CompTIA A+ Core 1 & 2

🖥 Field call — APIPA address, no internet

Ticket: "My computer says 'No internet access' since this morning. I haven't changed anything." Your first move is ipconfig /all: the IPv4 address shows 169.254.x.x — APIPA, meaning the DHCP handshake failed.

Walk: 1) ping 192.168.1.1 (the gateway) — times out. The client can't reach the router so routing isn't the only issue. 2) Log into the router admin → Status → DHCP client table — the device isn't listed because the pool is exhausted (50 leases, all taken by stale guest devices). 3) Free two stale leases on the router, then on the client run ipconfig /release followed by ipconfig /renew — the client immediately picks up a valid 192.168.1.x address.

Verify: ipconfig /all now shows a real IP with gateway and DNS. ping 8.8.8.8 succeeds. Document: "DHCP pool exhaustion — reduced guest lease time to 2 hours and set stale-lease threshold."

🖥 Field call — POST beep loop after RAM upgrade

Ticket: "Tech just upgraded Bob's RAM from 8 GB to 32 GB. Now the PC won't boot — just continuous beeping." Continuous beeps = RAM failure signal on AMI/Phoenix BIOS.

Walk: 1) Power off and unplug. Put on an anti-static wrist strap. 2) Visually confirm: are the new sticks DDR4? Check the board spec — DDR4 and DDR5 have different notch positions and won't seat in the wrong slot. 3) Remove all sticks. Re-seat one stick in Slot 1 (the first channel slot per the motherboard manual — usually the slot furthest from the CPU). 4) Boot — one short beep, POST completes. 5) Add the second stick in its paired dual-channel slot (Slot 3 per the manual). Boot again — success.

Verify: Task Manager → Performance → Memory shows 32 GB at Dual Channel. Document: "RAM mis-seated after upgrade — re-seated both sticks in correct dual-channel slots per motherboard manual."

🖥 Applying the 7-step method — floor printer suddenly offline

Ticket: "All 12 people on the marketing floor can't print since 9 AM." Scope = entire floor = not a single-user issue.

Walk: 1) Identify — ask what changed: "IT ran DHCP renewals last night." 2) Theorize — printer lost its old lease and picked up a new IP. 3) Test — ping printer-mktg fails; nslookup printer-mktg returns the old IP; check the DHCP client table on the router — the printer's current address is 10.0.1.52 (was 10.0.1.20). 4) Plan — assign a static IP and update DNS to prevent recurrence; notify marketing of a 2-minute outage window. 5) Implement — log into the printer web UI, assign 10.0.1.20/24 static, set gateway and DNS. 6) Verify — test print from three different workstations. 7) Document — "Printer lost DHCP lease after nightly renewal; converted to static with DHCP reservation."

🖥 Windows repair chain — SFC fails after a botched update

Ticket: "Windows Update failed at 45% last night. Some apps won't open. I ran SFC but it said it couldn't fix all errors."

Why SFC failed: SFC draws from the Windows Component Store. If the store itself is corrupt (which a failed update can cause), SFC can't self-heal. Fix order is DISM first, then SFC.

Walk: 1) Open an elevated command prompt (right-click → Run as Administrator). 2) DISM /Online /Cleanup-Image /RestoreHealth — downloads a clean copy of the component store from Windows Update (5–15 min). 3) Once DISM finishes at 100.0%, run sfc /scannow — now it can access a valid store and actually repair protected files. 4) Reboot. If drive errors are suspected, schedule chkdsk C: /f /r at the next boot (type Y when prompted). 5) Reboot and verify that the previously broken apps launch.

Verify: Second sfc /scannow run reports no integrity violations. Document: "Component store corrupt after failed update; repaired via DISM → SFC → CHKDSK sequence."

🖥 Field call — browser hijacker + adware

Ticket: "My search engine changed to 'SearchPulse', new toolbars appeared, and there are pop-ups every few minutes."

Walk: 1) Identify — symptoms match a browser hijacker / adware bundle, likely installed via a freeware "custom install" that was clicked through. 2) Quarantine — disconnect from the network immediately (pull Ethernet cable, disable Wi-Fi) to stop any C2 callbacks or lateral spread. 3) Disable System Restore (Control Panel → System → System Protection) — malware can hide in restore points and reinfect after removal. 4) Remediate in Safe Mode — reboot to Safe Mode with Networking; update Malwarebytes definitions; run a full scan; quarantine and delete all detections. 5) Clean the browser — remove all unfamiliar extensions; reset homepage and default search engine. 6) Re-enable System Restore and create a fresh, clean restore point. 7) Educate — show the user the "custom install" option and where to uncheck bundled extras.

Verify: Browser opens to the correct homepage with no toolbars; CPU usage is normal; no ads. Document malware names found and all steps taken.

🖥 Wi-Fi security audit — legacy WEP on branch office AP

Ticket: "Security audit found WEP encryption on the Westfield branch office AP. Fix it before Friday."

Walk: 1) Log into the AP admin web UI (default gateway address, check DHCP table if unknown). 2) Navigate to Wireless → Security — current setting shows WEP. Change to WPA2-Personal, AES encryption (not TKIP — TKIP is also deprecated and should never be selected). Set a passphrase of 16+ mixed characters. 3) Disable WPS (Wi-Fi Protected Setup) — it has a known brute-force vulnerability that can recover the PSK in hours regardless of passphrase strength. 4) Save and apply. 5) Reconnect all branch devices with the new passphrase; verify each connects successfully.

Verify: A wireless scan from a laptop should show the SSID advertising WPA2 security. Document: "Westfield branch AP migrated from WEP → WPA2-AES; WPS disabled per security policy."

🖥 Disaster recovery — ransomware encryption at 2 AM

Ticket: "File server is showing ransom notes. All shared documents are .locked files. Marketing can't work."

Walk: 1) Do NOT pay — payment funds the attacker and guarantees nothing. 2) Isolate immediately: pull the server's network cable to stop lateral spread to other shares and backup paths. 3) Check the backup log: per the 3-2-1 policy there is a full backup on the NAS from Friday night and an incremental from Sunday night (RPO target = 8 hours). 4) Spin up an alternate file server; restore the Friday full, then apply the Sunday incremental on top — data is back within 4 hours (RTO target). 5) Validate: have three managers spot-check their own folders for integrity. 6) Wipe and rebuild the infected server from a known-good image — do not restore it in-place. 7) Document the full incident timeline, RPO and RTO achieved, attack vector, and preventive measures added (additional email filtering, patch schedule, AP segmentation).

Outcome: RPO (data age at recovery) ≈ 8 hours. RTO (time to restore operations) = 3.5 hours. Both within policy. Submit incident report to CAB post-mortem.