220-1202 Operational Procedures Study Guide for the CompTIA A+ Core Series Exam

Content and Privacy

In addition to physical safety regulations, you must also be aware of and familiar with regulations pertaining to prohibited content and activity, as well as privacy, licensing, and policy. You must be able to identify and explain the importance of these concepts.

Incident Response

Incident response refers to the chain of actions and events that are taken once an incident occurs. A clear incident response plan should be established by the company and followed to ensure a proper response. An incident response plan typically follows the basic steps of detecting or identifying the incident, then responding, reporting, recovering, remediating, documenting, and reviewing the incident.

Chain of Custody

Chain of custody documentation is used as a legally admissible map of what, why, who, and where a material or piece of evidence is at all times during an incident response. The chain of custody documentation should address who obtained it, who secured it, who controlled it, and, if moved, why it was moved, who moved it, how it was secured during the move, and who controlled it.

Informing Authorities

Anytime an incident occurs that triggers the incident response protocol, management should be informed. Management will help to evaluate the severity of the incident and decide whether the incident is potentially legally actionable. In some cases, law enforcement will need to be notified. Some regulations, such as regulations pertaining to personal identifiable information (PII), require a company to notify authorities within a set period of time, depending on the number of customers affected.

Copy of Drive

When responding to an incident, evidence is collected in order of volatility to provide the most accurate levels of data integrity and preservation.

Order of Volatility

Order of volatility refers to the practice of collecting data from sources that are most likely to be lost or overwritten with time. While the specific order may differ, the general order of volatility from most fragile to least is as follows: CPU registers and caches; active processes in the random access memory (RAM), which includes routing and Address Resolution Protocol (ARP) tables, process tables, and kernel statistics; temporary and swap files; disk storage; and remote drives or backups.

Incident Documentation

Clear and precise documentation should be maintained at every step in the incident response process, beginning with the initial documentation of the incident, which may include pictures, notes, or logs. During the investigation phase of the incident and throughout the entire process, everything must be documented to maintain a complete record of the incident. Any slight infraction can lead to tainted evidence and the investigation being compromised.

Licensing and Digital Rights

For this exam, you should be comfortable with the many types of licensing arrangements available today, including digital rights management (DRM) and end-user license agreements (EULAs) that stipulate how the software can be used.

Valid Licenses

A valid license is a software license that is current and not counterfeit and, if not already used, valid for activation.

Perpetual License Agreement

A perpetual or non-expiring license is a license that, once purchased, is valid for the life of the software product. This licensing type is common with software such as video games.

Personal-Use License vs. Corporate-Use License

A personal-use license is granted only to one end user for recreational purposes. At times, costly commercial software will license its product for non-commercial use to an individual or student, and this is intended for personal use only. Corporate-use licenses are intended for business use, typically by larger organizations, and are a form of paid commercial software licensed to a specific company for a certain number of users.

Open-Source License

An open-source license means that the software’s source code is freely available to the public. This means the software can be modified and recreated if desired by the end user.

Non-Disclosure Agreement (NDA)/Mutual Non-Disclosure Agreement (MNDA)

An NDA is a legally binding document that states that information shared by the primary party to the recipient is confidential and cannot be shared or disclosed. An MNDA is a legally binding document that protects the information of both parties.

Regulated Data

Within the scope of information technology, there is a hierarchy in which certain types of data must be held to a higher standard than other data. In cases of regulated data, the federal government has developed standards for its handling. Specific industries have also developed their own standards for handling sensitive data.

Healthcare Data

Healthcare data contains protected health information/personal health information (PHI) and is any piece of data that can identify an individual or an ailment. This information is protected and regulated through the Health Insurance Portability and Accountability Act (HIPAA). Electronic health records (EHR) are complete medical records of a patient in electronic form. EHRs contain highly sensitive data and should be kept secure and confidential following HIPAA’s guidelines for usage.

Personal Government-Issued Information

Personal government-issued information is any personal information that is on a document issued by either the government or state, such as a driver’s license, Social Security card, or birth certificate. While there is no specific regulation pertaining to this information, it should be securely stored and kept confidential. Much of the personal information contained in these documents overlaps with other regulations pertaining to securing personal data, such as HIPAA regulations.

Personally Identifiable Information (PII)

PII refers to any data that can be used to identify a person or individual, either as a standalone data point or in conjunction with other information. This information should always be kept secure and confidential.

Data Retention Requirements

Data retention requirements are the policies and regulations set in place that require a specified amount of time for data to be retained. These regulations vary by data type as well as by companies. Be aware of data retention requirements that affect your data type.

Credit Card Payment Information

Credit card transactions are regulated by the standards set in the Payment Card Industry Data Security Standard (PCI DSS). These security standards ensure that all companies that accept, process, store, or transmit credit card information maintain the security of such information. Rather than being a governmental regulation, the PCI DSS was developed by the credit card companies themselves.

Acceptable Use Policy (AUP)

An AUP is a policy put in place by an organization that states which types of actions are acceptable to perform using their equipment. Many organizations implement AUPs that state how employees are allowed to use their company-owned devices. Whenever accessing a public Wi-Fi®, such as at a coffee shop, you will have to acknowledge the AUP before getting access to the network.

Regulatory and Business Compliance Requirements

Networks are required to follow specific regulatory requirements, which can be local, state, or federal. Common regulations include the Sarbanes-Oxley Act, which regulates how companies protect and maintain financial records and data. HIPAA contains federal regulations that protect the privacy of medically related PII and data. The Family Educational Rights and Privacy Act (FERPA) regulates the processing and handling of student data. The Gramm-Leach-Bliley Act (GLBA) protects consumer information gathered by financial institutions.

Splash Screens

Compliance is the process of adhering to all relevant regulations, including local and federal guidelines. To document compliance, it may be necessary to use screenshots, which are generally accepted forms of proof of compliance. A splash screen is a screen capture that can be used to document problems, solutions, and the installation of software. The Windows OS includes the Steps Recorder, which documents each mouse click with a screen capture and information on what was clicked.

Communication and Professionalism

IT technicians have to communicate effectively with many different audiences. Those working in IT should be aware of the following concepts to use proper communication techniques and to show professionalism. Questions in this section will be scenario based.

Appearance and Attire

As an IT technician, you will be judged based on your appearance and attire. You should dress in accordance with company policy as well as how you wish to be perceived. You want to instill immediate confidence and respect in those you interact with, which begins with your personal appearance.

Matching the Environment

The attire you wear should reflect the environment in which you are working. Overdressing or underdressing will affect the way you are perceived by the client.

Formal

Formal attire, also known as business formal or business professional, usually requires a higher standard of dress that includes suits and ties, long-sleeved button-down shirts, dark colors, and dress shoes for men. Women are typically expected to wear a business suit or business skirt. Women’s attire can be more lightly colored but should be conservative in nature, with nylon stockings and dress shoes.

Business Casual

Business casual attire provides a more lax style of dress for both men and women. This style, however, is not to be confused with casual or street attire. Appropriate clothing items for men include dress pants or khakis, collared shirts, and a more lenient color palette. Women have many more options in clothing but should maintain a conservative style.

Language Use

You should always use proper language when speaking with a customer or client. The majority of end users are not very technology oriented, so you should avoid tech slang and acronyms. Instead, break down the meaning of all terms used in a constructive manner. We sometimes get caught up in technical language and should always avoid “tech speak” or talking above the client’s head.

Attitude

You should display a positive attitude when dealing with technical issues that may be complex. Use all cases as lessons to acquire more knowledge about technology. Also, be confident when discussing technical issues with end users. Be aware that it is more about being able to find the right answer than having all the answers memorized. Regardless of the situation, remain positive and project confidence in your work. Customers know that you don’t know everything, but you should avoid giving the impression that you are unsure of the procedure for finding a solution.

Listening

When discussing issues with a customer, actively listen and take notes when appropriate. Customers should never have to repeat themselves because you did not write down key details. Additionally, never interrupt customers while they are giving you information. Let them tell you their story in full, and then you can respond with follow-up questions if needed. Always listen to understand what the customer is saying.

Cultural Sensitivity

Remember that some people have different cultural backgrounds from others, so you should remain culturally sensitive to their requests. A language barrier may present itself, making communication difficult. Maintain respect and composure, and do not treat the person with a dismissive nature. Also, be mindful that other cultures have different mannerisms and values.

Addressing the Client

You should always greet users with respect and use their proper professional titles when addressing them. If someone is a director, don’t refer to them as a manager—not in person, in support documentation, or on the phone with one of your colleagues. This is an easy way to offend someone.

Punctuality

Punctuality is extremely important for an IT professional. Often, end users have meetings or their own work to complete, and you are seen as the entity that is holding them up. Always arrive on time for pre-scheduled appointments and contact clients if there will be any delay relating to the service. If anything is going to keep you from arriving at the client’s location on time, notify the customer of your situation beforehand and give them an estimated arrival time.

Distractions

While working with clients, be sure to avoid any type of distractions. This includes text messages, phone calls, or simply having conversations with other colleagues. You never want to give the impression that the end user does not have your undivided attention. Their technical problem must appear to be your number one priority in their presence, even when that is not the case.

Personal Calls

Personal calls should not be answered when working with a client. Silence your phones or send incoming calls straight to voicemail to avoid interruption.

Texting/Social Media Sites

Texting should also be avoided when interacting with a client. Answering text messages or receiving constant notifications when with a client is disrespectful. Additionally, do not browse social media sites when working with a client.

Personal Interruptions

Personal interruptions should be kept to a minimum. This is especially true for individuals working from home. Maintain a space where personal interruptions can be minimized.

Difficult Customers and Situations

Working as an IT technician, you will be faced with stressed and anxious clients who may become difficult. While these situations do occur in the field, it is important to adhere to some basic rules for diffusing the situation.

Responding Without Arguing

Arguing with customers will not get the result that either of you are hoping to achieve. Try not to become defensive when speaking with a client, even if they seem like they are being unreasonable. Letting the customer know that you understand their frustration will help them to feel confident that you can help them solve the problem.

Addressing Customer Issues

Try to avoid dismissing the customer’s problems or issues. Even though an issue may not seem like a big deal to you, it may be very important to them.

Withholding Judgment

Avoid being judgmental when working with clients. Something that may seem easy and self-explanatory to you could be quite challenging and difficult for them. It’s important to keep in mind that not everyone is tech-savvy.

Clarify Customer Statements

Ask questions to ascertain the root of the problem. When a customer tells you their story, restate what you believe the problem to be to confirm an understanding through the verification process. Some helpful clarification tactics include asking the client to walk you through the problem, asking open-ended questions, restating what the client is saying, and asking specific questions to verify your understanding of the problem.

Discretion

When dealing with difficult customers or situations, use discretion and professionalism when discussing their experiences and encounters. Discretion refers to using personal judgment within the confines of pre-established parameters to make appropriate choices and decisions.

Meeting Customer Expectations

When dealing with customers, establishing clear expectations will increase customer satisfaction and communication. To meet customer expectations, set clear timelines and appropriate expectations and always provide clear communications with the customer, including the current status.

Repair/Replacement Options

If possible, give the customer multiple options and alternatives. Even if you prefer one way, remember this is the end user’s equipment, and they should be given the opportunity to weigh their options. This may include the option to repair or replace the problem device or component. Do not make the customer feel as if they are being railroaded into a specific choice.

Documentation

Keep up-to-date documentation and provide this to the customer when the service is complete. Customers will feel more at ease if they can review what work was performed on their PC, as they will know exactly how their money was spent on the repair. Using thorough documentation will also protect you in case of a dispute.

Follow Up

When the device has been returned to the customer after service, follow up at a later time to verify satisfaction. This is one of the most important steps for maintaining repeat customers, as they will feel like you genuinely care about the service.

Confidential Materials

When working on a customer’s issue, use best practices in handling their data. This is the customer’s private information, and directly accessing this data is usually not required to complete a repair. It is your duty to keep that information safe and secure for as long as it’s in your possession. Access to the locations of private customer materials, whether on a computer, desktop, printer, hard drive, etc., should be limited and done in a secure location. Be mindful of who may be able to view or gain access to private materials to minimize the possibility of data breaches.