TASK 2 FULL MINE

 INEED TO DO POSSIBLE SOLUTIONS 

Interview questions:

1)    What is the current budget for Swift FinTech for the cyber security measures for the company’s planned expansion?
IT manager doesn’t have access to those information

2)    When would you like the cyber security measures to be implemented by?
Set back by delays

3)    Which OS do the companies devices currently run on?
2 Servers, file server window 2012, domain server 2022

4)    What type of hardware is currently in use and how old is the hardware?                            75 Employees, PC’s and Laptops, print services, VPN licenses and personal devices.

5)    Have you faced any connectivity issues in the past?

Yes

6)    If so, how have they impacted users?

Downtime and crashes reported by users affected their work rate.

7)    Have you faced any communication issues in the past?

Yes, users have noted that they don’t have access to certain services.

8)    Is there any type of access control policies in place at the moment?

Users unable to access certain services and certain software unable to be accessed

9)    Has there been issues such as users accessing data that they shouldn’t be?

Yes, users have access admin passwords, resources and able to access to software they shouldn’t be able to

10) What type of training are staff provided with relating to cyber security threats and mitigation?

1 hour of training provided on induction

11) How regular are this training provided?

No, only 2022 material training at induction day.

12) Are there any hybrid users?

Yes, 20 employees issued by the company.

13) If so, how do they connect to the network?

Offer account logins and VPN

14) Are there any VPN licenses provided by the company to the staff members?

20 concurrent users of which have 10 active connections.

15) What type of security measures are in place, for example a firewall?

IPSEC encryption

16) Are there any physical security measures to on-site servers?

No physical security measures nor any other sort of detection and prevention measures.

17) Have you faced any cyber threats in the past few months, if so what type of threats did the company face?

Noticing suspicious login to network and unregistered access, but have prevention methods and not actively monitoring the situations.

18) As the company is planning to expand are they able to host other staff members from different location?

No plans have been made at the moment.

19) Is there enough hardware at the moment for the excepted number of staff?

Devices are replaced if any issues are found

20) Are there any other concerns with the overall security management for the company?
Yes, no detection system, not tracing unauthorized accesses. Also are aware that different users have the wrong credentials, are able to access resources that are not meant to be. So, we believe we do need to implement measures to improve that.

 

TECHINCAL EMAIL:

 

 

FROM: 19SinghH@thomastelfordutc.com

TO: linemanager@lmccyberconsulting.com

SUBJECT: Key Finding of the Current Security Measures

 

Dear Line Manager

 

After completion of the interview with the IT manager, here are the key findings of the current security measures.

The interview consisted of 20 questions. However, to make it more convenient I’ll outline the most important questions with response and the possible issues associated with it.

Question 1- “What is the Operating System on the company’s devices?”

Response- “We currently have 2 servers. A file server who is currently running on a Windows 2012, and the domain server who is currently running on a Windows 2022.”

Possible issue- With the range of different operating system in use, usability isn’t standardised which means we require to standardise the use of operating systems. This can lead to multiple issues such as system crashes that have been reported by the users, performance degradation, and security vulnerabilities which can be exploited for malicious activities.

possible Solution i have to do 

Question 2- “Is there any type of access control policies in place at the moment?”

Response- “Users unable to access certain services and certain software unable to be accessed”

Possible issue- With access controls in place there are many different issues at the moment such as user unable to access certain services and certain software unable to be accessed. The collective causes for such issues are network issues, DNS misconfigurations, or server downtime. This can lead to users being unable to access their resources to complete their work which means that there work rate and the amount of work completed may be affected. Furthermore, this may raise frustration between staff members.

Question 3- “Has there been issues such as users accessing data that they shouldn’t be?”

Response- “Yes, users have access admin passwords, resources and able to access to software they shouldn’t be able to”

Possible issues- With the range of issues such as users having access to admin passwords, resources and able to software unable to be accessed. They may introduce multiple risks such as insider threats as they will be able to access more credential data due to the admin status in the company. Unauthorized access to sensitive information can lead to data breaches, with potential consequences like financial loss, reputational damage, and legal issues.

Question 4- “What type of training are staff provided with relating to cyber security threats and mitigation?”

Response- “1 hour of training provided on induction using 2022 threats materials”

Possible issues- If the users are provided with little training it may raise risks such as safety concerns, ineffective communication, lack of engagement, and potentially leading to negative outcomes like decreased morale, safety risks, and a hostile work. If the staff are not kept up-to-date with new threats it may lead to a higher chance of a cyber threat as human error has the highest rate of cyber threats. Untrained employees may not know how to handle hazardous situations or follow safety protocols.

Question 5- “Are there any physical security measures to on-site servers?”

Response- “Not at the moment”

Possible issues- To protect hardware, infrastructure, and data from physical threats like theft, sabotage, and natural disasters. Insider threats and Malicious employees are the ones that would have an advantage into gaining access to physical locations due to there role in the company. Unmonitored or poorly secured entry points, such as windows and doors, can be exploited by intruders.

Question 6- “Are there any other concerns with the overall security management for the company?”

Response- “Yes, no detection system, not tracing unauthorized accesses. Also are aware that different users have the wrong credentials, are able to access resources that are not meant to be. So, we believe we do need to implement measures to improve that.”

Possible issues- To enhance overall security management for the company it is important to resolve concerns mentioned by the IT manager. If there isn’t any detection system it will make it harder for us to identify any threat in the system. If the threats are left unresolved for a long period of time it could lead to a more dangerous threat to the system. This could damage the business in legal, financial, reputational aspect which could affect the overall companies’ sales and profit.  

To conclude, my findings from the interview with the IT manager have made aware of the main concerns such as:

1. Outdated OS for the servers which have been leading to usability, connectivity, and communication issues

2.Users have access to admin passwords, resources and able to access to software they shouldn’t be able to which can lead to malicious activity

3.Operating systems aren’t being standardised

4.Misconfigured access control policies

5.Lack of user training which would require more regular training to make the users aware of new threats and mitigation

6.No physical security which would make it more vulnerable to insider threat

7.No measures implemented to enhance overall security management

Thanks for your time and I hope this email reaches you well. Hope this will help you make and recognize appropriate changes required to enhance security in the company

Thank you

 

Your sincerely,

Hardeep Singh

 

 

 

NON-TECHNICAL EMAIL:

 

FROM: 19SinghH@thomastelfordutc.com

TO: HRdirector@lmccyberconsulting.com

SUBJECT: Overview of issues identified for SwiftFinTech

 

Dear HR Director,

Following the interview with the IT Manager, I present to you an overview of the key issues identified at SwiftFinTech. I will provide you with key issues, and reasons for changes as well.

One of the key issues was that the servers Operating system is out-dated which means that they users may face issues such as connectivity and communication issues. This could affect the staffs work rate and influence project deadlines as they will be restricted access to resources. It also makes costumer data more vulnerable as older Operating Systems have higher likelihood to be attacked by hackers this can make the clients/costumer lose trust in the company holding their personal data. This can lead to further consequences such as bad reputation and lead to financial and legal consequences if there was a cyber-attack, it would intend that the company has failed legislations which may well lead to fines and lawsuits. This could mean that plans on expanding may be delayed due to lack of resources and stakeholders pulling back due to bad reputation.

Another key issue is that the data is stored on-site is kept unsafe, as there are no physical measures which would prevent unauthorized access to the servers and physical copies of data. Again, costumer information is important and must be kept secure at all times, so if the costumer data is lost it can lead to similar consequences as mentioned before.

Moreover, regarding security is that there isn’t any hierarchy in place on the user access. With no hierarchy in place, any users at any time can download whatever they please onto to the computers. This means that they can be installing software which could affect the company as they may be harmful and could affect the computer system and lead to other threats to the company. Furthermore, due to staff members having access to admin’s passwords it can mean that malicious employees have access to all resources and can carry out malicious activities and affect the overall costumer data and damage the business.

Overall, it is important for the company to implement measures to enhance overall security management. Without suitable security management measures, businesses face significant risks. Including financial losses, reputational damage, legal liabilities, and loss of costumer trust, which takes time to build, can be shattered in an instant if disruptions are mishandled, potentially impacting long-term growth and viability.

Lastly, following previous points data is key to a business and it must keep secure at all times. 90% of cyber threats are due to human error, that is why it is important for the company to provide regular appropriate training to staff to minimize the likelihood of threats. It is noted that on induction the company provides 5 hours of training with out-dated training materials which provide insights on 2022 threats. As technology is developing, so it’s the methods of hacking. Therefore, it is vital to keep up-to-date with training resources which would strengthen the employee knowledge on threats.

I hope you acknowledged the following vulnerabilities in the company that could concern the business in the legal, financial, reputational aspect. This will help you construct and recognize appropriate changes required to enhance security in the company.

Thank you

 

Your sincerely,

Hardeep Singh












improved version gbt 

To consistently achieve full marks (6/6) for the interview component of Task 2 in the T Level Technical Qualification in Digital Support Services (Cyber Security) from the NCFE exam board, your questions must demonstrate comprehensive technical knowledge, critical thinking, and alignment with the scenario provided. The interview, part of the Employer Set Project (ESP), requires you to prepare and ask questions to the IT manager (played by the tutor) to investigate cyber security vulnerabilities, typically related to a malware attack, unauthorized access, or other security issues. The questions should cover all relevant cyber security topics, be specific to the scenario, and elicit detailed responses to support your technical and non-technical emails. Below, I’ll outline the essential topics to always include, provide a framework for crafting questions, and offer a sample set of 25 questions tailored to a generic cyber security scenario (adaptable to specific contexts like Swift FinTech or NexaTech). This approach ensures you maximize marks by addressing NCFE’s criteria for depth, relevance, and technical accuracy.


### NCFE Task 2 Interview Requirements

- **Objective:** Prepare a list of questions to gather information from the IT manager about a cyber security issue (e.g., malware attack, unauthorized access) within a 1-hour preparation period, then conduct a 10-minute recorded interview (6 marks).

- **Marking Criteria (6 marks):**

  - **Relevance:** Questions must directly address the scenario’s issues (e.g., attack vectors, vulnerabilities, compliance).

  - **Technical Depth:** Demonstrate understanding of cyber security concepts (e.g., access control, encryption, network security).

  - **Breadth:** Cover all relevant areas of the scenario to identify weaknesses and support recommendations.

  - **Critical Thinking:** Ask open-ended, analytical questions that elicit actionable responses for email content.

  - **Clarity and Efficiency:** Questions should be concise, fit within 10 minutes (typically 8–12 questions asked), and avoid irrelevance or repetition.

- **Scenario Context:** Typically involves a company (e.g., Swift FinTech, NexaTech) facing a cyber security issue, such as a malware attack, suspicious logins, or vulnerabilities during expansion. You must investigate network setup, systems, policies, and compliance to recommend improvements.

- **A* Goal:** Full 6/6 marks require questions that are scenario-specific, technically precise, comprehensive, and structured to uncover all vulnerabilities, ensuring no gaps in investigation.


### Essential Topics to Always Cover

To achieve full marks, your questions must address the following cyber security topics, which are universally relevant to Task 2 scenarios and align with the T Level core skills (e.g., user access, data protection, network security). These topics ensure you investigate all potential vulnerabilities and demonstrate expertise.


1. **Network Topology and Architecture:**

   - Understand the network’s structure (e.g., star, flat, segmented) to identify attack surfaces.

   - Example: “What is the network topology, and are critical servers segmented from user devices?”

   - Why: Flat or unsegmented networks increase the risk of malware spreading or unauthorized access.


2. **Operating Systems (OS):**

   - Probe OS versions, patch status, and vulnerabilities on servers and devices.

   - Example: “What operating systems run on servers, and are they fully patched?”

   - Why: Outdated OS (e.g., Windows Server 2012) are prone to exploits like EternalBlue.


3. **Access Control:**

   - Investigate user authentication and authorization (e.g., MFA, RBAC).

   - Example: “What access control policies are in place, such as multi-factor authentication or role-based access?”

   - Why: Weak controls lead to unauthorized access, a common issue in scenarios (e.g., Swift FinTech’s admin password misuse).


4. **Remote Access:**

   - Examine how remote or hybrid users connect (e.g., VPN, RDP) and their security.

   - Example: “How is remote access managed, and are VPNs secured with endpoint checks?”

   - Why: Insecure remote access is a frequent malware entry point, especially for expanding companies.


5. **Data Protection:**

   - Check encryption, backups, and compliance with regulations like GDPR.

   - Example: “Are server data encrypted, and are backups stored offsite?”

   - Why: Unencrypted data or poor backups lead to data loss and legal risks, critical in scenarios involving customer data.


6. **Network Security (Firewalls and Monitoring):**

   - Assess firewalls, intrusion detection/prevention systems (IDS/IPS), and log monitoring.

   - Example: “What firewall configurations are in use, and do they include IDS or real-time monitoring?”

   - Why: Weak defenses fail to detect or block attacks, as seen in malware scenarios.


7. **Endpoint Security:**

   - Investigate anti-malware, endpoint protection, and device security.

   - Example: “What anti-malware software is deployed on servers and user devices?”

   - Why: Unprotected endpoints are vulnerable to malware or phishing, common in cyber attacks.


8. **Employee Training:**

   - Explore training on phishing, social engineering, and cyber security awareness.

   - Example: “What training programs exist to prevent phishing, and how often are they updated?”

   - Why: Human error (e.g., clicking malicious links) causes most cyber incidents.


9. **Physical Security:**

   - Check physical protections for servers and infrastructure (e.g., locks, CCTV).

   - Example: “Are there physical security measures protecting server rooms?”

   - Why: Lack of physical security risks theft or sabotage, as seen in Swift FinTech’s scenario.


10. **Incident Response:**

    - Understand how the company handles cyber threats (e.g., containment, recovery).

    - Example: “What incident response plan is in place for handling cyber threats?”

    - Why: Poor response exacerbates attack damage, relevant for scenarios with suspicious logins.


11. **Compliance and Regulations:**

    - Ensure adherence to data protection laws (e.g., GDPR, UK GDPR).

    - Example: “How is compliance with GDPR ensured for customer data?”

    - Why: Non-compliance risks fines and reputational damage, critical when data is compromised.


12. **Security Audits and Testing:**

    - Investigate proactive measures like audits or penetration tests.

    - Example: “Are regular security audits or penetration tests conducted?”

    - Why: Audits identify vulnerabilities, showing proactive security awareness.


13. **Threat Detection and Logging:**

    - Examine how threats (e.g., suspicious logins) are detected and tracked.

    - Example: “What logging mechanisms are monitored to detect unauthorized access?”

    - Why: Unmonitored logs miss threats, as in Swift FinTech’s unregistered access issue.


14. **Expansion or Scalability (if applicable):**

    - Address security needs for growth (e.g., more users, remote access).

    - Example: “What security measures are planned to support the company’s expansion?”

    - Why: Expansion increases risks, relevant for scenarios like Swift FinTech’s growth plans.


### Framework for Crafting Questions

To ensure your questions always hit the mark:

- **Be Scenario-Specific:** Tailor questions to the scenario’s issues (e.g., malware attack, suspicious logins, expansion). Reference specific systems (e.g., “file server” in Swift FinTech) or events (e.g., “recent malware attack” in NexaTech).

- **Use Technical Terms:** Incorporate cyber security terminology (e.g., MFA, IDS, GDPR) to show expertise, but keep questions clear for the IT manager to answer.

- **Ask Open-Ended Questions:** Encourage detailed responses (e.g., “How is X managed?” rather than “Is X in place?”) to gather data for emails.

- **Cover All Topics:** Aim for 20–25 prepared questions to ensure breadth, selecting 8–12 to ask in 10 minutes based on priority and scenario focus.

- **Avoid Irrelevance:** Exclude operational questions (e.g., budget, timelines) unless directly tied to security (e.g., budget for security upgrades).

- **Structure Logically:** Group questions by topic (e.g., network, access, training) for a coherent interview flow.

- **Link to Recommendations:** Ensure questions provide data to propose solutions in emails (e.g., “Are backups offsite?” supports recommending offsite backups).


### Sample Set of 25 Questions (Generic Scenario)

Below is a set of 25 questions designed for a generic Task 2 scenario involving a company facing a cyber security issue (e.g., malware attack, unauthorized access, or expansion vulnerabilities). These questions cover all essential topics, are adaptable to specific scenarios (e.g., Swift FinTech, NexaTech), and ensure full marks by demonstrating comprehensive investigation.



1. What is the company’s network topology, and are critical servers segmented from user devices to prevent unauthorized access?

2. What operating systems run on servers and user devices, and are they fully patched to address known vulnerabilities?

3. How is network traffic monitored, and are intrusion detection systems (IDS) or intrusion prevention systems (IPS) in use?

4. What specific cyber threats (e.g., malware, suspicious logins) have been detected recently, and how were they identified?

5. What user access control policies are in place, such as multi-factor authentication (MFA) or role-based access control (RBAC)?

6. How are user accounts managed, and is there a process to deactivate accounts of former employees promptly?

7. What remote access methods are used (e.g., VPN, RDP), and are they secured with endpoint checks and encryption?

8. Are there sufficient remote access licenses or resources to support the company’s current or planned workforce?

9. What firewall configurations are in use, and do they include real-time monitoring or updated rules to block threats?

10. Are data on servers encrypted, and what backup procedures ensure recovery from data loss?

11. What anti-malware or endpoint protection software is deployed on servers and user devices?

12. What employee training programs exist to prevent phishing or social engineering attacks, and how often are they updated?

13. Are there physical security measures (e.g., locks, CCTV) protecting server rooms or network infrastructure?

14. What incident response plan is in place to handle cyber threats, and how was it applied during recent incidents?

15. How is compliance with data protection laws like GDPR ensured, particularly for customer or personal data?

16. Are wireless access points used, and are they secured with WPA3 or isolated guest networks?

17. What network protocols are permitted, and are outdated ones (e.g., SMBv1) disabled to reduce risks?

18. How is patch management handled for servers, devices, and software, and were unpatched vulnerabilities linked to threats?

19. Are regular security audits or penetration tests conducted, and what were the findings of the last audit?

20. What logging mechanisms (e.g., Windows Event Logs, Syslogs) are monitored to detect unauthorized access?

21. Are any cloud services or virtualized environments used, and how are they secured against threats?

22. What hardware (e.g., PCs, laptops, servers) is in use, and is it compatible with modern security software?

23. How are peripheral services (e.g., print services) secured to prevent unauthorized access to sensitive data?

24. What steps have been taken to address recent cyber threats, and are temporary measures in place?

25. What security measures are planned to support future growth or changes, such as increased staff or new locations?



**Why This Set Ensures 6/6 Marks:**

- **Comprehensive Coverage:** Addresses all 14 essential topics (network topology, OS, access control, etc.), leaving no gaps in investigation.

- **Scenario Adaptability:** Questions are generic but easily tailored (e.g., replace “servers” with “file server” for Swift FinTech, “recent threats” with “malware attack” for NexaTech).

- **Technical Depth:** Uses precise terminology (e.g., MFA, IDS, GDPR) and references vulnerabilities (e.g., SMBv1, unpatched OS), showing A* expertise.

- **Relevance:** Focuses on cyber security issues (e.g., threats, compliance) relevant to any Task 2 scenario, avoiding operational distractions (e.g., budget).

- **Efficiency:** 25 questions allow flexibility to select 8–12 for the 10-minute interview, prioritizing those most relevant to the scenario (e.g., suspicious logins for Swift FinTech).

- **Actionable Responses:** Open-ended questions (e.g., “How is X managed?”) provide data for technical email issues (e.g., “no MFA”) and non-technical email impacts (e.g., “data theft risks fines”).


### How to Use These Questions

1. **Preparation (1 hour):**

   - Review the scenario carefully (e.g., Swift FinTech’s suspicious logins, NexaTech’s malware attack).

   - Adapt the generic questions to include scenario-specific terms (e.g., “file server” instead of “servers” for Swift FinTech).

   - Prioritize questions based on the scenario’s focus (e.g., emphasize access control for unauthorized admin access, data protection for malware attacks).

   - Group questions by topic (e.g., network, access, training) for a logical interview flow.

   - Prepare 20–25 questions to ensure coverage, planning to ask 8–12 in 10 minutes.


2. **Interview (10 minutes):**

   - Start with broad questions (e.g., topology, OS) to understand the environment.

   - Follow with specific questions (e.g., suspicious logins, MFA) to probe vulnerabilities.

   - Ask about compliance and expansion last to tie into recommendations.

   - Take brief notes on responses to use in emails (e.g., “no MFA” → recommend MFA).

   - Stay concise to cover 8–12 questions, allowing time for detailed answers.


3. **Adapting to Specific Scenarios:**

   - **Swift FinTech (expansion, suspicious logins):** Emphasize Q4 (suspicious logins), Q5 (access control), Q8 (VPN licenses), and Q25 (expansion). Specify “file server” and “Windows 2012” in Q2.

   - **NexaTech (malware attack):** Focus on Q4 (malware type), Q10 (data encryption), Q14 (incident response), and Q15 (GDPR). Mention “NAS” in Q1 and Q10.

   - **Generic Attack:** Balance all topics, prioritizing Q4 (threats), Q5 (access), Q9 (firewall), and Q12 (training).


### Tips to Always Get Full Marks

- **Know the Scenario:** Read the project brief thoroughly to identify key issues (e.g., malware, unauthorized access, expansion). Tailor questions to these issues.

- **Cover All Topics:** Ensure at least one question per essential topic (listed above) to avoid gaps. Use the sample set as a checklist.

- **Be Technical but Clear:** Use terms like MFA, IDS, and GDPR to show expertise, but phrase questions simply (e.g., “What firewall configurations are used?”) for the IT manager to answer.

- **Avoid Common Pitfalls:**

  - Don’t ask irrelevant questions (e.g., budget, non-security topics like staffing).

  - Avoid closed questions (e.g., “Is there a firewall?”) that limit responses.

  - Don’t repeat questions (e.g., multiple connectivity queries) to maximize coverage.

- **Practice Time Management:** Prepare questions in 1 hour, selecting those that yield data for both technical (issues, solutions) and non-technical (impacts, high-level fixes) emails.

- **Link to Emails:** Ensure questions provide data for:

  - **Technical Email:** Specific vulnerabilities (e.g., no MFA, unpatched OS) and recommendations (e.g., deploy MFA, patch systems).

  - **Non-Technical Email:** Business impacts (e.g., data loss risks fines) and simple solutions (e.g., train staff, secure data).

- **Stay Scenario-Focused:** If the scenario mentions specific issues (e.g., “suspicious logins” in Swift FinTech), include multiple questions on those (e.g., logging, monitoring, response).


### Example Application to Swift FinTech

For the Swift FinTech scenario (expansion, suspicious logins, outdated Windows 2012, weak access controls), adapt the questions as follows:

- Q1: “What is the network topology, and is the file server segmented from user devices?”

- Q2: “What operating systems run on the file server and domain server, and is Windows 2012 patched?”

- Q4: “What suspicious login activities were detected, and how are they tracked?”

- Q5: “What access controls prevent users from accessing admin credentials on the file server?”

- Q8: “Are the 20 VPN licenses sufficient for the expansion’s hybrid workforce?”

- Q25: “What security measures are planned to support Swift FinTech’s expansion?”


### Ensuring Full Marks in Practice

- **Preparation:** Use the 14 topics as a checklist to draft 20–25 questions, ensuring each topic is covered at least once. Cross-reference with the scenario to prioritize relevant questions.

- **Interview Delivery:** Practice asking questions clearly and concisely, aiming for 8–12 in 10 minutes. Start with broad questions (e.g., topology) and narrow to specifics (e.g., suspicious logins).

- **Note-Taking:** Jot down key response points (e.g., “no MFA,” “unpatched OS”) to use in emails, ensuring you can link issues to recommendations.

- **Flexibility:** Be ready to skip less critical questions (e.g., cloud services if not mentioned) to focus on scenario-specific ones (e.g., suspicious logins).

- **Review:** After drafting questions, check for:

  - Technical accuracy (e.g., correct use of MFA, IDS).

  - Scenario alignment (e.g., mention “file server” for Swift FinTech).

  - No overlap or irrelevance (e.g., exclude budget questions).


### Summary

To always get full marks (6/6) for the Task 2 interview, ask questions covering these 14 topics: network topology, operating systems, access control, remote access, data protection, network security, endpoint security, employee training, physical security, incident response, compliance, audits, threat detection, and expansion (if applicable). The sample set of 25 questions provides a comprehensive, adaptable template, ensuring technical depth, scenario relevance, and actionable responses. By preparing questions systematically, avoiding common pitfalls (e.g., irrelevance, repetition), and tailoring to the scenario, you’ll demonstrate A* level expertise and secure full marks. For specific scenarios, adapt the questions to include named systems (e.g., “NAS,” “file server”) or issues (e.g., “malware,” “suspicious logins”), and ensure your emails reflect the data gathered.


If you have a specific scenario or need help adapting these questions further, share the details, and I’ll customize them!


Comments

Post a Comment

Popular posts from this blog

TASK 1 MINE FULL

Image
      Introduction   I am a consultant who is working with TeachTechNow and I have been asked to make recommendations to secure the network and to resolve some specific issues that have been brought to my attention to the office there are currently a range of different issues and I will talk about them specifically what they are and what to do and how to mitigate these risks. I have been also told that that several organisations within the same sector have experienced successful cyber attacks and the board of directors are concerned with the management of the it systems at TeachTechNow and the impact it could have on their reputations so it is my job to ensure this does not happen and is prevented.         Overview of current issues:   Outdated operating systems One of the many factors that are making TeachTechNow have a insecure network is that they have old os systems and this is a major flaw and due to t...
Read more

Eveything TASK format

 You're in excellent shape — and yes, based on what you've now completed and plan to finish, you are in a strong position to earn full marks (6/6) for both parts of Task 4 , if you follow through properly . ✅ Let’s go over it clearly: 🧾 Part 1: Satisfaction Survey (6 marks) You already: ✔ Wrote thoughtful, varied questions ✔ Covered all required topics (ease of use, security, VPN/cloud access, confidence, secure work) ✔ Included different question types (tick boxes, yes/no, open, ranking, Likert scale) ✔ Aimed it at non-technical users ✔ Planned to add in formatting later (which is fine — it's expected) ➡️ As long as you add in the actual tick boxes, scales, and fix spelling/grammar , you’ll get full marks . 📄 Part 2: Project Summary (6 marks) You now have: ✔ A detailed overview of the original network weaknesses ✔ A clear list of solutions you implemented (cloud storage, VPN, hardware) ✔ A breakdown of security issues mitigated ✔ ...
Read more

Full format what i done at home questions

 Perfect — to help you achieve full marks (6 marks) on the sample satisfaction survey for Task 4, here's a fully expanded and professionally formatted version with a wide variety of question types , including: ✅ Yes/No ✅ Tick boxes ✅ Open-ended ✅ Ranking (1–10) ✅ Likert scale (Strongly Agree → Strongly Disagree) This version is clearly laid out, accessible for non-technical users , and specifically covers: Ease of use Network security Ability to connect to resources (especially via cloud/VPN) Confidence in security Ability to work securely and efficiently 📋 NexaTech IT Solutions – User Satisfaction Survey Thank you for taking part in this short survey. Your feedback helps us evaluate the effectiveness of our recent system upgrades, including new cloud storage and cloud-based VPN access. Section 1: General Usage and Frequency 1.1 Which department are you in? ☐ Finance  ☐ HR  ☐ Sales  ☐ IT  ☐ Operations  ☐ Other: ___________ 1.2 How often do you use...
Read more