How to Use This App

Welcome to the Cyberpunk Chicago Netrunner Academy — your A+ Core 2 exam sprint tool.

Saving Your Progress

Your progress is automatically saved in your browser after every answer. However, browser storage can be cleared by cache wipes, different browsers, or private/incognito mode — and it does not sync across devices.

To keep your progress safe, always export a save file before closing:

  1. Click Export Save File in the left sidebar.
  2. Save the downloaded .json file somewhere you can find it.
  3. Next time you open the app, click Import Save File and select that file to restore everything.

If you close without exporting and your browser storage is intact, your progress may still be there — but do not count on it.

What Each Section Does

Dashboard

Daily missions, XP level, readiness score, and weak areas at a glance.

Quizzes

Professor Messer A/B/C practice exam question banks. Timed or untimed.

Section Drills

15-question drills per CompTIA objective section, standard and hard mode.

Practice Exam

Simulate a full or partial exam with randomized questions from all banks.

Wrong Answers

Every missed question lands here. Answer it correctly 3 times to clear it.

Command Trainer

Type the command from memory. Builds muscle memory for CLI questions.

Flashcards

Flip-card review of key terms and concepts by objective.

TOC / Lessons

Full Professor Messer lesson notes with search. Use when you miss a question.

You are ready. Click Dashboard to begin.

Cyberpunk Chicago Netrunner Academy

CompTIA A+ Core 2 sprint plan for your July 7 exam. Study fast, track weak areas, and only count answers when they are actually correct.

Days Remaining
--
Level
1
Readiness
0%
Accuracy
0%

Daily Missions

Weak Areas

Quiz Grid

Quiz bank replaced with Professor Messer Practice Exam A/B/C questions only. Correct answer = green. Wrong answer = red. Wrong choices never count as correct.

Practice Exam Mode

Choose how many Professor Messer questions you want to practice. References stay visible so you can study the Messer answer section and open Research (PM) or Deeper Research (CM) when you miss one.

Wrong answers are saved automatically. If you answer a wrong-answer item correctly 3 times, it clears from the Wrong Answers deck.

Flashcards

Command Trainer

Choose a category, then type the command you would use.

Troubleshooting Scenarios

Table of Contents

Use TOC (PM) for Professor Messer course-note study sections and TOC (CM) for CertMaster deeper study sections. Click any topic to open the notes above the list.

Select a TOC item

Clicked sections will open here with the matching reference summary, keywords, and study guidance.

Wrong Answers Deck

Every wrong quiz or practice exam answer lands here. Get a missed question correct 3 times and it disappears from this deck.

Active Wrong Answers
0
Mastery Rule
3x
correct streak removes it

Personal Notes

Saved automatically in this browser on this device.

VISUAL REFERENCE

Key tables and concept panels from all 4 exam domains + Password Attacks deep dive.

Defence in Depth — 6 Layers

1
Physical SecurityMantraps, CCTV, badge readers, biometrics, cable locks, guards, locked racks
2
Perimeter / NetworkFirewall, IDS/IPS, VPN gateway, SOHO hardening, WPA3, port security, network segmentation
3
Host / EndpointAntivirus, Windows Defender, patching, host firewall, FDE (BitLocker/FileVault), app allowlisting
4
Identity & AccessMFA, Active Directory, RBAC, SSO, least privilege, password policies, account lockout
5
ApplicationInput validation, patch management, code signing, sandboxing, secure SDLC, WAF
6
Data & MonitoringEncryption at rest/transit, DLP, SIEM, incident response, chain of custody, forensics

Authentication — 3 Factors

  • Something You Know — password, PIN, passphrase
  • Something You Have — smart card, token, OTP, mobile app
  • Something You Are — fingerprint, retina, face, voice
  • MFA — combine two or more different factor types
  • SSO — one auth, many services (SAML, OAuth, OIDC, Kerberos)
  • Windows Hello — face/fingerprint/PIN backed by TPM

Active Directory

  • ADDS — database of the entire network
  • Objects — users, computers, printers, groups, OUs
  • Kerberos — ticket-based authentication protocol
  • GPOs — pushed domain-wide to all joined machines
  • OUs — group objects; apply different GPOs per OU
  • Domain join: Control Panel → System (needs Pro+)

Physical Controls (2.1)

  • Mantraps/Airlocks — two-door entry; one person at a time
  • Badge readers / RFID — proximity cards; access logs
  • Biometrics — fingerprint, retina, face
  • CCTV + Guards — deterrence + response capability
  • Cable locks — Kensington locks for laptops
  • Disposal — chain of custody document required

Logical Controls (2.1)

  • Least Privilege — minimum access needed for the job
  • ACLs — per-file/folder permission entries
  • Account lockout — N failed attempts → lock
  • Password policy — length, complexity, history, expiry
  • Login time restrictions — business hours only
  • Port security — disable unused switch ports

Wireless Encryption Standards (2.3) — WEP → WPA3

ProtocolEncryptionAuthKey SizeStatus
WEPRC4Open / Shared Key64/128-bit❌ BROKEN — never use
WPATKIP (RC4)PSK or 802.1X128-bit⚠️ Weak — avoid
WPA2-PersonalAES-CCMPPre-Shared Key128-bit✅ Acceptable
WPA2-EnterpriseAES-CCMP802.1X / RADIUS128-bit✅ Strong — per-user
WPA3-PersonalAES-GCMPSAE (replaces PSK)128-bit✅ Latest — forward secrecy
WPA3-EnterpriseAES-GCMP802.1X / RADIUS192-bit✅ Highest — 192-bit

RADIUS / AAA: Authentication + Authorisation + Accounting. Enterprise WiFi uses RADIUS so each user authenticates individually via 802.1X — revoke one person without changing PSK for everyone.

Malware Types (2.4) — Know All 8

🦠
Virus

Attaches to files; requires user action to run/spread. Corrupts files, opens backdoors.

User-triggeredFile-based
🪱
Worm

Self-replicates across networks without user action. Exploits OS/app vulnerabilities.

No user actionNetwork spread
🎭
Trojan

Looks legitimate. User installs it. Opens backdoors. Does NOT self-replicate.

DisguisedBackdoor
💰
Ransomware

Encrypts files; demands crypto. Double extortion: exfiltrate first. Spreads via phishing or RDP.

Encrypts filesDouble extortion
👁
Spyware / Keylogger

Silent background monitor. Captures keystrokes, passwords, credit cards, browsing habits.

StealthData theft
🤖
Botnet / RAT

Remote Access Trojan gives full control. Infected PCs join botnet for DDoS, spam, cryptomining.

Remote controlDDoS
🔓
Rootkit

Hides in OS, bootloader, or kernel. Extremely hard to detect. May survive reinstall if in firmware.

Kernel-levelSelf-hiding
💣
Logic Bomb

Dormant code triggered by date, event, or user action. Planted by insiders. Wipes data on trigger.

Trigger-basedInsider threat

7-Step Malware Removal — Memorise In Order

1
Identify & Investigate

Research type. Symptoms: unusual processes, encrypted files, pop-ups, high network activity, disabled security tools.

2
Quarantine — Network Isolation

Physically disconnect cable AND disable WiFi. Stops spread and C&C communication.

3
Disable System Restore

Prevents malware hiding in restore points. Turn off on all infected volumes.

4
Remediate in Safe Mode

Reboot to Safe Mode. Run multiple anti-malware tools. Check startup items, scheduled tasks, registry run keys.

5
Schedule Scans & Update Everything

Update OS patches, anti-malware definitions, all apps. Schedule recurring scans. Change all passwords.

6
Re-enable System Restore + New Restore Point

Re-enable on now-clean system. Create fresh restore point as clean baseline.

7
Educate End User

Explain how infection occurred. Train on phishing recognition, safe downloads, USB safety.

Social Engineering (2.5)

  • Phishing — deceptive email; steal credentials or deliver malware
  • Spear phishing — targeted, personalised phishing
  • Whaling — phishing targeting CEO/CFO/C-suite
  • Vishing — voice call phishing; fake IT support
  • Smishing — SMS phishing; fake delivery alerts
  • Impersonation — pose as IT staff / vendor
  • Shoulder surfing — physically watch PIN entry
  • Dumpster diving — recover credentials from trash
  • Tailgating — follow authorised person through door

Technical Attacks (2.5)

  • DoS/DDoS — overwhelm resources; DDoS uses botnet
  • On-path (MITM) — intercept traffic; ARP poisoning
  • Spoofing — forge IP, MAC, DNS, email identity
  • Zero-day — exploit before patch; most dangerous
  • SQL injection — malicious SQL in web forms
  • XSS — inject scripts into trusted web pages
  • Supply chain — compromise vendor software/hardware
  • BEC — impersonate exec for wire transfers

SOHO Hardening (2.10)

  • Change default router admin credentials immediately
  • Update router firmware regularly
  • WPA3 minimum (never WEP/WPA)
  • Disable WPS — vulnerable to PIN brute-force
  • Change default SSID name
  • Enable guest network for IoT and visitors
  • Disable remote management from internet
  • Review port-forwarding rules

Data Destruction (2.9)

  • Overwriting — DoD 5220.22-M (7 passes); HDDs only
  • Degaussing — magnetic field; HDDs only; drive unusable after
  • Cryptographic erase — destroy key; SSDs/NVMe; instant
  • Physical shredding — NSA-certified; any media
  • Incineration — highest security; certificate of destruction
  • ⚠️ Overwrite does NOT reliably work on SSDs
  • Document all disposal: chain of custody
📖 Dictionary Attack
ActiveOffline/Online
Feeds a wordlist (e.g. rockyou.txt) into a tool. Tries each entry against a hash or login. ~90% of passwords appear in common wordlists.
→ Avoid common words; complexity rules; rate-limit
🔨 Brute Force
ActiveOffline/Online
Tries every possible combination. Guaranteed to succeed given time. Modern GPUs test billions of hashes/second.
→ Long passphrases 12+; account lockout; MFA
🔀 Hybrid Attack
ActiveOffline
Combines dictionary words with brute-force mutations — append numbers, symbols, capitalise first letter (e.g. Password1!).
→ Avoid predictable mutations and patterns
🗃️ Credential Stuffing
ActiveOnlineOpportunistic
Uses breached credential pairs from one site against other sites, exploiting password reuse. Requires prior breach data.
→ Unique passwords per site; MFA; bot detection
🌊 Password Spraying
ActiveOnline
Tries a few common passwords across many accounts. Evades lockout by staying below threshold per account. Does NOT need prior breach data.
→ Block common passwords; MFA; detection alerts
🎣 Phishing
ActiveOnline
Deceptive emails/sites trick users into entering credentials on fake login pages. Can be mass or targeted.
→ Awareness training; FIDO2 MFA; email filters
🎯 Spear Phishing
ActiveTargeted
Highly personalized phishing using OSINT research on a specific individual. More convincing, higher success rate.
→ Verify via second channel; limit OSINT exposure
⌨️ Keylogging
Passive
Records keystrokes via malware or hardware logger. Captures passwords as typed — password complexity provides NO protection.
→ EDR; hardware security keys; check USB ports
🕵️ MitM (On-path)
ActiveOnline
Intercepts communication between user and server. ARP spoofing or SSL stripping to capture credentials in transit.
→ HTTPS + HSTS; certificate pinning; VPN
🌈 Rainbow Table
ActiveOffline
Pre-computed hash lookup tables. Instantly reverse password hashes. Defeated by SALT — NOT by password length.
→ SALT hashes; use bcrypt/Argon2/scrypt
🎭 Social Engineering
ActiveTargeted
Psychologically manipulates people into revealing credentials. Exploits trust, authority, urgency, and fear.
→ Verification procedures; security awareness training
👀 Shoulder Surfing
PassivePhysical
Physically observing someone type their password or PIN. Can be direct or via camera. Hard to detect.
→ Privacy screens; awareness; screen shields in public
🗑️ Dumpster Diving
PassivePhysical
Retrieves improperly disposed documents, sticky notes with passwords, old drives, printed password lists from trash.
→ Cross-cut shredding; clean-desk policy; drive wiping
🔑 Pass-the-Hash (PtH)
ActiveLateral Movement
Captures NTLM hash from LSASS memory and replays it to authenticate. No cracking needed — bypasses password complexity entirely. NotPetya used this.
→ Credential Guard; disable NTLM; least privilege

Password Strength Guide

LengthCharsetCrack Time
6 charslowercaseInstant
8 charslowercase~2 hours
8 charsmixed + symbols~8 hours
10 charsmixed + symbols~5 years
12 charsmixed + symbols~34,000 years
16 charsmixed + symbolsCenturies+

Key Vocabulary

Hash
One-way function converting password to fixed-length string
Salt
Random data added before hashing — defeats rainbow tables
NTLM
Windows auth protocol using MD4 hashes; vulnerable to Pass-the-Hash
LSASS
Windows process storing credential hashes in memory; Mimikatz target
Credential Guard
Windows feature isolating LSASS with virtualization-based security
HSTS
HTTP Strict Transport Security — forces HTTPS connections only
bcrypt / Argon2
Slow hash algorithms by design — resist brute-force attacks

⚡ Exam Quick Tips

  • Dictionary ≠ Brute Force: Dictionary uses wordlists; brute force tries ALL combinations
  • Credential stuffing requires prior breach data; password spraying does NOT
  • Rainbow tables defeated by SALTING — not by password length
  • Pass-the-Hash bypasses cracking — password complexity doesn't help
  • Spear phishing is targeted; regular phishing is mass/opportunistic
  • Keyloggers are passive during capture but active during installation
  • FIDO2 keys are phishing-resistant — they verify the server's origin
  • bcrypt/Argon2/scrypt are slow hashes by design — a feature, not a bug

Top 10 Defenses

  1. Use MFA (preferably FIDO2)
  2. Unique passwords per site
  3. Use a password manager
  4. Enable breach monitoring
  5. Use long passphrases (12+ chars)
  6. Rate-limit login attempts
  7. Salt & hash with bcrypt/Argon2
  8. Security awareness training
  9. HTTPS + HSTS everywhere
  10. Least-privilege access model

Attack Comparison Table

AttackCategorySkillDetectionMFA EffectPrimary Defense
DictionaryTechnical-OfflineBeginnerMediumHighAvoid common words; complexity
Brute ForceTechnical-OfflineBeginnerEasyHighLong passphrases; lockout; MFA
HybridTechnical-OfflineIntermediateMediumHighAvoid predictable mutations
Credential StuffingTechnical-OnlineBeginnerHardHighUnique passwords; MFA; bot detect
Password SprayingTechnical-OnlineIntermediateHardHighBlock common passwords; MFA
PhishingHuman-BasedBeginnerMediumPartialAwareness training; FIDO2
Spear PhishingHuman-BasedAdvancedHardPartialVerify via second channel
KeyloggingTechnical-OnlineIntermediateHardPartialEDR; hardware security keys
MitMTechnical-OnlineIntermediateMediumPartialHTTPS + HSTS; cert pinning
Rainbow TableTechnical-OfflineIntermediateEasyNoneSalt hashes; use bcrypt/Argon2
Social EngineeringHuman-BasedBeginnerHardPartialVerification procedures; training
Shoulder SurfingPhysicalBeginnerHardLowPrivacy screens; awareness
Dumpster DivingPhysicalBeginnerHardNoneShredding; clean-desk; drive wipe
Pass-the-HashTechnical-OnlineAdvancedHardLowCredential Guard; disable NTLM

File Systems (1.1)

File SystemOS / UseKey Facts
NTFSWindows primaryQuotas, EFS encryption, compression, symbolic links, ACLs. Limited cross-OS write support.
FAT32Legacy cross-platformMax file: 4 GB. Max volume: 2 TB. No permissions or journaling. Readable on all major OSes.
exFATFlash drives / USBNo 4 GB file limit. Win/macOS/Linux compatible. Ideal for USB sticks. No journaling.
ReFSWindows ServerSelf-healing integrity. RAID-like redundancy. No chkdsk needed. Huge storage arrays.
ext4Linux / AndroidDefault Linux FS. Journaling, large volume support. Update of ext3.
APFSmacOS / iOSOptimised for SSDs. Encryption, snapshots. macOS High Sierra+, iOS, iPadOS.

Windows Editions Comparison (1.3)

EditionDomain JoinBitLockerRDP HostGroup PolicyMax RAM
Home✗ (Device Encrypt only)Client only128 GB
ProHost + Client2 TB
Pro WorkstationsHost + Client6 TB
EnterpriseHost + Client6 TB

Win 11 requires TPM 2.0 + UEFI Secure Boot. Win 10 EOL: October 14, 2025. Enterprise also includes AppLocker, BranchCache, MDM/MAM.

Windows CLI Commands (1.5)

CommandFunctionKey Flags
ipconfigView/refresh IP configuration/all · /release · /renew · /flushdns
pingTest ICMP reachability-t continuous · -n N count · -l packet size
tracertTrace route; map hops-d skips DNS; uses ICMP TTL exceeded
pathpingtracert + per-hop statsPhase 1 = map, Phase 2 = latency/loss per hop
netstatActive connections + ports-a all · -b binaries · -n no DNS
nslookupDNS query toolnslookup google.com · nslookup 8.8.8.8
net use / net userMap shares / manage usersnet use h: \\server\share · net user admin * /domain
chkdskCheck + repair disk errors/f fix errors · /r bad sectors (implies /f)
sfc /scannowRepair corrupt OS filesRun as Admin; scans all protected Windows files
diskpartFull disk partitioning CLI⚠️ list disk → select disk N → clean → convert gpt
gpupdate /forceForce Group Policy updategpresult /r — show effective policies
shutdownShutdown or restart/s /t 0 · /r /t 0 · /a abort

Linux Permissions & Key Files (1.9)

#Permissionrwx
7Read Write Execute
6Read Write-
5Read Execute-
4Read only--
0None---

chmod 744 script.sh = owner:rwx | group:r | others:r

chown user:group file — change owner and group

Key config files:

/etc/passwd — registered users (username:pw:UID:GID:info:home:shell)

/etc/shadow — encrypted password hashes + policy

/etc/hosts — local hostname→IP override; checked first

/etc/fstab — filesystem table; auto-mount on boot

/etc/resolv.conf — DNS server config

CompTIA 6-Step Troubleshooting Methodology — Never Skip Steps

01
Identify
Gather info, duplicate problem, check recent changes, check environment
02
Theorise
Question the obvious first. Multiple possible causes. Research if needed.
03
Test Theory
Confirm or disprove. ONE change at a time. If wrong, re-theorise.
04
Plan & Fix
Action plan, side effects, approval, rollback plan, implement fix.
05
Verify
Confirm resolved. Test ALL systems. Verify user satisfaction.
06
Document
Root cause, solution, lessons learned, close ticket, update KB.

Never change more than one variable at a time when testing. Document every step.

Boot Problems (3.1)

  • WinRE — Windows Recovery Environment; Shift+Restart or install media
  • bootrec /fixmbr — repair Master Boot Record
  • bootrec /fixboot — write new boot sector
  • bootrec /scanos — scan for Windows installs
  • bootrec /rebuildbcd — rebuild BCD store
  • Startup Repair — automated fix in WinRE
  • Safe Mode — minimal drivers (F8 or msconfig)
  • Last Known Good Config — last working registry state

BSOD Troubleshooting

  • Note the STOP error code (e.g. IRQL_NOT_LESS_OR_EQUAL)
  • Event Viewer → Windows Logs → System
  • Check recent driver or hardware changes
  • mdsched.exe — memory diagnostic on next reboot
  • chkdsk C: /f /r — check disk integrity
  • Check CPU/GPU temperatures — overheating causes BSODs
  • WinDbg — analyse minidump at C:\Windows\Minidump

Performance Issues

  • Task Manager → top CPU/RAM/Disk hogs
  • Startup tab — disable high-impact programs
  • Run Windows Update
  • Full malware scan — cryptominer causes slowdown
  • Defrag HDD only (NEVER SSD)
  • Low disk space <10% → very slow; clean up
  • Check thermal paste / clean fans

Network Connectivity Steps

  • 1. ipconfig — valid IP? 169.254.x.x = APIPA = no DHCP
  • 2. ping 127.0.0.1 — TCP/IP stack working?
  • 3. ping [gateway] — local network working?
  • 4. ping 8.8.8.8 — internet working?
  • 5. ping google.com — DNS working?
  • 6. ipconfig /flushdns — clear DNS cache
  • 7. netsh winsock reset — fix corrupt TCP/IP

App Crashes

  • Event Viewer → Windows Logs → Application
  • Update or reinstall the application
  • Compatibility mode (right-click → Properties)
  • Run as Administrator — permission issue
  • Create new user profile — may be corrupt profile
  • sfc /scannow — fix corrupt OS files apps depend on

Diagnostic Toolkit

  • msconfig — boot options, safe boot, selective startup
  • eventvwr — Application/System/Security logs
  • resmon — per-process disk/net/RAM detail
  • mdsched — RAM test next boot
  • sfc /scannow — repair protected OS files
  • dism /online /cleanup-image /restorehealth
  • chkdsk /f /r — disk error repair

Mobile Device Troubleshooting (3.2–3.4)

ProblemLikely CauseFix
App crashingCorrupted cache, storage fullForce stop → clear cache → uninstall/reinstall
Battery drainRunaway app, old battery, radios activeCheck battery usage per app; disable BT/NFC/GPS
OverheatingRunaway app, cryptominer, direct sunlightRemove case; close background apps; scan for malware
High data usageMalware calling home, rogue appCheck per-app data; scan for malware; revoke access
Ransomware lockoutRansomware installedFactory reset (if backup available); contact MDM admin
Unauthorized accessCompromised credentialsChange password immediately; enable MFA; revoke sessions
Unusual permissionsMalicious appDeny permission; uninstall app; report to store

Jailbreaking/Rooting: removes ALL security controls. MDM detects and can block corporate access. Sideloaded apps bypass store vetting — major malware risk.

Backup Types (4.3)

TypeBacks UpArchive BitBackup SpeedRestore Speed
FullALL data every timeClearedSlowestFastest (1 set only)
IncrementalChanges since last backup (any type)ClearedFastestSlowest (full + ALL incrementals)
DifferentialChanges since last FULL backupNOT clearedMediumFast (full + latest diff only)

3-2-1 Rule: 3 copies · 2 different media types · 1 copy offsite.

RAID is NOT a backup — ransomware and accidental deletion hit all mirrors simultaneously.

GFS Rotation: Son=daily incrementals (Mon–Thu) · Father=weekly full (Friday) · Grandfather=monthly full (last Friday of month)

ESD + Fire Safety (4.4–4.5)

  • Humans feel ESD at ~3,000V; chips die at ~10V
  • Anti-static wrist strap — must connect to ground
  • Anti-static bags — grey/silver for storage/transport
  • Humidity 40–60% — too low increases static
  • Class C (Electrical) — CO2 / dry chem — NEVER water!
  • Class A (ordinary combustibles) → water OK
  • Class B (flammable liquids) → CO2
  • Server rooms: clean-agent (FM-200, Novec 1230)
  • Data centre temp: 65–80°F (18–27°C)

Remote Access Technologies (4.9) — Know the Ports

TechnologyPortUse CaseSecurity
RDPTCP 3389Full Windows desktop remote controlEnable NLA; use VPN; restrict by IP; MFA
VNCTCP 5900Cross-platform screen sharingAlways tunnel via SSH or VPN
SSHTCP 22Secure CLI to Linux/network devicesKey-based auth; disable root; fail2ban
TelnetTCP 23❌ Legacy plaintext CLI — never useReplace with SSH immediately
OpenVPN1194 UDPEncrypted VPN tunnel to corporate networkBest practice: VPN → then RDP; MFA on VPN
IPSec VPN500/4500 UDPIKE key exchange / NAT traversalEnterprise-grade; hardware VPN concentrators
RDP GatewayTCP 443RDP wrapped in HTTPS through firewallFirewall-friendly; requires TLS certificate
22
SSH
23
Telnet — NEVER
80
HTTP
443
HTTPS / RDP GW
3389
RDP
5900
VNC
1194
OpenVPN (UDP)
500
IKE / IPSec

Scripting Languages (4.8)

PowerShell
.ps1 — Windows
AD, registry, WMI, system admin, remote management via WinRM. Set-ExecutionPolicy controls execution.
Python
.py — Cross-platform
Data processing, APIs, web automation, AI/ML, log analysis. Massive pip library ecosystem.
Bash
.sh — Linux/macOS
Linux admin, cron automation, file management, user management, deploy scripts.
Batch
.bat — Windows CMD
Legacy Windows automation; login scripts; still found in older enterprise systems.
VBScript
.vbs — Windows
Legacy enterprise; IE automation; largely replaced by PowerShell.
JavaScript
.js — Cross-platform
Web automation, Node.js, REST API calls, JSON processing, workflow tools.

Script Security: Never run scripts from unknown sources. Sign enterprise scripts. Run with least privilege. Log all executions. Obfuscated scripts = suspicious.

Change Management (4.2)

  1. Submit RFC — what, why, when, who, rollback plan
  2. Risk Assessment — impact analysis, test in non-prod
  3. CAB Approval — Change Advisory Board; standard vs emergency
  4. Implement — execute during maintenance window, step-by-step
  5. Verify + Close — test all systems; update docs; lessons learned

Emergency changes bypass CAB but still require post-review documentation. Undocumented changes = #1 cause of IT outages.

Compliance & Regulations (4.7)

  • GDPR — EU data; 72h breach notification; right to be forgotten; up to €20M fine
  • HIPAA — US healthcare PHI; up to $1.9M penalties per category
  • PCI-DSS — payment card; 12 requirements; mandatory for card processing
  • NIST SP 800-63B — min 8 chars; no forced rotation if no breach; allow paste
  • Software licensing: OEM · Retail · Volume · Subscription · Open-source

3D ULTRA VISUAL

Full interactive reference — all 4 Core 2 domains with 3D visuals.

PASSWORD ATTACKS

Full interactive deep-dive — 14 attack types, study sheet, mind map, and comparison table.

SECTION DRILLS

Study one objective at a time. Watch the video → take the drill → earn XP.