220-1102 Operational Procedures Study Guide for the CompTIA A+ Core Series Exam

Environmental Impacts and Controls

You should be able to quickly analyze and apply the proper controls for any possible environmental impacts. Some questions in this area will be scenario based.

Safety Data Sheet (SDS)

The SDS outlines the procedures for handling and disposing of hazardous materials. This should be referenced if there is a question about properly disposing of hazardous material. The SDS is administered by the Occupational Safety and Health Administration (OSHA) in the United States. Copies are kept locally wherever there might be contact with hazardous materials.

Battery Disposal

The most common batteries used in computers and electronic devices are alkaline, nickel-cadmium (NiCd), nickel-metal hydride (NiMH), lithium-ion (Li-ion), and button cells. The Mercury-Containing and Rechargeable Battery Management Act (or just The Battery Act) provides guidelines on the disposal, collection, and recycling of batteries. All batteries should be recycled.

Toner Disposal

Toner cartridges should also be recycled. Toner cartridges contain carcinogens and heavy metals, which negatively affect the environment. Companies that recycle toner cartridges refurbish and refill the cartridges for further use.

Other Devices and Assets

Other devices and assets, such as display devices and mobile devices, should also be sent to a recycling facility that can safely dispose of or recycle the component. The key takeaway here is that the majority of computer and networking components you may encounter should not be thrown out but recycled.

Temperature, Humidity, and Ventilation

The temperature and humidity in the environment where components are stored should reflect the levels outlined in the SDS. For an electronic environment, it is usually best to balance the humidity as efficiently as possible to avoid extreme condensation or static discharge. It is also important to keep a closed-in area well-ventilated so the room does not become too hot when the equipment is running.

Location/Equipment Placement

When placing equipment, always evaluate the location where the equipment will be placed, whether you are dealing with a single simple device or a large bank of servers or switches. Be aware of potential hazards, such as temperature, ventilation, tripping hazards, or water hazards.

Dust Cleanup

Dust buildup can be highly detrimental to sensitive components, causing them to work less efficiently, overheat, or fail. Dust removal must be approached cautiously so as not to do more damage to the component than the dust itself. Compressed air and vacuums are common methods of dust removal.

Compressed Air/Vacuums

Compressed air can be used to clean out the inside of computer equipment as well as printers and other electronic devices. It is better to use natural compressed air versus any chemical-based compressed material. Only specialized anti-static vacuums should be used in electronic environments. These vacuums can help reduce the risk of a static discharge or damage to the component.

Power Surges, Under-Voltage Events, and Power Failures

Power issues can occur anytime and anywhere. These can range from total outages to flickers or surges, and they can be devastating to equipment, data, and clients. A power surge occurs when a device receives too much power. An under-voltage event, such as a sag or brownout, occurs when the voltage dips below nominal operating levels for a set period. A power failure is when voltage completely stops.

Battery Backup

An uninterruptible power supply (UPS) is used to maintain power to equipment in the event of a power outage or surge when all power can be lost or drop down below a certain threshold. The UPS will automatically activate and provide power for the connected equipment via batteries.

Surge Suppressor

A surge suppressor works by checking for spikes in voltage along the line. If a spike is detected, the surge protector moves the excess power to the ground and only allows the proper amount to be passed along to the connected devices.

Prohibited Content/Activity and Privacy, Licensing, and Policy

In addition to physical safety regulations, you must also be aware of and familiar with regulations pertaining to prohibited content and activity as well as privacy, licensing, and policy. You must be able to identify and explain the importance of these concepts.

Incident Response

Incident response refers to the chain of actions and events that are taken once an incident occurs. A clear incident response plan should be established by the company and followed to ensure a proper response. An incident response plan typically follows the basic steps of detecting or identifying the incident, then responding, reporting, recovering, remediating, documenting, and reviewing the incident.

Chain of Custody

Chain of custody documentation is used as a legally admissible map of what, why, who, and where a material or piece of evidence is at all times during an incident response. The chain of custody documentation should address who obtained it, who secured it, who controlled it, and, if moved, why it was moved, who moved it, how it was secured during the move, and who controlled it.

Management and Law Enforcement

Anytime an incident occurs that triggers the incident response protocol, management should be informed. Management will help to evaluate the severity of the incident and decide whether the incident is potentially legally actionable. In some cases, law enforcement will need to be notified, depending on the case. Some regulations, such as regulations pertaining to PII, require a company to notify authorities within a set period of time, depending on the number of customers affected.

Copy of Drive

When responding to an incident, evidence is collected in order of volatility to provide the most accurate levels of data integrity and preservation. The order of volatility is RAM memory contents first, then swap files and virtual memory, network processes, system processes, filesystem information, and, finally, the raw disk blocks.

Documentation of Incident

Clear and precise documentation should be maintained at every step in the incident response process, beginning with the initial documentation of the incident, which may include pictures, notes, or logs. During the investigation phase of the incident and all during the process, everything must be documented to maintain the incident. Any slight infraction can lead to tainted evidence and the investigation being sidelined.

Licensing/Digital Rights Management (DRM)/End-User License Agreement (EULA)

For this exam, you should be very comfortable with the many types of licensing arrangements available today, including DRM and EULAs that stipulate how the software can be used.

Valid Licenses

A valid license is a software license that is current and not counterfeit and, if not already used, valid for activation.

Non-Expired Licenses

A perpetual or non-expiring license is a license that, once purchased, is valid for the life of the software product. This licensing type is common with software such as video games.

Personal Use License vs. Corporate-Use License

A personal license is granted only to one end user for recreational purposes. At times, costly commercial software will license its product for non-commercial use to an individual or student, and this is intended for personal use only. Corporate-use licenses are intended for business use, typically by larger organizations, and are a form of paid commercial software licensed to a specific company for a certain number of users.

Open-Source License

An open-source license means that the software’s source code is freely available to the public. This means the software can be modified and recreated if desired by the end user.

Regulated Data

Within the scope of information technology is data that must be held to a higher standard than that of other data. In cases of regulated data, the federal government has developed standards for the handling of this data.

Credit Card Transactions

Credit card transactions are regulated by the standards set in the Payment Card Industry Data Security Standard (PCI DSS). These security standards ensure that all companies that accept, process, store, or transmit credit card information maintain the security of such information.

Personal Government-Issued Information

Personal government-issued information is any personal information that is on a document issued by either the government or state, such as driver’s licenses, social security cards, or birth certificates. While there is no specific regulation pertaining to this information, it should be securely stored and kept confidential. Much of the personal information contained in these documents overlaps with other regulations pertaining to securing personal data, such as HIPAA regulations.

Personally Identifiable Information (PII)

PII refers to any data that can be used to identify a person or individual, either as a stand-alone or in conjunction with other information. This information should always be kept secure and confidential.

Healthcare Data

Healthcare data contains protected health information/personal health information (PHI) and is any piece of data that can identify an individual or an ailment. This information is protected and regulated through HIPAA. Electronic health records (EHR) are complete medical records of a patient in electronic form. EHRs contain highly sensitive data and should be kept secure and confidential following HIPAA’s guidelines for usage.

Data Retention Requirements

Data retention requirements are the policies and regulations set in place that require a specified amount of time that data should be retained. These regulations vary by data type as well as by companies. Be aware of data retention requirements that affect your data type.