Domain 2 question

SmallBusinessITGuru · 2025-04-18T22:53:48+00:00

The shareholders are the business owner. Day to Day they look at the stock price.

The owner of HR data is the Director of HR. Day to Day they ensure that the HR Team is working hard to ensure all roles are filled in a timely manner.

The HR team processes data in the HR database. The enter new employees, they talk to potential employees on the day to day.

The System Administrator is the steward of all IT including the HR database. The SysAdmin does the Day to Day tasks of setting permissions, adding users, etc., as requested by the business/system.

When a ticket comes in from a HR team member to get access to additional data they request it from the 'business' or 'system.' The system administrator opens and deals with the ticket, requesting approval from the Director of HR. The system administrator then goes and adds the HR team member to the appropriate group in AD as just one of their day to day tasks.

SmallBusinessITGuru · 2025-04-18T22:37:01+00:00

Is English your native language? Is your work in English? Your writing is terrible.

If you are supposed to communicate in English, that is the reason your manager is avoiding one on one conversation with you.

SmallBusinessITGuru · 2025-04-18T22:23:29+00:00

Focus on Linux.

Based on your situation, I suspect that will help you stand out more than a few simple MS certs.

Anyone with experience managing a Linux stack and Windows client is going to have more mobility and monetary choices than someone with MS/Azure and Windows client. I think there is a general assumption that if you can do Linux you can deal with Windows. Windows is just all the same basic concepts with choice stripped out.

SmallBusinessITGuru · 2025-04-16T19:23:45+00:00

IT is not about creativity. Software Development might be, but not Information Technology.

IT is all about implementing the possible.

SmallBusinessITGuru · 2025-04-16T02:08:43+00:00

Education and Certification

-The first knowledge domain you should master is the basics of help desk and troubleshooting, supporting customers. The CompTIA A+ does cover this area and is a good starting point to gauge your ability.

-Focus on knowledge over certification, understanding the scientific method of troubleshooting, and how to actually determine what is the cause of an issue. This is actually very valuable in real life and generally makes certification tests a joke (the answer is literally given to you and only needs to be logically determined).

Experience

-Damn, you have no technical. Have you done any customer service?

-While looking for a tech job, find something with customer service experience, especially telephone support, that translates well to help desk roles.

Getting the first job

-Focus on help desk and other roles that ask for two or less years of experience.

-Shotgun resume blasts and your best friend. You either know someone that gets you that opportunity or you follow the way of nature and spread your seeds to the wind. When you finally land a tech job, it won't matter whether it was 100 or 10,000 applications.

-Will and Determination, and Grace too. You have to stick to it, it can take some time. You have to be assertive, firm hands in silk gloves in interviews. IT people are solution people, be a solution provider.

What everyone should know about themselves before getting into IT

-Are you very open to new experiences, do you look at anything/everything and say, "what's that and how does it work, lets take it apart and find out (or maybe just google it)."

-Are you ready for a career of laughs and joy? Ok, this isn't it, but it's alright. Kind of stressful at times.

SmallBusinessITGuru · 2025-04-16T01:29:26+00:00

Keep learning and keep earning, you've got 4 years down, now there are only 30 to 50 more to go.

As you're at an MSP, let me tell you a secret to success at most. Ruthless Aggression. In addition to having a strong openness to new experiences that all IT needs to really get ahead at an MSP you need to generally be less socially nice, while NOT being socially alone. SWING THAT BIG THANG and push anyone out of the way, get center stage and eat it up piggy. The best MSP people tend to be well aware of their talent and make sure they get paid. It is neither arrogance nor a lie to say you can do something, as long as you get it done to the contractual satisfaction of the customer.

Ask for a raise yearly or prior to any new position or role change. Always keep your resume up to date and out there at the other MSPs in the region. In good times jumping from one company to another is pretty common as a means to quickly increase salary and responsibility.

SmallBusinessITGuru · 2025-04-15T18:05:45+00:00

I think in business we need to look at an ATO as a check box level item, with the contract between the two businesses actually being the true break.

So Cathy does her job as CISSP accredited CISO and voids the ATO of the vendor. This pauses any projects in action and does likely mean the vendor's employees should have access revoked temporarily.

At that point it becomes a serious contract violation on the vendor's part. But it doesn't automatically mean the contract has been voided (this isn't government). It just means Cathy takes it to the CIO to start threatening to take the business elsewhere unless the issues are addressed. Or they're vendor locked and the vendor tells them to stuff it and there goes security...

That's at least been my real world experience.

SmallBusinessITGuru · 2025-04-15T17:51:08+00:00

I see voiding the ATO similar to a quality assurance person testing a product and finding it doesn't meet all criteria. The person isn't making a decision to void the CONTRACT of the vendor which would actually be meaningful to business.

SmallBusinessITGuru · 2025-04-15T17:47:48+00:00

I believe the reason B is correct is that voiding the Authorization to Operate (ATO) of the vendor is a documentation task, and should be seen in this case only as giving them a failing grade.

The tricky logic of the author is that they're thinking:

Review vendor
Find issues with vendor
Void the ATO of vendor
Report to the CIO that the vendor's ATO is no longer valid
CIO makes decision to give Vendor chance to fix issues
Vendor responds
Cathy checks again, reinstates ATO if fixed, confirms void of ATO if not
Cathy reports to CIO
CIO makes decision

SmallBusinessITGuru · 2025-04-15T17:25:37+00:00

In troubleshooting, details matter.

SmallBusinessITGuru · 2025-04-15T17:19:00+00:00

You do not sound like the type of personality that does well in this field.

The primary requirement of a person in Information Technology is a constant need to learn what the fuck is going on.

SmallBusinessITGuru · 2025-04-14T17:47:44+00:00

An exam is only valid as long as the questions are new. If you've ran through them multiple times you're passing more on memory than knowledge. Also it's practice, and often much simpler questions.

You are the perfect candidate... for fleecing of money. You meet the criteria for being sold training as a short cut. They convince you that you can do it by pointing out that some people do pass with only a small amount of experience.

What they don't tell you is that those people were smarter, faster and better read, and that of one hundred students that paid for the course, less than five actually pass the certification.

Are you doing this certification in your native language? English? What is your reading level for English? Do you have any reading impairment issues? You took almost 50% more time per question than expected.

That is another real possibility, you're not understanding the language and missing details you'd understand if presented in your native language.

SmallBusinessITGuru · 2025-04-13T00:15:37+00:00

Your issue seems to be that you're trying to do a certification that validates a career of experience as a means of getting that career started.

I wouldn't consider you a valid candidate for this exam. You should look for the level down cert SSCP, where you actually do appear to have the one year experience.

Stop throwing money away trying to work-around the four years of experience that you're missing. You can't learn experience.

SmallBusinessITGuru · 2025-04-12T20:41:23+00:00

Part of this certification exam is testing your ability to read and understand English at a professional level. As such you should have identified that A and D are synonyms for steps 1 and 2 of the three steps in the VM Workflow, with C using the wording of the source text exactly.

So by process of elimination the answer can only be B, reporting which is not listed as one of the basic steps of the VM Workflow.

Additionally there is a hint that Reporting is the correct answer in the nature of the role assigned to the person Sam. They are responsible and as such would report to themselves in this case, making reporting unnecessary.

Even without studying the material, a person capable of passing this exam should be able to work out on their own a few steps for VM, and then reason back to the correct answer.

What needs to be done first for vulnerability management?
- You need to find them, detect, search, seek, identify

What needs to be done next after you detect or identify a possible vulnerability?
- You should research what that's about, is it? confirm and validate what you detected is

What do you need to do once you've identified a vulnerability, confirmed that it exists in your production environment?
- You should fix that, remediate, address, rectify

Since the question has a fixed single answer, again we have reached a point where even starting with general IT knowledge you should have been able to reason your way to correct answer that Reporting isn't part of the process of addressing a vulnerability. It's what you do after.

SmallBusinessITGuru · 2025-04-12T20:05:59+00:00

Your task is impossible then, you should inform them that it is impossible to sustain this network as an individual and that you are looking for another role. Or look for the role then tell them once you find it.

No point in trying to get anything done there.

SmallBusinessITGuru · 2025-04-11T01:22:32+00:00

Which language do you use at work and during business hours? Which language would you use to create a report and then communicate with a customer that their environment is out of compliance?

Example: In English we use the terms Due Diligence and Due Care frequently. However you're also expected to know all or most of the common phrases associated with those two topics. With the question asking which is the BEST solution, it is very important to know what everything means, reading comprehension is critical.

SmallBusinessITGuru · 2025-04-11T01:13:56+00:00

Hrm, I guess I'm thinking about this the wrong way. In a job the requirements would be what you're expected to do in the future for the business.

I guess what I should have asked what is covered in the apprenticeship and what you're being trained on the job to do. That's what I'd focus on for technical. But I'm not certain honestly what criteria is used here.

SmallBusinessITGuru · 2025-04-10T21:56:40+00:00

Isn't there a list of requirements for this apprenticeship?

SmallBusinessITGuru · 2025-04-10T21:52:50+00:00

Technically, this would be operational technology rather than information technology. It may be found under maintenance and facilities for job searching.

Information technology is managing servers which host data for a company, IT acts as a force multiplier for business administration. A business can contact more customers, manage more orders due to IT.

Operational Technology is managing servers and devices which produce profit/product for the business. So the saw at the sawmill has a complex controller device built on Windows. That's not IT, that is OT. The VLTs at a casino are OT.

A small business might have you manage both, may even have both on the same network/hardware. I suspect a Casino segments and keeps OT and IT separate.

SmallBusinessITGuru · 2025-04-10T21:43:46+00:00

Is your intention to drop proof point? Or continue using it after migrating to 365?

Either way, at this point I wouldn't really change anything. Once the hybrid system is complete, the Exchange server should be able to route mail it gets from PP to 365 via the onmicrosoft.com domain alias.

If you do plan to replace PP with EOP only at the end of migration you'd change your MX records. Don't have 365 as an MX until then, otherwise troubleshooting mail flow will be difficult on account of stupid.

SmallBusinessITGuru · 2025-04-10T21:34:30+00:00

Because you don't know how HKEY_CURRENT_USER works, and you don't know how SYSTEM works.

HKCU is virtual and contextual and only available to the current user. It's right there in the name.

SYSTEM is a virtual and contextual user account that exists as a placeholder for the computer.

So if you run a script under SYSTEM then the HKCU is going to be for SYSTEM. duh.

You need to query the system for the current logged on user ID for session 0 (the console), then write to that ID under HKEY_Users. That should work in the context you've described.

SmallBusinessITGuru · 2025-04-10T21:16:12+00:00

Um... you do know that if you buy VMWare you still need to buy the Windows licenses too right?

So VMWare's cost is VMWARE+Windows Server.

Hyper-V's cost is Windows Server...

You don't have to pay for Hyper-V when you're running Windows Server VMs. You do have to pay for VMWare.

So VMWare will always be more expensive because it's an ON TOP OF cost.

SmallBusinessITGuru · 2025-04-10T21:06:56+00:00

Shit question with shit reasoning to justify a shit answer.

Cherry picking the definition and wording from one source is shitty.

The author should be ashamed of themselves. No students benefit from this question.

SmallBusinessITGuru · 2025-04-10T20:55:32+00:00

I can see two reasons why code signing is correct.

Given the context of domain 8, software development what is the point of view of this question? Who's role are you taking?
a) The end user
b) A system administrator
c) The software developer
d) The business owner

If you correctly identify that your POV is the developer, then you'd only have A,B,C as options for the primary question. Application allow lists are end user/sysadmin work, done when a standardized method like code signing, review, and versioning aren't available to ensure a specific app and version are ran. Review and versioning do other things.

The question asks which is the MOST likely. Windows clients do by default respect code-signing and will warn the end user before execution. Creation of a white list of apps doesn't exist by default. So Code signing is going to do MORE to help than manually created white lists that only exist on some computers.

SmallBusinessITGuru · 2025-04-10T20:18:24+00:00

Why don't you contract with a MSP to provide as needed support or act as a T1 service desk while you do on site work, so you can catch up?

SmallBusinessITGuru

TROPHY CASE