4.6 Given a scenario, troubleshoot security problems.
📘CompTIA Server+ (SK0-005)
🔐 1. File Integrity
✅ What is File Integrity?
File integrity means that a file:
- Has not been changed
- Has not been corrupted
- Has not been tampered with by unauthorized users or malware
🚨 Common Issues
- Files modified without authorization
- Files corrupted due to disk or software issues
- Malware altering system or application files
- Mismatched file hashes
🔍 How to Identify Problems
- Compare hash values (MD5, SHA-256) with known good values
- Check file timestamps
- Review system logs
- Use integrity monitoring tools (e.g., Tripwire)
🛠️ Troubleshooting Steps
- Verify file hash against a trusted source
- Check system logs for unauthorized changes
- Scan system for malware
- Restore file from backup or snapshot if compromised
- Apply proper file permissions
🎯 Exam Tip
If you see:
- “File changed unexpectedly”
- “System behaving abnormally after update”
👉 Think file integrity compromise
🔐 2. Improper Privilege Escalation
✅ What is Privilege Escalation?
Privilege escalation happens when a user gets more access than they should have.
Types:
- Legitimate but excessive access (misconfiguration)
- Unauthorized escalation (attack)
🚨 Excessive Access (Most Important for Exam)
This is when users:
- Have admin rights unnecessarily
- Can access files they should not
- Can install software or change configurations
🔍 Symptoms
- Users accessing restricted data
- Unauthorized system changes
- Security policies being bypassed
🛠️ Troubleshooting Steps
- Review user roles and permissions
- Apply Principle of Least Privilege (PoLP)
→ Users should only have access needed for their job - Check group memberships
- Audit access logs
- Remove unnecessary admin rights
- Implement Role-Based Access Control (RBAC)
🎯 Exam Tip
If question mentions:
- “User has too much access”
- “Unauthorized configuration changes”
👉 Answer is likely improper privilege escalation
🔐 3. Applications Will Not Load
✅ What This Means
Applications fail to start due to security restrictions or misconfigurations.
🚨 Common Security Causes
- Insufficient permissions
- Blocked by firewall or antivirus
- Missing or restricted dependencies
- Corrupted application files
- Group Policy restrictions
🔍 Symptoms
- “Access denied”
- Application crashes immediately
- Application blocked warning
🛠️ Troubleshooting Steps
- Check user permissions
- Run application as administrator (if appropriate)
- Review security policies (GPO/local policies)
- Check antivirus or endpoint protection logs
- Verify application file integrity
- Reinstall application if needed
🎯 Exam Tip
If app doesn’t open and no hardware issue:
👉 Think permissions or security blocking
🔐 4. Cannot Access Network Fileshares
✅ What This Means
Users cannot access shared folders over the network.
🚨 Common Security Causes
- Incorrect permissions (NTFS or share permissions)
- Authentication failure
- Firewall blocking access
- Disabled network protocols
- Expired credentials
🔍 Symptoms
- “Access denied”
- “Network path not found”
- Unable to map network drive
🛠️ Troubleshooting Steps
- Verify user permissions (NTFS + Share)
- Check username/password
- Ensure proper group membership
- Verify network connectivity (ping server)
- Check firewall rules (ports like SMB 445)
- Confirm file sharing is enabled
🎯 Exam Tip
Always remember:
👉 Access depends on both NTFS + Share permissions
🔐 5. Unable to Open Files
✅ What This Means
A user can see a file but cannot open it.
🚨 Common Causes
- Lack of read permissions
- File encryption (EFS)
- File corruption
- Application association missing
- File locked by another user/process
🔍 Symptoms
- “Access denied”
- “File is in use”
- “Unsupported format”
- File opens but shows errors
🛠️ Troubleshooting Steps
- Check file permissions (Read/Write)
- Verify file is not encrypted or restricted
- Ensure correct application is installed
- Check if file is locked by another process
- Restore from backup if corrupted
🎯 Exam Tip
If:
- File is visible but not opening
👉 Think permissions or file corruption
🧠 Key Concepts You MUST Remember for Exam
🔑 Principle of Least Privilege (PoLP)
- Users should have minimum access only
- Reduces risk of misuse or attack
🔑 Permissions Types
- Read → View file
- Write → Modify file
- Execute → Run application
- Full Control → Everything
🔑 NTFS vs Share Permissions
- NTFS applies locally and over network
- Share permissions apply only over network
- Most restrictive permission wins
🔑 File Integrity Tools
- Hashing (MD5, SHA)
- Monitoring tools
- Logs
🔑 Logs Are Critical
Always check:
- Security logs
- Application logs
- System logs
🧪 Quick Exam Scenarios (Practice)
Scenario 1:
User modified system files without authorization
👉 Answer: File integrity issue
Scenario 2:
User has admin rights but shouldn’t
👉 Answer: Excessive privilege escalation
Scenario 3:
App shows “Access Denied” on launch
👉 Answer: Permission/security restriction
Scenario 4:
User cannot access shared folder
👉 Answer: NTFS/share permission issue
Scenario 5:
File exists but won’t open
👉 Answer: Permission / corruption / encryption issue
✅ Final Exam Strategy
When troubleshooting security problems, always think in this order:
- Permissions (most common issue)
- User roles / privilege escalation
- File integrity
- Security software blocking
- Logs and audit trails
