Core B - Formative assessment practice

 Core B – Formative assessment 

 

Section A: Networking and Infrastructure 

1. Explain the role of a DHCP (Dynamic Host Configuration Protocol) server in a network. 

Dynamic host configuration protocol (DHCP) is a networking protocol used to assign IP addresses to devices on a network. DHCP usually uses an iterative approach given a range of IP addresses so that when a device is added to the network, it is given a unique address to be able to communicate with other devices. As opposed to static IP configuration, DHCP is fully autonomous and more efficient. 

 

2. Compare and contrast the functions of a switch and a router in a network. 

Routers and switches have different functions in a computer network. A router is a hardware device that links all devices in a network to the internet, allowing them to connect. A switch is a hardware device that connects multiple devices in a network together, allowing them to communicate with each other locally. Switches create networks, routers connect networks together. 

 

3. Describe the process of subnetting an IP address and explain why it is important in network design. 

Subnetting is a way of segmenting a network into smaller groups of devices underneath different subnets. Subnets are important as they divide especially large networks into small, efficient groups to mitigate large volumes of traffic over the network. To subnet an IP address we need to determine the subnet mask which is a four-octet number used to identify the network ID portion of an IP address. The most common subnet mask for a class C IP address is 255.255.255.0, containing 1 subnet with 254 hosts. To divide this network, we can identify the binary value of the subnet mask being: 11111111.11111111.11111111.00000000. To divide the network into 2 groups, we add one bit on the end of the subnet mask making it: 11111111.11111111.11111111.10000000 or 255.255.255.128. This would give us 2 subnets each with 126 IP addresses. 

 

4. What is the purpose of a VPN (Virtual Private Network) in a corporate environment? How does it improve network security? 

A VPN can be used in a corporate environment to allow employees to access files over the internet. For example, if a company has a HQ and a separate office, employees in the separate office can use a VPN connection to access files hosted in the HQ office virtually. VPNs improve network security as they establish encrypted connections between devices which cannot be intercepted and read by hackers allowing a secure way to transfer important information over the internet. 

 

5. Explain how DNS (Domain Name System) works and why it is essential for internet communication. 

DNS is a protocol used to associate domain names with IP addresses. For example, when accessing google.com, DNS translates the address into an IP address which can be used to retrieve the information displayed on the webpage. DNS is essential for internet communication as it enables users to easily recognise domain names and not have to type in IP addresses when they want to retrieve a web page. DNS is also flexible and updates very quickly allowing users to be provided with fast and reliable responses. 

 

6. Identify three types of network topologies and explain the advantages and disadvantages of each. 

One type of network topology is known as the bus topology. This network topology consists of devices all connected to each other in a line via cables. There is no other network hardware that is installed in this topology. Some advantages are that it is very simple to install, maintain and troubleshoot, however its linear design gives it a single point of failure which could be catastrophic in a business situation. 

 

Another type of network topology is star topology. This is a centralised design where all computers are connected to a single point such as a switch. Some advantages with this topology are that it is easily scalable and simple to set up, however, its centralised design creates a single point of failure in the switch. 

 

Another type of network topology is a mesh network. This topology consists of several devices all interconnected to each other using a system of cables, resembling a meshed format. Some advantages with this network topology are its logical and simple design. However, a disadvantage of this topology is that it is not very scalable and would require a very large quantity of cabling. 

 

7. Explain what IPv6 is and how it differs from IPv4. Why is there a need for IPv6 in modern networks? 

IPv6 is a modern, more recent version of the network communication protocol, IP. Every device connected to the internet is given a unique IP address, however with the rapid growth of internet usage and devices in society it became evident that there weren’t enough IPv4 addresses for each unique device. IPv6 uses 128-bit addresses allowing many more combinations than IPv4 addresses and the ability to identify lots more unique devices, allowing them to communicate. Modern networks require IPv6 technology to communicate due to the rapid growth of internet usage and the lack of available, unique IPv4 addresses. 

 

Section B: Digital Support Services 

1. Describe the process of troubleshooting a client’s workstation that cannot connect to the internet. Outline the steps you would take. 

Firstly, I would verify that all physical hardware is connected such as a network cable or Wi-Fi adapter if needed. Then I would input the command “ipconfig” into the workstation’s command prompt to view the IP address. This is to verify that the PC is not receiving an APIP address which would mean a potential problem with the DHCP server. To troubleshoot this, I would check the DHCP settings on the server where it is hosted and make sure the DHCP scope has sufficient IP addresses for each device on the network. 

 

2. Explain the key reponsibilities of a digital support technician in maintaining system performance. 

A digital support technician would be responsible for maintaining system performance for devices such as PCs. Firstly, they must make sure all the hardware is working correctly such as the CPU, RAM, storage devices and cooling systems. If there was a fault with any of these devices, it would cause a significant drop in system performance in some cases, even causing the machine to not function. They should also look at the PC’s storage and check how much free space is available. Lots of items and files on a system can significantly decrease performance making the device slow to use. They should also check the computer network as a whole, analysing traffic using tools such as Wireshark to identify bottlenecks in the network and high volumes of traffic which could cause a drop in system performance. 

 

3. A user reports that their computer is running slowly. What diagnostic tools would you use to identify the issue, and what steps would you take to resolve it? 

Firstly, I would check the machine’s disk space and identify how much free storage the PC has available. Lots of files on a system can cause it to significantly drop in performance and run a lot slower. Assuming this computer is a Windows machine, I can locate the “storage” tab in settings to show me how much available storage there is and how much has been used. If this is the reason for the drop in performance I would either converse with the user to delete files they do not need or implement a storage management system, such as CCleaner to remove files they do not need and clear caches that clog up the systems storage. Alternatively, I could recommend/implement a storage upgrade solution, increasing the amount of space on the disk and allowing the computer to run faster. 

 

To troubleshoot the issue further, I would verify that the physical components are not faulty. I would start with the RAM and check how much is supposedly installed by locating the “about your PC” page. To check if this is the right amount of RAM installed, I can physically open the PC to look at the amount of RAM installed inside. If the numbers do not match, there may be a problem with the RAM sticks or the connections to the motherboard. To troubleshoot this further, I could use the RAM in a different machine to verify it is working properly. Alternatively, I would have to replace the motherboard. A loss of RAM would cause a computer to run slower as it can’t store as many instructions, decreasing the CPU’s ability to process information as quickly causing the PC to drop in performance. 

 

A further reason for the drop in speed would be component temperature, especially the central processing unit. If the CPU gets too hot, it will begin a process known as thermal throttling where it intentionally slows down to reduce the heat generated and damage to the component. Thermal throttling would cause a PC to significantly slow down and, in some cases, cause unexpected shutdowns due to overheating. To check these issues, I can use a tool such as “Coretemps” to monitor the temperature of the CPU core. The optimal temperature for a CPU is 40-65°C, anything over could cause the component to overheat and induce thermal throttling. To fix an overheating CPU, I would check the heat sink is fitted properly and there is a significant layer of thermal paste between the CPU and the heat sink. Thermal paste allows heat to disperse from the CPU into the heat sink, reducing the core temperature of the hardware. I could also check cooling devices such as the fans and see how fast they are spinning in the BIOS of the PC. If the PC is a liquid cooled device, I would check if the cooling fans and the radiator are working properly and cooling down the liquid sufficiently. 

 

4. Describe the process of setting up and configuring a wireless network in an office environment. Include considerations for security. 

To implement a wireless network into an office environment, we would need to purchase a range of devices that allow for wireless connectivity. We would need to have a router, a switch and several wireless access points depending on the size of the office and how many devices need to be supported. Firstly, the router should be implemented to allow traffic to communicate with the internet and connected to a centralised switch. From this switch, there should be a network of wireless access points connected. These WAPs will allow Wi-Fi capable devices to connect to the LAN and the further internet wirelessly. Security should also be considered for such networks. The Wi-Fi should be encrypted with an appropriate protocol such as WPA2 which uses AES encryption to privatise transmissions. This encryption will decrease the risk of a man-in-the-middle attack on important data transmissions across the network. We can also use VLANs to segment the network and deny certain devices permissions. For example, a guest VLAN would allow guests in the office to connect to the internet, however it would filter them from accessing resources on the central server. This increases network security as it blocks unauthorised users from accessing important and maybe secret resources hosted on the network. We also should choose a secure and complex password for the network, something with lots of random characters and symbols which couldn’t be guessed or brute forced. 

 

5. Explain how you would deploy and configure remote desktop support for employees working from home. 

Remote desktop systems would allow employees to access company resources from home allowing them to remain productive without having to come into the office. To do this, we can deploy a cloud virtualisation system to allow employees to connect to the network from any location. Such a system would be Citrix, which offers users access to desktops, applications and resources, all virtually. Unlike a VPN, devices using Citrix can be automatically managed and access controls could be installed to improve security. However, the business should consider that remote working solutions could prove a risk to security as employee devices could be lost or stolen. 

 

6. What is a Service Level Agreement (SLA), and how does it impact the work of digital support services? 

Service level agreements (SLA’s) are written contracts between customers and providers offering a service which outlines what services the provider will offer and the standards they are required to meet. SLAs are important as they can define the liability for outages or faults that the providers may encounter. It is also important for customers to read SLAs to describe the performance characteristics of the service the provider is promising. In digital support services, SLAs manage customer expectations and inform the team on which issues they are contractually obligated to fix, and the provider is liable for. 

 

Section C: Cybersecurity 

1. Describe the differences between a firewall and an intrusion detection system (IDS). How do both contribute to network security? 

Firewalls and intrusion detection systems are both security tools that can be implemented in a network to mitigate security threats. A firewall is either software or hardware that is placed between the LAN and the internet to monitor outgoing and incoming traffic for suspicious or malicious activity. In most cases, firewalls are described as a barrier between a trusted and an untrusted network. Intrusion detection systems (IDS) are implemented inside the network to monitor traffic for malicious activity. Firewalls and IDS differ as they are installed in different places and monitor different types of traffic. However, they are both important for managing network security due to the risk of insider and outsider threats. Rogue employee situations can be mitigated through the use of IDS whilst outsider threats like zero-day exploits can be mitigated through the use of firewalls. 

 

2. Explain the concept of multi-factor authentication (MFA) and why it is considered a key security measure in modern IT infrastructure. 

Multi-factor authentication is a security system used to mitigate threats of unauthorised access and account hacking. It works by using more than one authentication method to grant a user access to a system or account. For example, in common systems a password is required to allow access to the device. However, passwords can be guessed especially if they are not complex enough or contain easily guessed words. This is called a brute force attack, and it is used by hackers to gain unauthorised access to a desired virtual system. With a multi-factor authentication security system in place, even if the hacker guesses the right password, they will prompt to authenticate again differently such as a code being sent to a pre-configured phone number where only authorised users have access to it. This stops hackers from just being able to brute force into a system or account which is especially key in modern IT infrastructure due to the increase of speed and feasibility of brute force attacks utilising wordlists, mainly due to the innovations into computing power. 

 

3. Identify three common cybersecurity threats and explain how each one can be mitigated. 

One common cybersecurity threat would be malicious software and computer viruses (malware). Malware are programs specifically designed by hackers to steal data or harm computer systems. There are many types of malicious programs such as spyware, worms, viruses and trojans each spreading differently or holding different payloads. Malware spreads onto people’s PCs through a variety of ways but all have malicious intent. The best way to mitigate malware is to implement a strong anti-malware system such as antivirus software that monitors all programs on a machine for suspicious activity. This ensures that the user and the user’s data are kept safe and secure. 

 

Another common cybersecurity threat would be man-in-the-middle (MITM) attacks. These attacks are performed by hackers to intercept transmissions to read its data before it reaches its intended recipient. MITM attacks usually target unsecure businesses and can steal information like web data, passwords, emails and other sensitive information. The best mitigation technique for MITM attacks is encrypting network transmissions and using encrypted protocols. For example, by encrypting the data in these transmissions hackers who intercept the packets would not be able to read it without it being decrypted first. HTTPS is a way of encrypting web traffic so that it cannot be read by hackers which keeps data in HTTPS requests safe such as passwords or usernames. If a hacker intercepted a HTTPS packet, they would not be able to assign any legible data from it. 

 

A third common cybersecurity threat would be social engineering. This threat is very common especially for businesses and happens daily all over the world. It consists of hackers trying to target employees in the business with psychological techniques to steal data or gain trust with malicious intents. Usually, social engineering attacks happen with a fake story that the hacker tries to deceive the victim with. These stories could prey on the victim’s empathy, blackmail threats, urgency or desires for wealth and/or status. The best way to mitigate these attacks would be employee training and awareness of the attacks. Employees should be trained to report any suspicious activity from outsider or insider members to the IT administrator where the incident can be investigated. 

 

4. Explain the process of patch management and why it is essential for maintaining a secure IT environment. 

Patch management is a process of implementing fixes for vulnerabilities or bugs encountered in an IT environment that could pose a security threat.  When a vulnerability is found that could risk the system’s security, a patch is quickly implemented to make sure it is not abused by hackers to steal data or cause malicious harm. Patch management is the process of keeping all systems and software up to date, so they are equipped with the latest patches. All system updates should be logged, and new versions monitored at all times especially if system updates are manual occurrences. Patch management is essential for keeping IT environments secure as it provides key fixes as quickly as possible for vulnerabilities that could be exploited by hackers to cause harm to IT systems or its data. 

 

5. How does encryption work, and why is it critical for protecting sensitive data? 

Encryption is a broad term used for the obfuscation or censoring of private information transmitted over a computer network. The process of encryption requires generated keys to turn legible data into unreadable encrypted text that is not legible by humans. There are 2 main types of encryption, symmetric and asymmetric. Symmetric encryption uses the same keys for encrypting and decrypting data which means the key must be sent with the data for the recipient to decrypt it. Asymmetric encryption uses 2 keys, a private key and a public key. The private key is kept secret by the recipient of the data whilst the public key is used by the sender to encrypt the message before sending. Both encryption methods are essential to protecting sensitive data transmissions. If a hacker intercepts a transmission without encryption being used, they could read the sensitive data which could contain information such as passwords, phone numbers, email addresses and other data which would pose a risk to IT security. 

 

6. Describe how a digital forensic investigation would be carried out in the event of a data breach. What key steps would you take? 

There are 4 main steps in cyber forensics after a cyber security incident. 

 

Firstly, the incident needs to be detected and identified. This would include identfying that the breach has happened and applying an appropriate severity rating to the incident to prioritise the forensic investigation. 

 

Next the incident must be investigated. This would include finding out key information such as: where the breach occurred; how much data was stolen; how the hacker gained access to the system and who was responsible for the breach. These points can be investigated using a cyber security framework such as D4I which aims to analyse and examine cyber security breaches alongside the cyber-kill-chain steps of attack. 

 

After the investigation, a response must be initiated to patch up the entry point for the breach. All impacted stakeholders must be notified that a breach has occurred in accordance with GDPR and the data protection act. All remaining data should be contained properly, and the IT system recovered and protected from further attacks. 

 

Finally, a post incident review should be carried out to mitigate the risk of a similar incident happening in the future. It should also look at how the response team dealt with the breach and how they could improve in the future when dealing with similar incidents. 

 

Section D: Infrastructure Management and Maintenance 

1. Explain the importance of monitoring server performance and identify three key performance metrics that should be tracked. 

Server performance must be monitored to ensure all hosted services are running smoothly and working without faults. Some performance indicators for server performance could be average response time, disk usage, and requests per second. Average response time is a good indicator for monitoring the server’s speed and performance at responding to requests made by devices. If the number is high, the server may be overstressed with requests, or it does not have a fast, stable connection. Disk usage will show how the physical disk is being used to store or retrieve information. If there is excessive disk usage it can slow down the server’s performance and even damage the hardware. Requests per second will show how much the server is being used by devices on the network and may be able to locate a network bottleneck or overstressing. All these performance indicators should be tracked and considered when evaluating the server’s performance. 

 

2. Describe the process of backing up and restoring data in a server environment. Include considerations for disaster recovery. 

Data backups are important for retaining a good disaster recovery plan. There are 3 main types of data backups, full, incremental and differential. Full backups are the most common and it consists of backing up everything a server holds at once. Full backups are usually slow and require lots of computing power to complete, often slowing down other systems in the process. Incremental backups first take a full backup of all data on the server, then succeeding backups will only occur when data is changed from the original. Incremental backups require much less computing power than full backups, however they have slower data restoration speeds. Differential backups work in a scheduled format, usually daily. First, a full backup is taken and then at a pre-scheduled time a backup is taken of all changed files. Differential backups are fast and can be flexibly scheduled to mitigate speed loss for other systems. However, they can store duplicate files and take up more space than incremental backups. Disaster recovery plans should implement data backups to recover from a widespread data loss incident. Users should also consider data recovery time for each type of backup to see which type is best for their disaster recovery plan. 

 

3. Explain what virtualisation is and how it benefits modern IT infrastructure. 

Virtualisation is a modern computing practice which allows users to create virtual environments inside existing hardware environments. Think of it as a computer inside of a computer. Virtualisation mimics real computer functions to run machines simultaneously on a single machine. The functions of virtualisation are varied however it is mainly used in servers to organise and manage running systems. This is useful as it offers an easy way of server setup and configuration, making modern IT systems less complicated. 

 

4. What is cloud computing and how can businesses leverage it to improve their IT infrastructure? 

Cloud computing is a technology which allows users to connect to resources or desktops remotely from anywhere in the world. Servers are set up to run virtualised desktops which users can access via the internet or a configured VPN. Businesses can leverage cloud computing to allow employees to work from home using computer hardware capable for their needs. This improves their IT infrastructure as they can offer software (Saas), infrastructure (Iaas) or platforms (Paas) as services, 

 

5. Explain the process of maintaining an enterprise-wide software upgrade and the challenges that may arise. 

To perform an enterprise-wide software upgrade is a big task that requires lots of planning. First, a risk assessment must be completed to identify potential issues that may occur when the upgrade takes place. The upgrade must also be investigated for predicted downtime and what will actually be installed. All possible risks must be mitigated beforehand, either through scheduling the upgrade for out-of-business hours or performing the upgrade in stages to mitigate downtime. 

 

6. What are the benefits of using automated monitoring tools for network and system maintenance. 

Automated monitoring tools can be configured on a network or system to track and record key information. Usually, monitoring tools can be in the form of server performance monitors, IDS and IPS or other system monitoring forms. Automated monitoring tools can be configured to give IT administrators alerts when issues or irregularities occur in the systems it is monitoring, mitigating potential security or performance risks. The benefit of these tools being automated is that faults can be organised based on importance and the administrator can act accordingly upon these faults. It also means that a human does not have to continuously monitor the system, cutting down on the workload for staff. 

 

Section E: Emerging Technologies and Future Trends 

1. Explain the concept of edge computing and how it differs from cloud computing. 

Edge computing is a network of nodes or servers placed on the “edge” of computer networks to take the brunt of data from connected devices without affecting the main network. Edge computing only sends relevant data back to the network therefore improving latency and frees bandwidth for other usage. Edge computing differs from cloud computing as edge computing hosts services closer to the end user, making it quicker to use whilst cloud computing usually hosts services in large datacenters which could be located far away from end users. 

 

2. Discuss the potential impact of 5G technology on digital infrastructure. 

5G is a technology that allows for very high-speed data communications. It has significantly higher rates of transmission than its predecessors such as download speeds of 20Gbps. Businesses can utilise 5G for faster data transmissions with less latency therefore increasing productivity and gaining them a competitive advantage in the market. Digital infrastructure is impacted by 5G as lots of physical hardware must be implemented to host connections such as large cells and base stations rather than cellular towers. However, 5G has lots of potential for supporting IoT devices with high speeds and low latency. 

 

3. What are the benefits of using artificial intelligence (AI) in network management? 

By using artificial intelligence in network management, key performance upgrades can be identified autonomously making the network faster and more efficient. AI can also act as a security system, monitoring the network for traffic it deems suspicious or malicious and reporting it to IT administrators. 

 

4. Explain the role of the Internet of Things (IoT) in digital infrastructure and identify key security concerns related to IoT devices. 

IoT devices are physical devices designed with sensors and monitors used for collecting data about physical objects. IoT technology benefits digital infrastructure as businesses can collect important data that they can use to benefit and improve their systems. For example, an oil rig may use IoT devices to monitor equipment and report any faults to technicians before they get worse, mitigating faults and saving money. However, IoT devices do have lots of security concerns. For example, they are a very desirable target for hackers due to the data they collect and status in the network hierarchy. IoT devices can be hacked into like any digital device and usually do not have very good security and defense against attacks. Hackers can intercept unencrypted data communications between IoT devices and the network to steal sensitive information, especially from high profile IoT devices such as facial recognition scanners. 

 

5. Describe how blockchain technology can enhance data security in digital infrastructure. 

Blockchain technology is an advanced database practice used to transparently share data across a business. It works by storing data in blocks with chains connecting each block together. Blockchain technology creates a legally and technically secure way of storing payment data as it mitigates untrusted storing of transactions by holding them in a centralised, secured database system. Blockchain security is also very high as data cannot be altered or changed at any time from the point it is stored even if the transaction contains an error.