Sr. No. |
TITLE |
PAGE No. |
1 |
TITLE PAGE |
1 |
2 |
INDEX |
2 |
3 |
LIST OF FIGURES |
3 |
4 |
LIST OF ABBREVIATIONS |
3 |
5 |
WRITTEN QUESTIONARIES |
4 |
6 |
REFERENCES |
10 |
Figure No. |
LIST OF FIGURES |
PAGE No. |
1.1 |
. Connectivity restore flow chart |
4 |
1.2 |
Risk Screening |
6 |
LIST OF ABBREVIATIONS |
|
ISP |
Internet Service Provider |
IP |
Internet Protocol |
PUA |
Potential Unwanted Application |
P2P |
Point 2 Point |
IT |
Information Technology |
UPS |
Uninterrupted Power Supply |
1. WRITTEN QUESTIONARIES
1. You work as a system administrator in an IT company. Suddenly, an internet downtime
occurs. How do you respond to this?
If this downtime reported by the user, then check with the user that it is a problem with the single user of multiple users. It can be confirmed by contacting multiple users.
Internet downtime means outage in internet services. Many scenarios cause internet downtime. So as a system administrator, the outage should be handled quickly and timely. It means that first of all, identify the root cause of the internet outage.
Here are the key points that should be checked on a priority basis.
Fig 1.1 – Connectivity restore flow chart
If all checkpoints are green means okay, then contact ISP on a priority basis.
To prevent this kind of situation in the future, the mitigation plan should be created. Such as the backup internet line should be purchased in the company. So, one connection considers as the primary connection and second connection consider a secondary connection.[1]
In this kind of situation, approximate time duration should be provided to the management. And try to sort out issues. Ping and traceroute are internal commands available in windows that can be used to find out the cause of the downtime.
2. How do you prepare for power failure and server failure situations?
Power failure causes big damage to the organization. It affects the overall business. So, the plan should be ready to handle this kind of situation. In company data center is established for the proper data management and smooth functionality because this functionality provides 60% of the cost of the data center. [2]
Here are the key steps to handle power failure and server failure.
3. When is it best to use the following services?
A hot site, Cold site, Warm site
All the terms related to the backup sites. All can be used for the backup of the data for different scenarios. We can use this kind of backup service to protect the company in a critical situation.
Hot site-
The hot site can be considered as the primary back up site which runs continuously and allows the company to restore functioning when requiring in short period of time. So, to prepare for the natural disaster, this hot site can be used. At the time of natural calamities such as fire, flood the data stored on the hot site can be used for the functioning of the organization. To protect the hot site from the natural disaster, the location of it should be very far away from the actual location of the organization. It is the place from which the organization can even run in a critical situation.
Warm site-
It is the kind of back up site, too. As it is as not good as a hot site, but it configured with limited resources that are required for smooth functioning. At some time, the main site has some difficulties then this warm site can be used. It is less costly as compared to Hot site.
Cold Site-
It is the very cheap option of the backup site. It only contains basic facilities. It is used when there is no requirement of infrastructure, but the only space is required for some of the departments of the organization. At some time of the disaster, some department only requires the space so that it can be provided to the cold site and that department can operate from the cold site.
4. List and explain the possible actions that can be performed once the risk has been
identified.
Once risk has been identified, the mitigation plan should be prepared on the risk assessment. For that risk should be managed regularly. Risk can be based on the comparison of the Impact of the risk and likelihood of the occurrences - Probability. The critical situation is a high impact and high probability. That kind of risk should be mitigating immediately. Here are the key steps to consider while assessing the risk.
Fig1.2- Risk Screening (Source: Impact Management Project Analysis)
Analysis
In this phase of risk management, the risk has been analyzed to the basic of the likelihood of each risk. The main category for each risk is low impact low probability, high impact high probability, low impact high probability, high impact low probability. It should be documented properly.
Evaluation
In this phase, the accepted risk has been identified and risk has been categorized based on priority. The proper ranking has been done on each of the risks.
Risk Response plan
In this risk response plan, the highest ranking of the risk from the previous steps should be prioritized in mitigation. In this phase, the risk should be mitigated in such a way that it came to the accepted risk. It is the execution time of the risk mitigation plan, preventive risk plan, contingency plan.
Risk Monitoring
In this phase, the risk score has been monitoring. As the changes occurred frequently, it changes the risk sore hence, in this phase, the risk score has been monitored and try to maintain it to the accepted score.
5. What’s the difference between a virus and a worm?
The virus is one of the types of malware which injects a copy of itself to the other program. It spreads from one computer to another computer by infecting the machine and via USB also. The key task of the virus to affect the system resources, damaging data, the root cause of the DOS attack. Generally, the virus spread in the executable files mostly. When the infected executable file runs or copies to the system, the virus spreads, the main aspect of the viruses is that it can not be spread without human interaction, it means that for that the program should be executed by a human, files should be downloaded from the internet by a human, sharing of infected files via email attachment or copying to the portable storage medium.
While worms can be defined as malicious code which can run on the infected machine and spreads into the network and affect other machines also, it is a malicious program that contains the functionality of the viruses, but spreading methods are different. It does not require human interaction in spreading. Even sometimes, it exploits the vulnerability of the machine and spread. It makes copies of itself and self-replicate in the network. Some examples of the worms are email worm, P2P worm, IRC worm, etc.
6. You’ve noticed that the used portion of your hard drive is increasing by 10% every day even though you are not doing anything on your computer. Also, the performance of your
computer is very slow. You tried to scan it using anti-virus, but it still didn't work.
o What will you do if this happens?
It is the situation in which the hard disk utilization is used 10% daily. As an event without any activity, the size increase. On one stage, it is the situation that your hard drive is full and windows will not be able to load. So, it should be removed and solved quickly. One important aspect of performance is very slow. So, to improve its different steps should be considered. Also, antivirus failed to handle this kind of situation. If this kind of situation arises, then the below steps should be taken into account.
Firstly, identify the process or the source of infection. This can be done by Sophos Source of infection application, which is freely available, which monitors the changes that occurred in the machine. It looks for the malicious process and malicious files to be written in the disk. And it provides the list of written files as a well malicious process.
The next step is to restart the computer in safe mode and uninstall any unwanted programs or look for the suspicious program that you didn't installed but there in the machine. It is good to install Malwarebytes or HitmanPro.
Also, run the adwcleaner by Malwarebytes which find the adware and PUAs. Now scan with the Emsisoft Emergency Kits which scans the machine for the rootkit. If this tool didn’t work, then initiate a system restore and store the system on the last good condition. It does not affect the files, but it only affects the installed programs.
After performing all the steps, monitor the system hard disk space. If the condition is good and space is not utilizing any more, do not worry.
o What threat may attack your computer?
It is the Trojan kind of application or the program which writes the files frequently. It is possible that the trojan used to launch DOS on the machine itself. If any of the steps didn't work, then reimage the machine with fresh OS after taking the backup of all important data. It might be possible that by downloading some applications, malware has been implemented in the system. Also, one possibility is that the application itself trying to destroy the hard disk space, which was mainly implanted for the malicious intent. One more possibility is that the attacker has exploited the vulnerability and implanted the trojan or malware.
7. Should a supervisor make initial preparation before terminating an employee? If yes, what preparations/s must be done in case the terminated employee performs some irrational actions?
Before terminating the employee, the proper steps should be taken. In this scenario, the employee has a proper document the reason behind the termination. All the IT assets, such as mobile phones, laptops, storage devices should be collected before the final day of the employee. All the access to the restricted area and location can be revoked. All the company assets should be collected from the employee. All access should be recovered. The removed employee is not able to access the internal email, updates, information, business secret. Proper documentation should be done for all the revocation of the rights and duties. Also, the handover and knowledge transfer process have been done before the final termination. The employee should bound with the terms and conditions of the company.
8. What does a firewall do?
Firewall can be considered as the hardware or software which is mainly used for the protection of the machine or the computer on the internet. It means that it is used to monitor the network traffic; all incoming and outgoing connections should be monitored based on predefined rules. So, the firewall can inspect the network traffic and take action as per the rule defined in the system. There are several types of the firewall, such as network-based firewall, host-based firewall, etc. In simple terms, a firewall is a kind of protection that prevents malicious traffic from reaching out to the computer. [3] It resides between the internet and the computer perimeter. Based on the configuration, it allows the traffic or blocks the traffic. It also validates the access. It is one of the functionalities of it to record the event. It generates alerts on the specific event.
9. A certain employee has been promoted to project manager. However, he is still able to create computer programs. Project managers in this company are not allowed to create or modify a program to reduce the risk of error. What do you call this situation? What policy has been violated?
As per the policy, the employee who worked as the project manager is not able to create a computer program or coding. It is the kind of security policy which reduces the risk. This situation is called the violation of the policy. The segregation of duties policy has been violated of ISO 270001 policies.
2. References