get Ahead Facebook page.

Q. What is the difference between a worm and a virus?

A. A worm is self-replicating but a virus isn’t self-replicating.

B. A virus is self-replicating but a worm isn’t self-replicating.

C. A virus runs in response to an event such as a date, but a worm runs on its own schedule.

D. A worm runs in response to an event such as a date, but a virus runs on its own schedule.

Do you know the answer? More, do you know why the correct answer is correct and why the incorrect answers are incorrect?

Free Security+ practice test questions like this are posted on the Get Certified Get Ahead Facebook page on Thursdays. Each week, you’ll see a new Security+ practice test question along with the answer to the previous week’s Security+ practice test question.

A+ practice test questions are posted on Tuesdays.

Network+ practice test questions are posted on Wednesdays.

Are You Ready for the Security+ Exam?

People commonly use practice test questions when preparing for any certification, and as a final step to ensure they are ready. Practice test questions are great to help you take your understanding to a deeper level and to test your ability to pass the exam the first time you take it.

Be careful though. Some people try to memorize questions and answers but this isn’t helpful. CompTIA can slightly modify the answer making the original answer incorrect. If you’ve only memorized the question and answer you won’t be able to answer the modified question correctly.

Ideally, you should be able look at any practice test question and know definitively why the correct answers are correct and why the incorrect answers are incorrect.  This way, you can answer the live questions correctly no matter how CompTIA words them.

Security+ Practice Test Question Resources

If you’re pursuing the Security+ certification, check out these additional resources:

• CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide. This book provides full coverage of the CompTIA Security+ objectives and includes over 450 realistic practice test questions with in-depth explanations. Available as a paperback and in a $9.99 Kindle version.
• CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions.If you only want to test your comprehension with practice test questions, this book has what you need. It includes 275 realistic practice test questions with in-depth explanations Available as a paperback and in a $9.99 Kindle version.
• Practice test questions for your mobile devices. The Security+ app includes the practice test questions and flash cards you can use to test your comprehension. You can also access these from Apple’s App store by searching on LearnZapp or on Google Play.
• Security+ blog links. A listing of over 50 blogs related to the Security+ exam organized by categories.
• Security+ performance based questions. These are new but don’t let them surprise you. This blog gives you details on these types of questions to help you prepare for them. Several other blogs on performance based questions are linked from the Security+ blog links page.
• Audio of key information from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide. Learn by listening.

Security+ Practice Test Question Summary

Check out the Get Certified Get Ahead Facebook page for free practice test questions on A+, Network+, and Security+ exams. Each week you’ll see a new practice test question. You’ll also see the question from the previous week repeated with the answer and an explanation.

	Apps for your mobile devices by LearnZapp

The post Security+ Practice Test Question appeared first on Get Certified Get Ahead by Darril.