Show Menu

CompTIA ITF+ Exam Objectives Cheat Sheet by

This cheatsheet is organised according to the exam objectives/map from the CompTIA website

1.1 Compare and contrast notational systems.

Data type support 1-bit storage, repres­­enting FALSE and TRUE
Boolean logic is a statement that resolves to a true or false condition and underpins the branching and looping features of computer code.
Notational system with 16 values per digit. Values above 9 are repres­­ented by the letters A,B,C,­­D,E,F.
Hex is a compact way of referring to long byte values, such as MAC and IPv6 addresses.
Data type supporting storage of floating point numbers (decimal fracti­­ons).
7-bit code page mapping binary values to character glyphs
Standard ASCII can represent 127 charac­­ters, though some values are reserved for non-pr­­inting control charac­­ters.
Extensible system of code pages capable of repres­­enting millions of character glyphs, allowing for intern­­at­ional alphabets.

1.2 Data types and their charac­ter­istics

Data type supporting storage of a single character.
Data type supporting storage of a variable length series of charac­­ters.
Data type supporting storage of whole numbers.
Data type supporting storage of floating point numbers (decimal fracti­­ons).
Data type support 1-bit storage, repres­­enting FALSE and TRUE
Boolean logic is a statement that resolves to a true or false condition and underpins the branching and looping features of computer code.

1.3 Basics of computing and proces­sing.

the computer receives data entered by the user through peripheral devices, such as mice, keyboards, scanners, cameras, and microp­hones.
the data is written to memory and manipu­lated by the CPU, acting on instru­ctions from the operating system and applic­ations software.
the processed data is shown or played to the user through an output device, such as a monitor or loudsp­eaker system.
the data may be written to different types of storage devices, such as hard disks or optical discs, because data stored in most types of system memory is only preserved while the computer is powered on.
Additi­onally, most computers are configured in networks, allowing them to exchange data. You can think of networking as a special class of input and output, but it is probably more helpful to conceive of it as a separate function.

1.4 Vallue of data and inform­ation

Data and inform­ation as assets
For organi­sat­ions, computer data can be considered an asset
An asset is something of commercial value
Investing in security
A mechanism designed to protect an inform­ation asset or processing system is called a security control
they are designed to prevent, deter, detect, and/or recover from attempts to view or modify data without author­iza­tion.
can be costly, both in terms of purchasing hardware and software and in terms of more complex procedures and staff training.
Return on Security Investment (ROSI)
This is the calcul­ation made for the case of investing in security.
This is done by performing risk assess­ments to work out how much the loss of data would cost and how likely it is that data loss might occur.
The use of security controls should reuce the impact and likelihood of losses, justifying the investment made
Security Controls
ensure that you maintain copies of your data and that these copies can be quickly and easily accessed when necessary.
Access control
The control of access to stored data via:
assign permis­sions on data files to users and groups of users.
Usage restri­ctions
use rights management software to control what users can do with data files
Data encryption
data is encoded in some way that only a person with the correct key can read it

1.5 Common units of measure.

Data storage Units
The fundam­­ental unit of data storage is the bit (binary digit) which can represent 1 or 0
basic unit of computer data
can represent two values (zero or one)
8 bits
The first multiple of bits
Double byte
16 bits
KiloByte (KB)
1000 bytes
(or 103 or 101010 bytes)
Small files are often measured in KB.
MegaByte (MB)
1000 KB
1000*1000 bytes
(or 1,000,000 bytes)
Many files would be measured in megabytes.
GigaByte (GB)
1000 MB
100010001000 bytes
(1,000­,00­0,000 bytes)
Gigabytes are usually used to talk about disk capacity.
TeraByte (TB)
1000 GB
(1,000­,00­0,0­00,000 bytes)
ome individual disk units might be 1 or 2 terabytes but these units are usually used to describe large storage networks.
PetaByte (PB)
1000 TB
or 1015 bytes (1,000­,00­0,0­00,­000,000 bytes)
The largest storage networks and cloud systems would have petabytes of capacity.
Throughput Rate Units/­Tra­nsfer Rate
rate that a particular connection can sustain is measured in bits per second (bps)
The amount of data that can be transf­­erred over a network connection in a given amount of time, typically measured in bits or bytes per second (or some more suitable multiple thereof).
described variously as data rate, bit rate, connection speed, transm­­ission speed, or (sometimes inaccu­­ra­tely) bandwidth or baud
often quoted as the peak, maximum, theore­­tical value; sustained, actual throughput is often consid­­erably less.
Kbps (or Kb/s)
1000 bits per second
Older computer peripheral interfaces (or buses) and slow network links would be measured in Kbps.
Mbps (or Mb/s)
1,000,000 bits per second.
Many internal computer interfaces have throug­hputs measured in Mbps
Wireless networks and reside­ntial Internet links also typically have this sort of throug­hput.
Gbps (or Gb/s)
1,000,­000,000 bits per second
The latest PC bus standards and networks can support this higher level of throug­hput.
Tbps (or Tb/s)
1,000,­000­,00­0,000 bits per second
This sort of capacity is found in major teleco­mmu­nic­ations links between data centers, cities, and countries.
Throughput units are always base 10.
Processing Speed Units
A computer's internal clock and the speed at which its processors work is measured in units of time called Hertz (Hz). 1 Hz represents one cycle per second.
Megahertz (MHz)
1 million (1,000­,000) cycles per second.
Older PC bus interfaces and many types of network interfaces work at this slower signaling speed.
Gigahertz (GHz)
1000 million (1,000­,00­0,000) cycles per second.
Modern CPUs and bus types plus fiber-­optic network equipment work at these much faster speeds.

1.6 Explain the troubl­esh­ooting method­ology.

Troubl­esh­ooting is a process of problem solving. It is important to realize that problems have causes, symptoms, and conseq­uences. For example:
CompTIA Troubl­esh­ooting Model
1. Identify the problem:
Gather inform­ation.
Duplicate the proble­m(o­bserve as it occurs. via remote desktop, lab system or VM)
Question users (how, when, who, changes)
Identify symptoms.
Determine if anything has changed.
Approach multiple problems indivi­dually. - if problems related, treat each as a separate case. if related, check for outsta­nding support or mainte­nance tickets.)
2. Research knowledge base/I­nternet
observe in operation via remote desktop or in-person
View system, applic­ation, or network log files.
Monitor other support requests to identify similar problems
Unders­tanding the Problem
determine a theory of probable cause from analysis of the symptoms
3. Establish a theory of probable cause
Question the obvious.
Step through the process of using the system or applic­ation making sure that you verify even the simplest steps by questi­oning the obvious
Consider multiple approa­ches.
Divide and conquer( Using tests to helps you more quickly identify probable causes.)
Workar­ounds (provides a way for the user to continue to work with the system)
4. Test the theory to determine cause.
Once the theory is confirmed (confirmed root cause), determine the next steps to resolve the problem.
If the theory is not confirmed, establish a new theory or escalate.
establish a root cause for the problem
5. Establish a plan of action to resolve the problem and identify potential effects.
establish a plan of action to eliminate the root cause without destab­ilizing some other part of the system.
you need to determine whether the cost of repair­/time taken to reconf­igure something makes this the best option.
often more expensive and may be time-c­ons­uming if a part is not available. There may also be an opport­unity to upgrade the device or software.
as any software developer will tell you, not all problems are critical. If neither repair nor replace is cost-e­ffe­ctive, it may be best either to find a workaround or just to document the issue and move on.
6.Implement the solution or escalate as necessary.
Your plan of action should contain the detailed steps and resources required to implement the solution. As well as these practical steps, you have to consider the issue of author­ization
If applying the solution is disruptive to the wider network, you also need to consider the most approp­riate time to schedule the reconf­igu­ration work and plan how to notify other network users.
7. Verify full system functi­onality and, if applic­able, implement preventive measures.
identify the results and effects of the solution
Ensure that you were right and that the problem is resolved
Restate what the problem was and how it was resolved then confirm with the customer that the incident log can be closed.
To fully solve the root cause of a problem, you should try to eliminate any factors that may cause the problem to recur.
6. Document findin­gs/­lessons learned, actions and outcomes.
it is important that inform­ation about the problem, tests performed, and attempted resolu­tions are recorded
when a problem is resolved, a complete record exists docume­nting the symptoms, possible causes invest­igated, and the ultimate resolution

2.1 types of input/­output device interfaces

RJ (Regis­­tered Jack) Connector
Ethernet Connector
used for twisted pair cabling. 4-pair network cabling uses the larger RJ-45 connector.
2=pair cabling uses the RJ-11 connector.
Short-­­range radio-­­based techno­­logy, working at up to 10m (30 feet) at up to 1 Mbps used to connect periph­­erals (such as mice, keyboards, and printers) and for commun­­ic­ation between two devices (such as a laptop and smartp­­hone).
The advantage of radio-­­based signals is that devices do not need line-o­­f-­s­ight, though the signals can still be blocked by thick walls and metal and can suffer from interf­­erence from other radio sources operating at the same frequency (2.4 GHz)
Bluetooth Low Energy (BLE) is designed for small batter­­y-­p­o­wered devices that transmit small amounts of data infreq­­uently
BLE is not backwa­­rd­s­-­co­­mpa­­tible with "­­cl­a­s­si­­c" Bluetooth though a device can support both standards simult­­an­e­o­usly.
RFID (Radio Frequency Identi­­fi­c­a­tion)
A chip allowing data to be read wirele­­ssly.
NFC (Nearfield Commun­­ic­a­t­ions)
Standard for peer-t­­o-peer (2-way) radio commun­­ic­a­tions over very short (around 4") distances, facili­­tating contac­­tless payment and similar techno­­lo­gies.
NFC is based on RFID.
Peripheral devices
USB (Universal Serial Bus)
USB permits the connection of up to 127 different periph­­erals. A larger Type A connector attaches to a port on the host; Type B and Mini- or Micro- Type B connectors are used for devices.
USB 1.1 supports 12 Mbps while USB 2.0 supports 480 Mbps and is backward compatible with 1.1 devices (which run at the slower speed).
USB devices are hot swappable.
(Hot swappable: a device that can be added or removed without having to restart the operating system)
A device can draw up to 2.5W power.
USB 3.0 defines a 4.8 Gbps SuperSpeed rate and can deliver 4.5W power.
Firewire (IEEE 1394 Standard)
This serial SCSI bus standard supports high data rates (up to 400 Mbps) and this in turn, makes it attractive for applic­­ations requiring intensive data transfer (such as video cameras, satellite receivers, and digital media players).
Firewire is the brand name for the IEEE standard 1394.
interface was developed by Intel and is primarily used on Apple workst­­ations and laptops.
can be used as a display interface (like Displa­­yPort) and as a general peripheral interface (like USB 3).
Graphic Devices
VGA (Video Graphics Array) Connector
A 15-pin HD connector has been used to connect the graphics adapter to a monitor since 1987.
HDMI (High Definition Multimedia Interface)
High-s­­pe­c­i­fi­­cation digital connector for audio-­­video equipment.
Digital Visual Interface (DVI)
high-q­uality digital interface designed for flat-panel display equipment.
Single- or dual-l­ink­—du­al-link makes more bandwidth available. This may be required for resolu­tions better than HDTV (1920x­1200).
Analog and/or digita­l—DVI-I supports analog equipment (such as CRTs) and digital. DVI-A supports only analog equipment, and DVI-D supports only digital.
DVI has been superseded by HDMI and Displa­yPo­rt/­Thu­nde­rbolt but was very widely used on graphics adapters and computer displays.
royalt­y-free standard intended to "­com­ple­men­t" HDMI.
uses a 20-pin connector.
A DP++ port allows a connection with DVI-D and HDMI devices (using a suitable adapter cable)
mini Displa­yPort format (MiniDP or mDP)
developed by Apple and licensed to other vendors.
uses the same physical interface as Thunde­rbolt

2.2 Set up periph­erals

Plug-a­­nd­-Play (PnP)
A Plug-a­­nd­-Play system (compr­­ising a compatible BIOS, operating system, and hardware) is self-c­­on­f­i­gu­­ring.
A mouse can be interfaced using a PS/2, USB, or wireless (IrDA or Bluetooth) port.
Optical mouse—this uses LEDs to detect movement over a surface.
Laser mouse—this uses an infrared laser, which gives greater precision than an optical mouse.
essential device to implement a WIMP GUI, a mouse simply controls the movement of a cursor that can be used to select objects from the screen.
also feature a scroll wheel.
All Windows mice feature two click buttons, which are configured to perform different actions.
A standard mouse does not need a special driver installing and basic settings can be configured using the Mouse applet in Control Panel/­Set­tings
many different designs and layouts for different countries. Some keyboards feature special keys.
Desktop keyboards can have PS/2, USB, or wireless (IrDA or Bluetooth) interf­­aces
to access and configure extra buttons on some mice you will need to install the manufa­ctu­rer's driver.
When a hardware device is added or removed, the operating system detects the change and automa­­ti­cally installs the approp­­riate drivers
use the Keyboard applet in Control Panel to configure it.
Keyboard Region­ali­zation
can vary from country to country
type of keyboard layout is configured through the Language applet in Control Panel/­Setting
key combo (START­+SP­ACEBAR in Windows 10) can be used to switch between the different layouts(if enabled)

2.3 Internal computing components

provides the basic foundation for all of the computer's hardware including the processor, RAM, BIOS, and expansion cards.
BIOS (Basic Input/­­Output System)
The BIOS is firmware that contains programs and inform­­ation relating to the basic operation of PC components such as drives, keyboard, video display, and ports.
It also contains specific routines to allow set-up config­­ur­ation to be viewed and edited and it contains the self-d­­ia­g­n­ostic Power-On Self-Test (POST) program used to detect fundam­­ental faults in PC components
BIOS can also be used to secure components not protected by the OS by specifying a supervisor password (to prevent tampering with BIOS settings) and a user password (to boot the PC).
RAM (Random Access Memory)
Random Access Memory is the principal storage space for computer data and program instru­­ctions
RAM is generally described as being volatile in the sense that once power has been removed or the computer has been rebooted, data is lost.
ARM (Advanced RISC Machines)
Designer of CPU and chipset archit­­ec­tures widely used in mobile devices.
RISC stands for Reduced Instru­­ction Set Computing.
RISC microa­­rc­h­i­te­­ctures use simple instru­­ctions processed very quickly
This contrasts with Complex (CISC) microa­­rc­h­i­te­­ctures, which use more powerful instru­­ctions but process each one more slowly.
32-bit versus 64-bit
Processing modes referring to the size of each instru­­ction processed by the CPU. 32-bit CPUs replaced earlier 16-bit CPUs and were used through the 1990s to the present day, though most CPUs now work in 64-bit mode.
The main 64-bit platform is called AMD64 or EM64T (by Intel)
This platform is supported by 64-bit versions of Windows as well as various Linux distri­­bu­tions
Software can be compiled as 32-bit or 64-bit. 64-bit CPUs can run most 32-bit software but a 32-bit CPU cannot execute 64-bit software.
HDD (Hard Disk Drive)
High capacity units typically providing persistent mass storage for a PC (saving data when the computer is turned off).
Data is stored using platters with a magnetic coating that are spun under disk heads that can read and write to locations on each platter (sectors)
A HDD installed within a PC is referred to as the fixed disksA HDD installed within a PC is referred to as the fixed disks
HDDs are often used with enclosures as portable storage or as Network Attached Storage (NAS).HDDs are often used with enclosures as portable storage or as Network Attached Storage (NAS).
SD (Secure Digital) CardSD (Secure Digital) Card
One of the first types of flash memory card.
Solid State Drive (SSD)
use a type of transi­sto­r-based memory called flash memory and are much faster than HDDs.
Cooling Device
A CPU generates a large amount of heat that must be dissipated to prevent damage to the chip
Generally, a CPU will be fitted with a heatsink (a metal block with fins) and fan
Thermal compound is used at the contact point between the chip and the heatsink to ensure good heat transfer.
The PSU also incorp­­orates a fan to expel warm air from the system.
Modern mother­­boards have temper­­ature sensors that provide warning of overhe­­ating before damage can occur.
Very high perfor­­mance or overcl­­ocked systems or systems designed for quiet operation may require more sophis­­ti­cated cooling systems, such as liquid cooling.
Cooling systems that work without electr­­icity are described as passive; those requiring a power source are classed as active.
Liquid Cooling System
Using water piped around the PC and heatsinks for cooling.
This is more efficient and allows for fewer fans and less noise.
Graphics Processing Unit (GPU)
display functions are often performed by a dedicated processor
Displays high-r­eso­lution images that requires a lot of processing power, especially if the image changes rapidly, as with video, or uses compli­cated 3D and texture effects, as with computer games.
Video Card
Provides the interface between the graphics components of the computer and the display device.
A number of connectors may be provided for the display, including VGA, DVI, and HDMI.
Graphics adapters receive inform­­ation from the microp­­ro­c­essor and store this data in video RAM.
An adapter may support both analog and digital outputs or analog­­/d­i­gital only (as most LCDs use digital inputs the use of analog outputs is declin­­ing).
Most adapters come with their own processor (Graphics Processing Unit [GPU]) and onboard memory.
Network Adapter (NIC [Network Interface Card])
The network adapter allows a physical connection between the host and the transm­­ission media
A NIC can address other cards and can recognize data that is destined for it, using a unique address known as the Media Access Control (MAC) address
The card also performs error checking. Network cards are designed for specific types of networks and do not work on different network products.
Different adapters may also support different connection speeds and connector types.

2.4 Internet service types.

Fiber Optic
perform much better over long distances and are not affected by noise in the way that electrical signals over copper cable are.
Fiber to the Home (FTTH)
providing a fiber cable all the way to customer premises
requires substa­ntial investment by the telecom providers and is not widely available.
Fiber to the Curb (FTTC)
a compromise solution widely deployed in urban and some rural areas.
provider has installed a fiber network termin­ating at a cabinet somewhere in a nearby street
Each residence is connected to the fiber network over the ordinary copper telephone cabling using Very High Bit Rate DSL (VDSL)
Very High Bit Rate DSL (VDSL)
VDSL supports a downlink of up to 52 Mbps and an uplink of 16 Mbps at a distance of up to about 300m.
VDSL2 also specifies a very short range (100m/300 feet) rate of 100 Mbps (bi-di­rec­tio­nal).
The VDSL Internet modem/­router is connected in much the same way as an ADSL modem/­router.
Cable (Hybrid Fiber Coax)
usually provided as part of a Cable Access TV (CATV) service
These networks are often described as Hybrid Fiber Coax (HFC) as they combine a fiber optic core network with coax links to customer premises equipment
Coax is another type of copper cable but manufa­ctured in a different way to twisted pair.
The cable modem or modem/­router is interfaced to the computer through an Ethernet adapter and to the cable network by a short segment of coax, terminated using an F-conn­ector.
Cable based on the Data Over Cable Service Interface Specif­ication (DOCSIS) version 3.0 supports downlink speeds of up to about 1.2 Gbps.
Digital Subscriber Line (DSL)
one of the most popular SOHO Internet service types.
works over an ordinary telephone line, providing the line is of sufficient quality
modem/­router is connected to the telephone line using a cable with RJ-11 connectors between the WAN port on the router and the telephone point
Data is transf­erred over the line using the high frequency ranges that voice calls don't need to use.
ADSL (Asymm­etric DSL)
the uplink (up to about 1.4 Mbps) is slower than the downlink (up to about 24 Mbps)
The speeds achievable rely heavily on the quality of the telephone wiring and the distance to the local telephone exchange.
The maximum supported distance is about three miles.
RF (Radio Frequency)
Radio waves propagate at different freque­ncies and wavele­ngths.
Wi-Fi network products typically work at 2.4 GHz or 5 GHz
System of microwave transm­issions where orbital satellites relay signals between terres­trial receivers or other orbital satell­ites.
Satellite internet connec­tivity is enabled through a reception antenna connected to the PC or network through a DVB-S modem.
Cellular Radio
data connec­tions use radio transm­issions but at greater range than Wi-Fi.
more closely associated with Internet access for cell phones and smartp­hones than with computers.
makes a connection using the nearest available transm­itter (cell or base station).
ach base station has an effective range of up to 5 miles (8 km)
The transm­itter connects the phone to the mobile and public switched telephone networks (PSTN)
Cellular radio works in the 850 and 1900 MHz frequency bands (mostly in the Americas) and the 900 and 1800 MHz bands (rest of the world).
LTE (Long Term Evolution)
LTE is the cellular providers (3GPP) upgrade to 3G techno­logies such as W-CDMA and HSPA
LTE Advanced is designed to provide 4G standard network access.
developed in two competing formats, establ­ished in different markets:
GSM (Global System for Mobile Commun­ica­tio­n)-­allows subscr­ibers to use a SIM (Subsc­riber Identity Module) card
TIA/EIA IS-95 (cdmaO­ne)­-based handsets. managed by the provider not the SIM. CDMA adoption is largely restricted to the telecom providers Sprint and Verizon.

2.5 Storage types.

Volatile Memory
stores data and computer programs that the CPU may need in real-time, and it erases them once a user switches off the computer.
Dynamic RAM
RAM(Random Access Memory)
Non-Vo­latile Memory
Static memory - remains in a computer even after a user switches it off.
Local Storage Types:
RAM (Random Access Memory)
Random Access Memory is the principal storage space for computer data and program instru­ctions.
RAM is generally described as being volatile in the sense that once power has been removed or the computer has been rebooted, data is lost.
DRAM (Dynamic RAM)
Dynamic RAM is a type of volatile memory that stores data in the form of electronic charges within transi­­stors
Due to the effects of leakage and the subsequent loss of electrical charge, DRAM has to be refreshed at regular intervals.
Memory refreshing can be performed when the data bits are accessed regularly, but this periodic access slows down the operation of this memory type.
Standard DRAM is the lowest common denomi­­nator of the DRAM types.
Modern PCs use a DRAM derivative to store data (currently DDR2/3 SDRAM).
DDR SDRAM (Double Data Rate SDRAM)
Standard for SDRAM where data is transf­erred twice per clock cycle (making the maximum data rate [64+64] x the bus speed in bps).
DDR2/DDR3 SDRAM uses lower voltage chips and higher bus speeds
Flash Memory
Flash RAM is similar to a ROM chip in that it retains inform­ation even when power is removed, but it adds flexib­ility in that it can be reprog­rammed with new contents quickly.
has found a popular role in USB thumb drives and memory cards.
These tiny cards can provide removable, megabyte or gigabyte storage for devices such as digital cameras.
Other evolving uses of flash memory are in Solid State Drives (SSD), designed to replicate the function of hard drives, and hybrid drives (standard hard drives with a multig­igabyte flash memory cache).
Blu-ray (Optical)
Latest generation of optical drive techno­logy, with disc capacity of 25 GB per layer
Transfer rates are measured in multiples of 36 MBps.
CD-ROM (Compact Disc - Read Only Memory) (Optical)
optical storage technology
The discs can normally hold 700 MB of data or 80 minutes of audio data
useful for archiving material
Unlike magnetic media, the data on the disc cannot be changed (assuming that the disc is closed to prevent further rewriting in the case of RW media)
This makes them useful for preserving tamper­-proof records
UDF (Universal Disk Format)
File system used for optical media, replacing CDFS (ISO 9660).
Removable Media
In order to share files and programs, computers can either be connected to each other (across a direct link or via a network) or must be able store and retrieve files from an interim storage medium
The most common types of removable media are floppy disks and optical discs
However the term "­rem­ovable media" also covers tape drives, high capacity disks, and removable hard drives
HDD (Hard Disk Drive)­(St­atic)
High capacity units typically providing persistent mass storage for a PC (saving data when the computer is turned off)
Data is stored using platters with a magnetic coating that are spun under disk heads that can read and write to locations on each platter (sectors)
A HDD installed within a PC is referred to as the fixed disks. HDDs are often used with enclosures as portable storage or as Network Attached Storage (NAS)
SSD (solid­-state drive)
non-vo­latile storage media stores persistent data on solid-­state flash memory
signif­icantly faster
With an SSD, the device's operating system will boot up more rapidly, programs will load quicker and files can be saved faster.
has no moving parts to break or spin up or down. The two key components in an SSD are the flash controller and NAND flash memory chips.
read and write data to an underlying set of interc­onn­ected flash memory chips. These chips use floating gate transi­stors (FGTs) to hold an electrical charge, which enables the SSD to store data even when it is not connected to a power source. Each FGT contains a single bit of data, designated either as a 1 for a charged cell or a 0 if the cell has no electrical charge.
NAS (Network Attached Storage)
a storage device with an embedded OS that supports typical network file access protocols (TCP/IP and SMB for instance).
These may be subject to exploit attacks (though using an embedded OS is often thought of as more secure as it exposes a smaller attack "­foo­tpr­int­").
The unauth­orized connection of such devices to the network is also a concern.
File Server
In file server based networks, a central machine(s) provides dedicated file and print services to workst­ations.
Benefits of server­-based networks include ease of admini­str­ation through centra­liz­ation.
Cloud Computing
Any enviro­nment where software (Software as a Service and Platform as a Service) or comput­er/­network resources (Infra­str­ucture as a Service and Network as a Service) are provided to an end user who has no knowledge of or respon­sib­ility for how the service is provided.
provide elasticity of resources and pay-pe­r-use charging models.
Cloud access arrang­ements can be public, hosted private, or private (this type of cloud could be onsite or offsite relative to the other business units).
Cloud-­based Storage
There are also busine­ss-­ori­ented solutions, such as DropBox and Amazon
These services are typically operated with a browser or smartp­hon­e/t­ablet app.
In Windows 10, a cloud storage client (OneDrive) is built into the OS and can be accessed via File Explorer.

2.6 Computing devices and their purposes

Mobile Device
Portable phones and smart phones can be used to interface with workst­­ations using techno­­logies such as Bluetooth or USB.
As such, they are increa­­singly the focus of viruses and other malware
Portable devices storing valuable inform­­ation are a consid­­erable security risk when taken offsite.
A type of ultra-­­po­r­table laptop with a touchs­­creen
usually based on form factors with either 7" or 10" screens
A phablet is a smaller device (like a large smartp­­hone).
portable computer offering similar functi­­on­ality to a desktop computer
comes with built-in LCD screens and input devices (keyboard and touchpad)
can be powered from building power (via an AC Adapter) or by a battery
Peripheral devices can be connected via USB, PCMCIA, or Expres­­sCard adapters.
type of PC is housed in a case that can sit on or under a desk
often referred to as desktop PCs or just as desktops
provides shared resources on the network and allows clients to access this inform­ation.
The advantage of a server­-based system is that resources can be admini­stered and secured centrally.
must be kept secure by careful config­uration (running only necessary services) and mainte­nance (OS and applic­ation updates, malwar­e/i­ntr­usion detection, and so on).
Where a network is connected to the Internet, servers storing private inform­ation or running local network services should be protected by firewalls so as not to be accessible from the Internet.
Gaming Consoles
contains many of the same components as a workst­ation.
have powerful CPUs and graphics proces­sors, plus Ethernet and Wi-Fi for wired and wireless home networking and Internet connec­tivity
Web cameras and microp­hones are also available as periph­erals
The main difference to a workst­ation is that a console is designed to be operated by a gaming pad rather than a keyboard and mouse, though these are often also available as options. A gaming console would use an HD (High Defini­tion) TV for a display.
Internet of Things (IoT)
a world in which many different types of things are embedded with processing and networking functi­onality
Processing and networking functi­onality can be provis­ioned by very small chips, so the "­thi­ngs­" can range from motor vehicles and washing machines to clothing and birthday cards.
The global network of personal devices (such as phones, tablets, and fitness trackers), home applia­nces, home control systems, vehicles, and other items that have been equipped with sensors, software, and network connec­tivity.
Home Automation
from a clock to an alarm system or a refrig­erator can be controlled over the Internet by home automation software
sitting at the heart of this automa­tion, is a smart hub to which other devices connect
usually controlled using voice recogn­ition systems and smartphone apps.
specific home automation product categories include:
Thermo­sta­ts—­monitor and adjust your home or office Heating, Ventil­ation, and Air Condit­ioning (HVAC) controls from an app installed on your phone.
Security system­s—m­onitor and control alarms, locks, lighting, and videophone entry systems remotely.
IP camera­s—often used for security, these devices connect to Internet Protocol (IP)-based networks such as the Internet and support direct upload and sync to cloud storage for remote monito­ring.
Home applia­nce­s—check the contents of your refrig­erator from your smartphone while out shopping or start the washing machine cycle so that it has finished just as you get back to your house.
Streaming media—play content stored on a storage device through any smart speaker or TV connected to the home network.
Medical devices
class of devices where use of electr­onics to remotely monitor and configure the appliance is expanding rapidly.
hospitals and clinics but includes portable devices such as cardiac monito­rs/­def­ibr­ill­ators and insulin pumps.
allow doctors and nurses to remotely monitor a patient and potent­ially to adjust dosage levels or other settings without the patient having to visit the care provider.

2.7 Basic networking concepts

IP (Internet Protocol)
Network (internet) layer protocol in the TCP/IP suite providing packet addressing and routing for all higher level protocols in the suite
Packet Transm­iss­ion­/Packet Switching Network
Packet switching introduces the ability for one computer to forward inform­ation to another.
To ensure inform­ation reaches the correct destin­ation, each packet is addressed with a source and destin­ation address and then transf­erred using any available pathway to the destin­ation computer
A host capable of performing this forwarding function is called a router.
described as "­rob­ust­" because it can automa­tically recover from commun­ication link failures.
It re-routes data packets if transm­ission lines are damaged or if a router fails to respond. It can utilize any available network path rather than a single, dedicated one.
As well as the forwarding function and use of multiple paths, data is divided into small chunks or packets.
Using numerous, small packets means that if some are lost or damaged during transm­ission, it is easier to resend just the small, lost packets than having to re-tra­nsmit the entire message.
DNS (Domain Name System)
This industry standard name resolution system provides name to IP address mapping services on the Internet and large intranets.
DNS is a hierar­chical, distri­buted database. DNS name servers host the database for domains for which they are author­ita­tive.
Root servers hold details of the top-level domains. DNS servers also perform queries or lookups to service client requests
The DNS protocol defines the mechanisms by which DNS servers and clients interact
The DNS protocol utilizes TCP/UDP port 53.
URL (Uniform Resource Locato­r/I­den­tifier)
Applic­ati­on-­level addressing scheme for TCP/IP, allowing for human-­rea­dable resource addressing
For example: protoc­ol:­//s­erv­er/­file, where "­pro­toc­ol" is the type of resource (HTTP, FTP), "­ser­ver­" is the name of the computer (www.m­icr­oso­ft.c­om), and "­fil­e" is the name of the resource you wish to access.
The term URI (Uniform Resource Indicator) is preferred in standards docume­ntation but most people refer to these addresses as URLs.
A URL consists of the following parts:
this describes the access method or service type being used. URLs can be used for protocols other than HTTP/H­TTPS. The protocol is followed by the characters ://
Host location
this could be an IP address, but as IP addresses are very hard for people to remember, it is usually repres­ented by a Fully Qualified Domain Name (FQDN).
DNS allows the web browser to locate the IP address of a web server based on its FQDN.
File path
specifies the directory and file name location of the resource, if required
Each directory is delimited by a forward slash.
The file path may or may not be case-s­ens­itive, depending on how the server is config­ured.
If no file path is used, the server will return the default (home) page for the website.
WAN (Wide Area Network)
A Wide Area Network is a network that spans a relatively large geogra­phical area, incorp­orating more than one site and often a mix of different media types and protocols.
Connec­tions are made using methods such as telephone lines, fiber optic cables, or satellite links
LAN (Local Area Network)
A type of network covering various different sizes but generally considered to be restricted to a single geographic location and owned/­managed by a single organi­zation.
IP Address
Each IP host must have a unique IP address.
This can be manually assigned or dynami­cally allocated (using a DHCP server).
In IPv4, the 32-bit binary address is expressed in the standard four byte, dotted decimal notation: In IPv6, addresses are 128-bit expressed as hexade­cimal (for example, 2001:d­b8:­:0b­cd:­abc­d:e­f12­:1234).
IPv6 provides a much larger address space, stateless autoco­nfi­gur­ation (greatly simpli­fying network admini­str­ation), and replaces ineffi­cient broadcast transm­issions with multicast ones.
MAC (Media Access Control) Address
A MAC is a unique hardware address that is hard-coded into a network card by the manufa­cturer
This is required for directing data frames across a network and for allowing the network card to compare destin­ation addresses (coded into the data frame) and its own unique MAC address.
A MAC address is 48 bits long with the first half repres­enting the manufa­ctu­rer's Organi­zat­ionally Unique Identifier (OUI)
The protocol (HyperText Transfer Protocol) used to provide web content to browsers.
HTTP uses port 80. HTTPS provides for encrypted transfers, using SSL and port 443
POP (Post Office Protocol)
TCP/IP applic­ation protocol providing a means for a client to access email messages stored in a mailbox on a remote server.
The server usually deletes messages once the client has downloaded them. POP3 utilizes TCP port 110.
IMAP (Internet Message Access Protocol)
TCP/IP applic­ation protocol providing a means for a client to access email messages stored in a mailbox on a remote server.
Unlike POP3, messages persist on the server after the client has downloaded them.
IMAP also supports mailbox management functions, such as creating subfolders and access to the same mailbox by more than one client at the same time. IMAP4 utilizes TCP port number 143.
SMTP (Simple Mail Transfer Protocol)
The protocol used to send mail between hosts on the Internet. Messages are sent over TCP port 25
Modem (Modul­ato­r/D­emo­dul­ator)
Modems are devices that are used to convert the digital signals from a computer into the approp­riate analog signal that is required for transm­ission over public phone lines - this is called modulation
The reverse process, demodu­lation, occurs at the receiving computer
Modems are available in internal and external forms for different computer expansion slots and vary in terms of speed and data handling capabi­lities.
Routers are able to link dissimilar networks and can support multiple alternate paths between locations based upon the parameters of speed, traffic loads, and cost.
A router works at layer 3 (Network) of the OSI model. Routers form the basic connec­tions of the Internet.
They allow data to take multiple paths to reach a destin­ation (reducing the likelihood of transm­ission failure)
Routers can access source and destin­ation addresses within packets and can keep track of multiple active paths within a given source and destin­ation network.
TCP/IP routers on a LAN can also be used to divide the network into logical subnets
Ethernet (or LAN) switches perform the functions of a specia­lized bridge.
Switches receive incoming data into a buffer then the destin­ation MAC address is compared with an address table.
The data is then only sent out to the port with the corres­ponding MAC address.
In a switched network, each port is in a separate collision domain and, therefore, collisions cannot occur. This is referred to as micros­egm­ent­ation.
Advanced switches perform routing at layers 3 (IP), 4 (TCP), or 7 (Appli­cat­ion).
Switches routing at layer 4/7 are referred to as load balancers and content switches.
AP (Access Point)
Device that provides connec­tivity between wireless devices and a cabled network.
APs with Internet connec­tivity located in public buildings (cafes, libraries, airports for instance) are often referred to as hotspots.
Hardware or software that filters traffic passing into or out of a network (for example, between a private network and the Internet)
A basic packet­-fi­ltering firewall works at Layers 3 and 4 (Network and Transport) of the OSI model.
Packets can be filtered depending on several criteria (inbound or outbound, IP address, and port number).
More advanced firewalls (proxy and stateful inspec­tion) can examine higher layer inform­ation, to provide enhanced security

2.8 Set up a wireless network

Wireless networking
generally understood to mean the IEEE's 802.11 standards for Wireless LANs (WLAN), also called Wi-Fi.
802.11n standard
an use either frequency band and deliver much improved data rates (nominally up to 600 Mbps)
802.11a and 802.11b,
supported data rates of 54 Mbps and 11 Mbps respec­tively.
acted as an upgrade path for 802.11b, working at 54 Mbps but also allowing support for older 802.11b clients
not as widely adopted but does use a less crowded frequency band (5 GHz) and is considered less suscep­tible to interf­erence than the 2.4 GHz band used by 802.11b/g.
latest standardis now widely supported. 802.11ac access points can deliver up to 1.7 Gbps throughput at the time of writing. 802.11ac works only in the 5 GHz range with the 2.4 GHz band reserved for legacy standards support (802.1­1b/­g/n).
Most SOHO routers support 802.11g/n or 802.11­g/n/ac. This means that you can have a mix of client devices. For example, you might have a new router that supports 802.11ac but computers and tablets with wireless adapters that only support 802.11n. You can use the access point in compat­ibility mode to allow these devices to connect.
Config­uring an Access Point
connect a PC or laptop to one of the LAN ports on the SOHO router.
The SOHO router should assign the computer's adapter an Internet Protocol (IP) address using a service called the Dynamic Host Config­uration Protocol (DHCP).
Look at the SOHO router's setup guide to find out the router's IP address. Open a web browser and type the router's IP address into the address bar. This should open a management page for you to log on. Enter the user name and password listed in the router's setup guide. Most routers will invite you to complete the config­uration using a wizard, which guides you through the process.
Use the System page to choose a new admin password. The admin password is used to configure the router. It is vital that this password be kept secret and secure. You must choose a strong password that cannot be cracked by passwo­rd-­gue­ssing software. Use a long, memorable phrase of at least 12 charac­ters.
(Use the System page to choose a new admin password. The admin password is used to configure the router. It is vital that this password be kept secret and secure. You must choose a strong password that cannot be cracked by passwo­rd-­gue­ssing software. Use a long, memorable phrase of at least 12 charac­ters.)
Use the Wireless settings page to configure the router as an access point. Having checked the box to enable wireless commun­ica­tions, you can adjust the following settings from the default.
SSID (Service Set ID) - a name for the WLAN. This is usually set by default to the router vendor's name. It is a good idea to change the SSID from the default to something unique to your network. Remember that the SSID is easily visible to other wireless devices, so do not use one that identifies you personally or your address. The SSID can be up to 32 charac­ters.
Wireless mode—e­nable compat­ibility for different 802.11 devices.
Config­uring Wireless Security
To prevent snooping, you should enable encryption on the wireless network. Encryption scrambles the messages being sent over the WLAN so that anyone interc­epting them is not able to capture any valuable inform­ation. An encryption system consists of a cipher, which is the process used to scramble the message, and a key. The key is a unique value that allows the recipient to decrypt a message that has been encrypted using the same cipher and key. Obviously, the key must be known only to valid recipients or the encryption system will offer no protec­tion.
under Encryp­tion, you would select the highest security mode supported by devices on the network.
WEP (Wired Equivalent Privac­y)—this is an older standard. WEP is flawed and you would only select this if compat­ibility with legacy devices and software is impera­tive.
Wi-Fi Protected Access (WPA)—this fixes most of the security problems with WEP. WPA uses the same weak RC4 (Rivest Cipher) cipher as WEP but adds a mechanism called the Temporal Key Integrity Protocol (TKIP) to make it stronger.
WPA2—this implements the 802.11i WLAN security standard. The main difference to WPA is the use of the AES (Advanced Encryption Standard) cipher for encryp­tion. AES is much stronger than RC4/TKIP. The only reason not to use WPA2 is if it is not supported by devices on the network. In many cases, devices that can support WPA can be made compatible with WPA2 with a firmware or driver upgrade.
The distance between the wireless client (station) and access point determines the attenu­ation (or loss of strength) of the signal
Radio signals pass through solid objects, such as ordinary brick or drywall walls but can be weakened or blocked by partic­ularly dense or thick material and metal. Other radio-­based devices and nearby Wi-Fi networks can also cause interf­erence
Captive Portal
A web page or website to which a client is redirected before being granted full network access
The portal might allow limited network browsing, provide an authen­tic­ation mechanism, or provide resources, such as access to patches or signature updates to allow the device to become compliant with network access policies. It can also function as a secondary authen­tic­ation mechanism for open access points.
On connec­ting, the user's browser is redirected to a server to enter creden­tials (and possibly payment for access).

3.1 Purpose of operating systems.

a program, or group of programs, that allow users to perform different tasks, such as web browsing, email, and word processing
With an OS, applic­ation software developers do not need to worry about writing routines to access the hard disk or send a document to a printer; they simply "­cal­l" functions of the OS that allow them to do these things.
This allows applic­ation software designers to concen­trate on applic­ation functions and makes the computer more reliable
One conseq­uence of this is that there are relatively few operating systems, as it takes a lot of work to produce software applic­ations that will work with different systems
Applic­ation vendors have to decide which operating systems they will support.
Each hardware component requires a driver to wor
OS software is built from a kernel of core functions with additional driver software and system utility applic­ations
The OS is respon­sible for identi­fying the components installed on the PC and loading drivers to enable the user to configure and use them.
SOHO (Small Office Home Office)
Typically used to refer to network devices designed for small-­­scale LANs (up to 10 users).
All operating systems have a kernel
which is a low-level piece of code respon­­sible for contro­­lling the rest of the operating system
Windows uses a multip­­ro­c­essor aware, pre-em­­ptive multit­­asking kernel.
Mobile device OS
designed for handheld devices, such as smartp­hones and tablets.
Mobile (smart­phone and tablet) OS developed by the Open Handset Alliance (primarily sponsored by Google). Android is open source software.
Mobile OS developed by Apple for its iPhone and iPad devices
Operating system designed by Apple for their range of iMac computers, Mac workst­­at­ions, and MacBook portables
OS X is based on the BSD version of UNIX
OS X is well supported by applic­­ation vendors, especially in the design industry (Adobe­­/M­a­c­ro­­media).
Chrome OS
derived from Linux, via an open source OS called Chromium
Chrome OS itself is propri­­etary
developed by Google to run on specific laptop (chrom­­eb­ooks) and PC (chrom­­eb­oxes) hardware.
An open-s­­ource operating system supported by a wide range of hardware and software vendors
world's foremost supplier of operating system and Office produc­­tivity software
dominated the PC market since the develo­­pment of the first IBM compatible PCs running MS-DOS.
Workst­ation OS
runs a tradit­ional desktop PC or laptop. Examples include Microsoft Windows, Apple OS X/macOS, Linux, and Chrome OS.
The general workst­ation OS types are:
Enterprise client­—de­signed to work as a client in business networks
Home client­—de­signed to work on standalone or workgroup PCs and laptops in a home or small office. This will also allow each client to run some basic peer-t­o-peer network services, such as file sharing.
Network Operating System (NOS), or server OS
designed to run on servers in business networks
A server OS, such as Windows Server, Linux, or UNIX, is often based on similar code to its workst­ation OS equiva­lent.
For example, Windows 10 and Windows Server 2016 are very similar in terms of the OS kernel.
A server OS is likely to include software packages (or roles) to run network services and use different licensing to support more users.
A server OS is also likely to have a simpler comman­d-line interface, rather than a GUI, to make it more secure and reliable.
Embedded OS
a computer or appliance designed for a very specific function.
hese systems can be as contained as a microc­ont­roller in an intrav­enous drip-rate meter or as large and complex as an industrial control system managing a water treatment plant.
Embedded systems are typically static enviro­nments. A PC is a dynamic enviro­nment
refers to software instru­ctions stored semi-p­erm­anently (embedded) on a hardware device (BIOS instru­ctions stored in a ROM chip on the mother­board for instance).
also known as a virtual machine monitor or VMM
software that creates and runs virtual machines (VMs)
allows one host computer to support multiple guest VMs by virtually sharing its resources, such as memory and proces­sing.
Hypervisor Type 1
“bare metal”
acts like a lightw­eight operating system and runs directly on the host's hardware
Hypervisor Type 2
runs as a software layer on an operating system, like other computer programs
Disk Management
Disk management • Process manage­men­t/s­che­duling (Kill proces­s/end task) • Memory management • Access contro­l/p­rot­ection
The Disk Management snap-in displays a summary of any fixed and removable drives attached to the system. The top pane lists drives; the bottom pane lists disks, showing inform­ation about the partitions created on each disk plus any unpart­itioned space. You can use the tool to create and modify partit­ions, reformat a partition, assign a different drive letter, and so on.
one of the snap-ins included with the default Computer Management console
you can open the tool directly from the Windows+X menu (or run diskmg­mt.m­sc).
allows a single disk to be divided into multiple different logical areas, each of which can be accessed via the OS as a separate drive.
A disk must have at least one partition for the OS to use it.
each partition must be formatted with a file system so that the OS can read and write files to the drive.
When a program starts (either because it has been scheduled to do so by the OS or opened by a user), the applic­ation code executes in memory as a process
Task Manage­r(t­askmgr)
allows the user to shut down processes that are not respon­ding.
An ordinary user can end unresp­onsive applic­ations, but admini­str­ative rights are required to end processes that were started by the system rather than the signed in user
This protects the system as things like malware cannot disable anti-virus software
In addition to this functi­ona­lity, Task Manager can be used to monitor the PC's key resources.
There are various ways to run Task Manager, including pressing CTRL+S­HIF­T+ESC, right-­cli­cking the taskbar, right-­cli­cking the Start button, or pressing Windows+X.
Termin­ating a process like this (rather than using the applic­ation's Close or Exit function) is often called "­kil­lin­g" the process.
The command line option for doing this in Windows is indeed called taskkill
Always try to close or end a task normally before attempting to "­kil­l" it.
a Windows process that does not require any sort of user intera­ction and thus runs in the background (without a window).
provide functi­onality for many parts of the Windows OS, such as allowing sign in, browsing the network, or indexing file details to optimize searches
may be installed by Windows and by other applic­ations, such as anti-v­irus, database, or backup software.
use this snap-in to check which services are running and to start and stop each service or configure its proper­ties, such as whether it starts automa­tically at system boot time.
Task Scheduler
sets tasks to run at a particular time.
Tasks can be run once at a future date or time or according to a recurring schedule
A task can be a simple applic­ation process (including a command with any options if necessary) or a batch file, also called a script (a file that contains commands).
accessed via its own console and can also be found in the Computer Management console.
In Linux, the cron utility is often used to run tasks or scripts at a particular time.
Memory Management
When a process executes, it takes up space in system memory.
If the system runs out of memory, then processes will be unable to start, and running processes may crash because they cannot load the data they need.
There is not a lot to configure in terms of memory manage­ment.
Badly written programs and malware can cause a memory leak, where the process keeps claiming memory addresses without releasing them
If the system keeps running out of memory, you would use Task Manager or another monitoring program to find the offending process and disable it from running.
Access control
means that a computing device (or any inform­ation stored on the device) can only be used by an authorized person, such as its owner.
on workst­ation operating systems is usually enforced by the concept of user accounts
Each user of the device is allocated an account and uses a password (or other creden­tial) to authen­ticate to that account.
The OS can restrict the privileges allocated to an account so that it is not able to reconf­igure settings or access certain data areas.
Admini­strator account
When the OS is first installed, the account created or used during setup is a powerful local admini­strator account
you should only use this account to manage the computer (install applic­ations and devices, perform troubl­esh­ooting, and so on).
Standard users group
You should create ordinary user accounts for day-to-day access to the computer
cannot change the system config­uration and are restricted to saving data files within their own user profile folder or the Public profile.
Least privilege principle
users should have only sufficient permis­sions required to perform tasks and no more.
User Account Control (UAC)
Windows' solution to the problem of elevated privileges
In order to change important settings on the computer (such as installing drivers or software), admini­str­ative privileges are required.
Device management
Primary interface for config­uring and managing hardware devices in Windows.
Device Manager enables the admini­strator to disable and remove devices, view hardware properties and system resources, and update device drivers.
You can open Device Manager via the Windows+X menu, locate the device, then right-­click and select Uninstall
Or via the Computer Management Console

3.2 Components of an operating system

See 3.1
See 3.1
Task Scheduler
The Task Scheduler enables the user to perform an action (such as running a program or a script) automa­tically at a pre-set time or in response to some sort of trigger.
Computer Management Console
The Computer Management Console provides tools for admini­stering the local computer, including Device Manager, Event Viewer, Disk Manage­ment, Services, and Perfor­mance Monitor
Command Line Interfaces
The Computer Management Console provides tools for admini­stering the local computer, including Device Manager, Event Viewer, Disk Manage­ment, Services, and Perfor­mance Monitor.
represents an altern­ative means of config­uring an OS or applic­ation to a GUI
To access the console, alt-click (My) Computer and select Manage.
displays a prompt, showing that it is ready to accept a command.
When you type the command plus any switches and press ENTER, the shell executes the command, displays any output associated with the execution, and then returns to the prompt.
GUI (Graphical User Interface)
A GUI provides an easy to use, intuitive interface for a computer operating system
m. Most GUIs require a pointing device, such as a mouse, to operate efficientl
Device Driver
A small piece of code that is loaded during the boot sequence of an operating system.
This code, usually provided by the hardware vendor, provides access to a device, or hardware, from the OS kernel.
. Under Windows, a signing system is in place for drivers to ensure that they do not make the OS unstable.
Plug-a­nd-Play (PnP)
A Plug-a­nd-Play system (compr­ising a compatible BIOS, operating system, and hardware) is self-c­onf­iguring
When a hardware device is added or removed, the operating system detects the change and automa­tically installs the approp­riate drivers.
Driver update
Device Manager provides the interface for config­uring and managing hardware devices in Windows.
In the Device Manager, the admin can disable and remove devices, view hardware properties and systems resources, and update device drivers
Windows ships with a number of default drivers and can also try to locate a driver in the Windows Update website
third-­party drivers should be obtained from the vendor's website
To update, you download the driver files and install them using the supplied setup program or extract them manually and save them to the hard disk. You can then use the device's property dialog in Device Manager to update the driver. You can either scan for the update automa­tically or point the tool to the updated version you saved to the hard disk.
Standard "­dri­ver­" model for interf­acing scanner hardware with applic­ations software.
WIA (Windows Image Acquis­ition)
Driver model and API (Appli­cation Progra­mming Interface) for interf­acing scanner hardware with applic­ations software on Windows PCs
File System
When data is stored on a disk, it is located on that medium in a partic­ular, standa­rdized format.
This allows the drive and the computer to be able to extract the inform­ation from the disk using similar functions and thus data can be accessed in a predic­table manner
r. Examples of file systems include FAT16, FAT32, and NTFS (all used for hard disks) and CDFS (ISO 9660) and UDF (Universal Disk Format), used for optical media such as CD, DVD, and Blu-ray.
A discrete area of storage defined on a hard disk using either the Master Boot Record (MBR) scheme or the GUID Partition Table (GPT) scheme.
Each partition can be formatted with a different file system, and a partition can be marked as active (made bootable).
NTFS (New Technology Filing System)
The NT File System supports a 64-bit address space and is able to provide extra features such as file-b­y-file compre­ssion and RAID support as well as advanced file attribute management tools, encryp­tion, and disk quotas
FAT (File Allocation Table)
When a disk is formatted using the FAT or FAT32 file system a File Allocation Table (FAT) is written in a particular track or sector
r. The FAT contains inform­ation relating to the position of file data chunks on the disk; data is not always written to one area of the disk but may be spread over several tracks.
The original 16-bit version (FAT16, but often simply called FAT) was replaced by a 32-bit version that is almost univer­sally supported by different operating systems and devices.
A 64-bit version (exFAT) was introduced with Windows 7 and is also supported by XP SP3 and Vista SP1 and some versions of Linux and OS X.
Hierar­chical File System (HFS+)
Apple Mac workst­ations and laptops use the extended Hierar­chical File System (HFS+)
the latest macOS version is being updated to the Apple File System (APFS)
Most Linux distri­butions use some version of the ext file system to format partitions on mass storage devices.
ext3 is a 64-bit file system with support for journa­ling, which means that the file system tracks changes, giving better reliab­ility and less chance of file corruption in the event of crashes or power outages
Support for journaling is the main difference between ext3 and its predec­essor (ext2).
ext4 delivers signif­icantly better perfor­mance than ext3 and would usually represent the best choice for new systems.
can be used where the NTFS file system is not a feasible solution (due to data structure overhead), but require a greater file size limit than the standard FAT32 file system (i.e. 4 GiB).
exFAT has been adopted by the SD Card Associ­ation as the default file system for SDXC cards larger than 32 GiB
Along with most of the features of NTFS, less overhead means faster processing for the exFAT file system, making it partic­ularly suitable for flash drives.
Compre­ssion Software
To send or store a file it often needs to be compressed in some way, to reduce the amount of space it takes up on the storage media or the bandwidth required to send it over a network
There are a number of compre­ssion utilities and formats
Compre­ssion Formats
this format was developed for the PKZIP utility but is now supported "­nat­ive­ly" by Windows, Mac OS X, and Linux.
"­Nat­ive­ly" means that the OS can create and extract files from the archive without having to install a third-­party applic­ation
this was originally a UNIX format for writing to magnetic tape (tape archive) but is still used with gzip compre­ssion (tgz or .tar.gz) as a compressed file format for UNIX, Linux, and macOS.
A third-­party utility is required to create and decompress tar files in Windows.
this propri­etary format is used by the WinRAR compre­ssion program.
this type of archive is created and opened using the open-s­ource 7-Zip compre­ssion utility
this type of archive is created and opened by the gzip utility, freely available for UNIX and Linux computers.
A number of Windows third-­party utilities can work with gzip-c­omp­ressed files.
this is a file in one of the formats used by optical media. The main formats are ISO 9660 (used by CDs) and UDF (used by DVDs and Blu-Ray Discs)
Many operating systems can mount an image file so that the contents can be read through the file browser.
these are disk image file formats used with Microsoft Hyper-V and VMware virtual machines respec­tively.
A disk image is a file containing the contents of a hard disk, including separate partitions and file systems
Like an ISO, such a file can often be mounted within an OS so that the contents can be inspected via the file browser.
this is a disk image file format used by Apple macOS.
Scrambling the characters used in a message so that the message can be seen but not understood or modified unless it can be deciphered
Encryption provides for a secure means of transm­itting data and authen­tic­ating users.
It is also used to store data securely
Encryption systems allow for different levels of security (128-bit encryption is currently considered secure).
Key (Encry­ption)
An encryption cipher scrambles a message (plain­text) using an algorithm
The algorithm is given a key so that someone interc­epting the message could not just reverse the algorithm to unscramble the message; they must also know the key. In symmetric encryp­tion, the same key is used for encryption and decryption
In asymmetric encryp­tion, different keys are used (one key is linked to but not derivable from the other key).
Full device encryption
Provided by all but the early versions of mobile device OS for smartp­hones and tablets, such as Android and iOS
iOS 5 (and up) Levels of Encryption
All user data on the device is always encrypted, but the key is stored on the device. This is primarily used as a means of wiping the device. The OS just needs to delete the key to make the data inacce­ssible rather than wiping each storage location.
Email data and any apps using the "Data Protec­tio­n" option are also encrypted using a key derived from the user's passcode (if this is config­ured). This provides security for data in the event that the device is stolen. Not all user data is encrypted; contacts, SMS messages, and pictures are not, for example.
Data Protection encryption
enabled automa­tically when you configure a password lock on the device
In Android, you need to enable encryption via Settings > Security. Android uses full-disk encryption with a passco­de-­derived key. When encryption is enabled, it can take some time to encrypt the device.
To access files and folders on a volume, the admini­strator of the computer will need to grant file permis­sions to the user (or a group to which the user belongs)
File permis­sions are Page 9/16 supported by NTFS-based Windows systems
Authen­tic­ation, Author­iza­tion, and Accounting - the principal stages of security control. A resource should be protected by all three types of controls.
ACL (Access Control List)
The permis­sions attached to or configured on a network resource, such as folder, file, or firewall
The ACL specifies which subjects (user accounts, host IP addresses, and so on) are allowed or denied access and the privileges given over the object (read only, read/w­rite, and so on).
Group Account
A group account is a collection of user accounts
These are useful when establ­ishing file permis­sions and user rights because when many indivi­duals need the same level of access, a Page 15/16 group could be establ­ished containing all the relevant users
The group could then be assigned the necessary rights.
MAC (Mandatory Access Control)
Access control model where resources are protected by inflex­ible, system defined rules
Resources (objects) and users (subjects) are allocated a clearance level (or label)
Resources (objects) and users (subjects) are allocated a clearance level (or label)
File naming rules
Naming rules depend on the version of Windows and the file system
A file name can be up to 255 characters long and can contain letters, numbers, and unders­cores.
The operating system is case-s­ens­itive, which means it distin­guishes between uppercase and lowercase letters in file names. Therefore, FILEA, FiLea, and filea are three distinct file names, even if they reside in the same directory.
File names should be as descri­ptive and meaningful as possible.
Direct­ories follow the same naming conven­tions as files.
Certain characters have special meaning to the operating system. Avoid using these characters when you are naming files. These characters include the following:
/ \ " ' * ; - ? [ ] ( ) ~ ! $ { } &lt > # @ & | space tab newline
A file name is hidden from a normal directory listing if it begins with a dot (.). When the ls command is entered with the -a flag, the hidden files are listed along with regular files and direct­ories.
A file system object used to organize files
Direct­ories can be created on any drive (the directory for the drive itself is called the root) and within other direct­ories (subdi­rec­tory)
Different file systems put limits on the number of files or direct­ories that can be created on the root or the number of subdir­ectory levels.
In Windows, direct­ories are usually referred to as folders.
Data used by a computer is stored by saving it as a file on a disk
Files store either plain text data or binary data
Binary data must only be modified in a suitable applic­ation or the file will be corrupted
A file is created by specifying a name
Files usually have a three character extension (the last 3 characters in the file named preceded by a period)
The file extension is used to associate the file with a particular software applic­ation
Files have primary attributes (Read-­Only, System, Hidden, and Archive) and other properties (date created or modified for instance)
Files stored on an NTFS partition can have extended attributes (access control, compre­ssion, and encryp­tion).
8.3 Filenames
The DOS file naming standard - an eight-­cha­racter ASCII name followed by a three-­cha­racter file extension (which identifies the file type).
Windows supports long file names but can also generate a short file name, based on DOS 8.3 naming rules.
. This provides backwards compat­ibility for older applic­ations.
File Permis­sions
supported by NTFS-based Windows systems.

3.3 Purpose and proper use of software

Produc­tivity software
Word processing
applic­ations that help users to write and edit documents
will come with features enabling the user to edit, format, and review text quickly.
A spread­sheet consists of a table containing rows, columns, and cells
When values are entered into the cells, formulas can be applied to them, enabling complex calcul­ations to be carried out.
Presen­tation software enables users to create sophis­ticated business presen­tations that can be displayed as an on-screen slide show or printed onto overhead projector transp­are­ncies.
A web browser is software designed to view HTML pages.
Browsers must be configured carefully and kept up to date with system patches to make them less vulnerable to Trojans and malicious scripting.
As well as the browser itself, plug-in applic­ations that enable use of particular file formats, such as Flash or PDF, may also be vulner­able.
Visual diagra­mming
Diagrams are an important means of commun­icating or recording ideas or config­ura­tions clearly
software assists the creation of these by providing templates and shapes for different kinds of diagram.
user does not have to worry about creating icons or shapes; they can just drag shapes from the template (or stencil) into the diagram and use the software tools to connect them approp­ria­tely.
Collab­oration software
Email client
The email client software works in conjun­ction with an email server, which handles the business of actually transm­itting the messages over the network.
often coupled with a Personal Inform­ation Manager (PIM). PIM software provides features for storing and organizing inform­ation, such as contacts and calendar events and appoin­tments.
Online Workspaces and Document Storag­e/S­haring
where a file is hosted on a network, and users can sign in to get access to it.
Different users might be assigned different permis­sions over the document. For example, some users may be able to view or print the document or add comments to it; others may be able to edit it.
The client software provides the user with the tools to view and edit the document.
Remote Desktop and Screen Sharing Software
allows a user to connect to a computer over a network.
The remote desktop server runs on the target computer.
The user starts a remote desktop client applic­ation and enters the connection inform­ation.
When the connection is establ­ished, the user can operate the remote computer's desktop via a window on their local computer
also used by IT support staff to login to a user's computer to provide support and assistance without having to travel to the user's location.
Remote connection utilities can also be used in a "­rea­d-o­nly­" type of mode to facilitate screen sharing. the remote user can view the host's desktop but cannot interact with it. This mode is often used for software demons­tra­tions and for product support.
Instant Messaging
Instant Messaging (IM) software allows users to commun­icate in real time. Unlike with email, there is (virtu­ally) no delay between sending and receiving a message. Basic IM software allows for the transfer of text messages and can also be used for file attach­ments.
VoIP Software
packages voice commun­ica­tions as data packets, transmits them over the network, then reasse­mbles the packets to provide two-way, real-time voice commun­ica­tion.
"­Rea­l-t­ime­" applic­ations such as IM are sensitive to latency, which is the delay in seconds that a packet of data takes to travel over a network
IM voice and video calling also requires sufficient bandwidth
These factors might be contro­llable on a private network, but on the Internet, where a packet might traverse many different networks to reach its final destin­ation, link quality is more difficult to guarantee.
Video Confer­encing
Video confer­encing or Video Teleco­nfe­rencing (VTC) software allows users to configure virtual meeting rooms, with options for voice, video, and instant messaging. Other features often include screen sharing, presen­tat­ion­/wh­ite­board, file sharing, and polls and voting options.
Most confer­encing suites also provide a fallback teleco­nfe­rence option, to be used in conjun­ction with the presen­tation features, in case some partic­ipants cannot get a good enough connection for an IP voice or video call.
a term used to refer to partic­ularly sophis­ticated video confer­encing solutions
partic­ipants have a real sense of being in the same room
can be achieved by a number of video techno­logies, including HD or 4K resolu­tions, large and/or curved flat-s­creens, and 3D. Emerging techno­logies might make use of virtual reality headsets, holograms, and robotics.
Business Software
Desktop Publishing (DTP
similar to word processing but with more emphasis on the formatting and layout of documents than on editing the text. DTP software also contains better tools for preparing a document to be printed profes­sio­nally.
Graphic Design
Often used in conjun­ction with DTP and web design software
Computer Aided Design (CAD)
makes technical drawings and schematics easier to produce and revise.
Drawings can be rotated or viewed in 3D and easily transm­itted to a client for feedback
often linked to Computer Aided Manufa­cturing (CAM) which enables the data produced in CAD drawings to be loaded into a machine which then manufa­ctures the part.
Project Management
involves breaking a project into a number of tasks and assigning respon­sib­ili­ties, resources, and timescales to ensure the completion of those tasks
also involves identi­fying depend­encies between tasks.
Software such as Microsoft Project or Smartsheet assists with this process by visual­izing task timelines and depend­encies and recording inform­ation about task properties and progress.
enable the user to store, organize, and retrieve inform­ation.
can search through thousands of records very quickly and display data in a format specified by the user
can be used to store many different types of inform­ation, such as timeta­bles, customer details, and patient records.
The XML (eXten­sible Markup Language) format is also increa­singly important for data storage, as it allows for a high level of integr­ation between different types of systems.
A company may also commission custom­-made software to implement specific Line of Business (LOB) functions
LOB applic­ations would cover functions that cannot be performed by "­off­-th­e-s­hel­f" software.
This might include product design and manufa­ctu­ring, fulfilment and inventory control, plus marketing and sales.

3.4 App archit­ecture & delivery models

Applic­ation Delivery Methods
Locally installed
Network not required, Applic­ation exists locally, Files saved locally
A tradit­ional PC-type software applic­ation is installed locally to the computer's hard drive.
When launched it executes within the computer's memory and is processed by the local CPU.
Any data files manipu­lated by the applic­ation can also be stored on the local disk, though usually in a user folder rather than the applic­ation folder.
or security reasons ordinary users should not be able to modify applic­ation folders.
A locally installed applic­ation such as this does not need network access to run, though obviously the network has to be present if the applic­ation makes use of network features.
Local network hosted
Network required, Internet access not required
applic­ation installed to a network server and executed on that server.
client workst­ations access the applic­ation using a remote terminal or viewer.
The most successful example of this kind of applic­ation virtua­liz­ation model is Citrix XenApp. Locating the applic­ation and its data files on a server is easier to secure and easier to backup.
This model also does not require that client hosts be able to access the Internet
The drawback is that if there is no local network connection or the local network is heavily congested, users will not be able to use the applic­ation.
Cloud hosted
Internet access required, Service required, Files saved in the cloud
very similar to the local network model except that clients connect to the applic­ation servers over the Internet.
provides a lot of flexib­ility in terms of provis­ioning the app to clients located in different regions
As with local network applic­ations, user-g­ene­rated data files would normally be saved in the cloud too, with the same benefits for creating security access controls and backing up easily.
The drawback is that clients and cloud service must both have a reliable Internet connec­tion. Outages on either side can cause serious produc­tivity problems.
Applic­ation archit­ecture models
One tier(s­tan­dalone)
front-end and processing logic and the database engine are all hosted on the same computer
separates the database engine, or back-end or data layer, from the presen­tation layer and the applic­ation layer, or business logic
The applic­ation and presen­tation layers are part of the client applic­ation.
The database engine will run on one server (or more likely a cluster of servers), while the presen­tation and applic­ation layers run on the client.
the presen­tation and applic­ation layers are also split
The presen­tation layer provides the client front-end and user interface and runs on the client machine
The applic­ation layer runs on a server or server cluster that the client connects to.
When the client makes a request, it is checked by the applic­ation layer, and if it conforms to whatever access rules have been set up, the applic­ation layer executes the query on the data layer which resides on a third tier and returns the result to the client.
The client should have no direct commun­ica­tions with the data tier.
used to mean either a two-tier or three-tier applic­ation, but another use is an applic­ation with a more complex archit­ecture still
For example, the applic­ation may use separate access control or monitoring services.

3.5 Configure & use web browsers

Cachin­g/c­learing cache
privacy issue is that the browser can be set to store inform­ation typed into forms, including passwords, and retains a history of browsed pages
Any user using a publicly accessible computer should be trained to check these settings and to clear the browser cache before logging off.
This is done from the browser's settings dialog or config­uration page.
Private Browsing Mode
the browser doesn't store cookies or temporary files and doesn't add pages to the history list
does allow the creation of cookies but only ones that are directly connected to the URL you are visiting. It also deletes the cookies when you close the page. Third-­party cookies are not accepted.
Private mode does not stop the browser from sending some inform­ation to the website. You cannot avoid the website discov­ering your IP address for instance. For fully "­ano­nym­ous­" browsing, you have to use some sort of Virtual Private Network (VPN) or proxy.
You can usually open a private browser tab by pressing CTRL+S­HIFT+P (in Firefox) or CTRL+S­HIFT+N (in Chrome).
Deactivate Client­-side Scripting
Most sites will use server­-side scripting, meaning that code runs on the server to display the page you are looking at.
Many sites also depend on client­-side scripting, so there is no way to disable this.
This means that code is placed in the page itself and runs within the browser to change the way it looks or provide some other functi­ona­lity.
Deacti­vating client­-side scripting tends to break most of the websites published on the Internet because they depend very heavily on the functi­onality that scripting allows.
Scripting can be disabled in some browsers by config­uring settings, but others, Micros­oft's new Edge browser for instance, do not allow scripts to be disabled.
It is also possible to install a script blocker add-on. This provides more control over which websites are allowed to run scripts.
Browser add-on­s/e­xte­nsions
Add-ons come in several different types:
Extens­ion­s—these can add functi­onality to the browser. They might install a toolbar or change menu options. They can run scripts to interact with the pages you are looking at.
Plug-i­ns—­these are designed to play some sort of content embedded in a web page, such as Flash, Silver­light, or other video/­mul­timedia format. The plug-in can only interact with the multimedia object placed on the page, so it's more limited than an extension
Themes­—these change the appearance of the browser using custom images and color schemes.
You can view installed add-ons and choose to remove or enable­/di­sable them using the browser settings button or menu.
All extensions and plug-ins should be digitally signed by the developer to indicate that the code is as-pub­lished. You should be extremely wary of installing unsigned add-ons.
about:­addons allows you to add, remove, enable­/di­sable addons
Proxy settings
a network firewall is likely to be deployed to monitor and control all traffic passing between the local network and the Internet. On networks like this, clients might not be allowed to connect to the Internet directly but forced to use a proxy server instead
The proxy server can be configured as a firewall and apply other types of content filtering rules.
Some proxy servers work transp­arently so that clients use them without any extra config­uration of the client applic­ation
Other proxies require that client software, such as the browser, be configured with the IP address and port of the proxy server.
This inform­ation would be provided by the network admini­str­ator.
Certif­icates (Valid, Invalid)
When you browse a site using a certif­icate, the browser displays the inform­ation about the certif­icate in the address bar:
If the certif­icate is valid and trusted
a padlock icon is shown
Click the icon to view inform­ation about the certif­icate and the Certif­icate Authority guaran­teeing it.
f the certif­icate is highly trusted
the address bar is colored green
High assurance certif­icates make the website owner go through a (even) more rigorous identity validation procedure
If the certif­icate is untrusted or otherwise invalid
the address bar is colored maroon and the site is blocked by a warning message
If you want to trust the site anyway, click through the warning.
a "­sub­-wi­ndo­w" that appears over the main window
can be implem­ented using scripts or add-ons
can be opened automa­tically by a script running on the page or in response to clicking a link
Aggressive use of pop-up windows is associated with spyware and adware
These spawn pop-ups when you open the browser, on every site you visit, and when you try to close the browser. They may even re-spawn when you try to close them
Popup blockers
You can control the use of cookies by the websites you visit using browser settings.
You can also choose to prevent sites from creating pop-up windows and configure exceptions for this rule. Note that this will not block all types of overlay pop-ups or advert­ising.
If you want to have closer control over advert­ising on a site you need to install a suitable browser extension.
Compatible Browser
It is often the case that you will need to have more than one browser installed on your computer.
This is not ideal in security terms, as it is better to install as few applic­ations as possible, but circum­stances may demand it.
Compat­ibility aside, your choice of browser is largely down to personal prefer­ence.