Saturday, May 15, 2010

ICAT5082A Manage the testing process

Unit Contents

Tests are procedures performed to verify that a new software product complies with specific requirements. Confidence in the new software is gained by providing the user with objective evidence that the product performs as expected. This evidence is represented by data collected from the testing process.

Managing the testing process requires:

  • sequencing of the test events throughout software development
  • establishing and running of reviews to examine the status of tests
  • re-scheduling tasks for product modification
  • allocating resources
  • monitoring the completeness of the testing process
  • coordinating the movement of the software into the business environment.

In quality assurance systems, documentation drives the testing process. The foundation document that guides the testing process is the test plan.

This unit (ICAT5082A) gives you the skills to plan and manage the testing process to an industry standard. You will learn about creating and reviewing the test plan; allocating human and environmental resources; analysing risk and contingency planning; assessing test progress and metrics; managing and evaluating the test team; analysing results; defect correction and re-testing process; managing software migration between environments and version control.

Unit topics

1. Develop the test schedule

Review and approve the test plan, objectives and risk analysis, and allocate resources according to testing timeline established in the test schedule.

Activity 1.1 test case type classification

Q1a: Read test case 1 and answer the following question.

Test case 1

Task B10: Find information in Month view of Calendar

This task asked participants to determine the time and owner of a specified appointment. At the start of the task, the specified appointment was already displayed in the month view. The meeting time could be obtained via the item’s popup or by opening the item, but the item’s owner could only be obtained via the item’s popup.

Q: During which type of testing will test case 1 be performed?

A: This is an usability test case performed during system testing.

Q: During which type of test would 'Task 314: Test upper and lower bounds of array' be performed?

A: This type is performing as unit tasting part.

Q: During which type of test would test 32B be performed? (According to case 2)

Test case 2

Test 32B: Test for the ‘Proxy’ preference pane

Estimated Time to verify test case: 00:15.0

Procedure

User to verify proxy settings for PNA, RTSP and HTTP traffic.

Expected result

The settings for PNA, RTSP and HTTP traffic must be configurable for network environments where proxies are used within the allotted time.

A: Test 32B: Test for the ‘Proxy’ preference pane would be performed as part of User Acceptance Testing (UAT).

Activity 2 — Gantt charts

The following table represents tasks performed during testing in a Gantt chart. First, on a sheet of pater sketch the Gantt chart that represents the table, the answer the four question to follow.

Gantt chart details

Table 1: Tasks for Gantt chart

The critical path is the series of tasks that determine the end date of testing. That is, when the last task in the critical path is completed, the testing is completed.

A critical task is a task that cannot be delayed without affecting the test date.

Referring to Gantt chart above there are shown the critical path are Task C, D, E, F that take time by 11 days. Also Tasks A, B, G are non-critical.

Q: The project manager wants the testing completed two days earlier than scheduled and has allocated another tester to the test processing for two days. Which task or tasks could you assign this tester to?

A:
I will assign this tester to any of the tasks in the critical path. That is, C, D, E, F or any combination of these tasks.

2. Complete IT test procedures

Migrate source code, data and executables through the development, testing and production environments and manage the test team.

Activity 2.1 allocating resources, to read the scenario below and answer all three questions.

Tester’s experience: scenario

You have been sent a software tester’s résumé and are required to fill some resource gaps in your test schedule.

Here is an excerpt from the skills section of her resume.

Skills and experience summary

Use case design

2 months

Creation of VBS test case scripts

9 months

Configuration of hardware/operating systems

2 years

Configuration XYZ automated testing software

1 year

Programming experience in C#

2 years

Generation of unit test cases for C# language

2 years

Q: You require the objectives, requirements and scope of the test plan to be reviewed and updated urgently. Does the tester in the scenario have the relevant experience?

A: The answer is no, because of this applicant has a stronger background in development rather than testing and no high level testing experience is conveyed by her resume. Given the urgency of the task, this person’s experience does not make her an appropriate choice for this task.

Q: No one has been allocated to review documentation compliance. Is the tester in the scenario an appropriate person for this task?

A: The answer is no, Although no documentation compliance experience is conveyed by her résumé, the documentation compliance review is relatively simple once the internal or external documentation standard has been determined and documentation made available for review. The applicants experience is not specific to documentation compliance, but her IT background and ability for follow procedures would be adequate for this purpose.

Q: You need someone to set up the test environment. Which of her following skills are appropriate to this?

A: A creation of VBS test case scripts, configuration of hardware/operating systems and configuration XYZ automated testing software.

Activity 2.2 version control

During testing of software on a live system a user reports an error in a program module. Programmers fix the problem and re-run the test. This time the module causes no problem, but a related module demonstrates an error fixed by programmers two weeks ago.

Q:

A: It could be the case the software modifications to one module could influence another, especially if they are related. Commonly errors like this occur when programs are copied from the operating environment to the development environment, fixed and copied back along with prior versions of other modules.

3. Review the completeness and accuracy of the system

Execute the system test and review the results. Determine defects and apply procedures to complete and document the outcomes of the system test.

Activity 3.1 evaluating test case results

You are evaluating recorded results from a testing process with the three defect classifications:

  • Critical
  • Major
  • Minor

Classify the following observed errors.

Q: An error message is not displayed when invalid blank user name is entered.

A: It is a major defect but the system is still usable.

Q: The price entered in the web form is not displayed in the order query screen of the network software.

A: It is critical because the system is unusable if the customer cannot view products.

Q: The first product record is not listed; the program crashes when accessing an empty database table.

A: Minor, variances are only minimal, and represent annoyances only.

Activity 3.2 test metrics

To answer the following two questions, go to the example of a test metric as the percentage of unit testing performed

Test metrics — unit testing percentages

One test metric is the percentage of unit testing performed.

This could be defined by a formula such as:

Unit test percentage = 100 x lines of code unit tested / (total lines of code - line of code in header files)

This indicates how much of the projects source code has been unit tested (excluding header files). A project being tested has only four files:

Name

File type

Lines of code

Header.h

Header

100

Prg1.c

Source Code

300

Prg2.c

Source Code

200

Prg3.c

Source Code

100

Q: If only Prg1.c has been unit tested, what is the unit test percentage?


A: 60%


Q: If Prg1.c and Prg2.c has been unit tested, what is the unit test percentage?

A:
80%

ICAS5102A Establish and maintain client user liaison

Unit contents

Once the critical business functions have been identified and analysed in a business and an appropriate new system has been implemented you will need to establish and maintain a liaison with the client. This will enable you to accurately assess the required support needs for the new system. To do this you will need to develop support procedures and assign suitably skilled people to the various support roles.

This unit (ICAS5102A) will give you the knowledge and skills to analyse business IT systems and identify and establish appropriate support systems.

Unit topics

1. Determine support areas

In this topic you will learn how to identify and record information technology used in the organisation. You will also learn how to identify stakeholders of the system, understand the organisational structure, culture and politics in relation to support requirements in order to be able to determine what level of support is required by each organisational unit.

Activity 1.1 Identify information technology

Read the scenario and answer the questions that follow:

Scenario: 4Sale Books Pty Ltd is a bookstore located in the Adelaide central business district. The business occupies two levels of an office building connected by escalators and lifts. 4Sale Books employs approximately six sales staff, one manager, one administrative officer, a bookkeeper and a marketing manager. They have an Ethernet network consisting of six PCs, two switches, a router and three printers. They use the SlowBooks software to manage their entire business, including sales, inventory, ordering, accounts receivable, accounts payable, payroll and employee management. They also have two EFTPOS terminals (one on each floor).

4Sale Books has a Linux server that stores all of the data (including the SlowBooks database). The server is backed up to tape regularly. They also have a website on which customers can browse the product catalogue and view current specials. They also lease a telephone system from NWR Telecoms. The phone system consists of a main switchboard and five remote phones with three incoming lines and a message-on-hold queue system.

Q: List the technology in use in 4Sale Books and consider the following:

  • What sort of support does the technology require?
  • Who is likely to provide this support?
  • Does the support arrangement already exist?

Present the analysis in a table such as the one below. Some rows have been filled in as an example to assist you.

Table 1: Technology analysis

A: This following table is a technology analysis that explain about

Table: Technology analysis

Activity 1.2 Identify stakeholders and project sponsor

The questions that follow are based on the organisational chart shown below:

Figure 1: Organisational chart

Q1. If you were building a website for the organisation represented by the organisational chart provided above, who would you identify as the stakeholder in this project?

A: All the staff in the organisation is need to be including in the stakeholder there are consiting with the business owner, the relevant manager, the local workers, and the remote workers as they either affect the project or are affected by it.

Q2. If you were building a website for the organisation represented by the organisational chart provided here, who would you identify as the project sponsor?

A: The project sponsor in this case is the business owner.

Activity 1.3 Identifying support requirements

Q: If you were implementing a website for a customer that consisted of a large number of static and dynamic web pages such as an electronic store with a database backend, what possible support functions could you implement?

A: I am going to implement the following support functions:
  • maintenance of content
  • writing new content
  • checking of links
  • database administration – (eg. users, security, backup, recovery)
  • version control
  • uploading of new content
  • troubleshooting site and server based problems
  • customisation of site
  • web programming
  • user and administrator training
2. Develop support procedures

In this topic you will learn how to verify support needs, establish support procedures and write a service level agreement to meet customer expectations.

Activity 2.1 Customer support procedures

Q: Think about one positive and negative assistance with a telecommunications company an ISP or a computer supplier. What support aspects were professional and unprofessional in each? (Your experience may be via telephone, email or even voice recognition). Think about the following question: How long did the support process take? Were the steps logical? Did they solve your problem? Was the call deflected to another area? Can you think of a strategy to deal with the negative service situation that you described?

A: In my case, i made a call to ask iinet that is my ISP about how to set up my internet connection with new modem. In that case i had talk with a technician support that told me how to set up with step by step. There was very easy for me to follow but that is not success in the first time. So, i have to try again with another way to done set up step that took my time nearly 45 mins. All that period, the technician support was try to suggest and help me to do set up step with a very gentle and genetic voice that make me feel so great. because, i was not to understand quite well in English but he was explain again and again or try to choose easy word to talk with me until we were finished set up.

3. Assign support personnel

In this topic you will identify IT skills required to assist each organisational unit with support activities and assign personnel according to human resource processes. You will also learn how to provide support using agreed procedures and obtain regular feedback on allocated support.

Activity 3.1 Skills categories

Complete the online matching activity on skills categories


Activity 3.2 Review job placement ads

Q: Log on to an online recruitment site such as https://jobs.nsw.gov.au. Look at how their advertisements are written for IT roles and non-IT roles. Are the ads effective? What could be improved? Select two or three samples and analyse them. What is it that makes them effective/ineffective?

A: Most of the ads are have a similar requirement as the following:
  • language
  • length of ad
  • jargon
  • skill mix (is too much expected?)
  • sales pitch (did it motivate or excite you?)
  • title (did it grab your attention?)
  • positioning (was it the first on the list or 131st?).

ICAA5056A Prepare disaster recovery and contingency plans

Sunday, February 21, 2010

ICAT5077A Develop detailed test plan

1. Client Acceptance Resource Pack

Review System Requirements

Prior to testing a website or system, the product may have gone through a number of phases. One of these phases is a requirements analysis where information is obtained from the client about what the system should achieve, what functions it should / should not perform and what business requirements should be addressed. The documentation would also include technical specifications, initial designs and project plans. The output from this phase are the 'Requirements Reports' and 'Project Plans'.

The Requirements Report outlines the purpose for which a system is required. It may specify mandatory and optional requirements. These are sometimes in order of priority.

In addition there will be industry-based specifications and standards.
You may also consider a review of legal requirements. These may include:

* Privacy. When personal information may be transmitted, published, solicited and collected via the internet the relevant privacy implications must be considered.
* Restricted content. Content with a sensitive or offensive nature may not be published without restrictions.
* Copyright. The Copyright Act includes legislation regarding the use of copyright material on-line.
* Encryption and security. Encryption and security may be required when information is transmitted over the Internet. Encryption and security may be associated with financial transactions, confidential documents, personal information and military information.
* Accessibility. Disability Discrimination applies to WWW in Australia - read World Wide Web Access: Disability Discrimination Act Advisory Notes.

For a website, there will be many requirements that need to be met. The client may request testing of each and every requirement to make sure it has been achieved. Alternatively the client may take a risk-based approach, in which case only those areas of high risk which have a high likelihood of being incomplete or unsatisfactory and also have a high impact or high severity associated with the client's business or product quality may be assessed.

This process will enable the identification and selection of mandatory and optional criteria for the system and enable the development of acceptance criteria.

Develop the Test Plan

After the acceptance criteria have been determined and agreed on, the next step is to incorporate these into a formal test plan. The test plan provides the agreed framework against which the test will be conducted. In any tightly-focused test, the plan should detail the items listed in the example below.
Resources for the test would include:

People (Developers, Users, Subject Matter Experts), equipment and documents that provide measurement criteria (Functional Requirements, Technical Specifications, Initial Designs).

People: Who does the testing?

Some people know how software works (developers) and others just use it (users). Accordingly, any testing by users or other non-developers is sometimes called "black box" testing. Developer testing is called "white box" testing. The distinction here is based on what the person knows or can understand.

Definitions:

* Black Box Testing
Also known as functional testing. A software testing technique whereby the internal workings of the item being tested are not known by the tester. For example, in a black box test on software design, the tester only knows the inputs and what the expected outcomes should be and not how the program arrives at those outputs. The tester does not ever examine the programming code and does not need any further knowledge of the program other than its specifications.
* White Box Testing
Also known as glass box, structural, clear box and open box testing. A software testing technique whereby explicit knowledge of the internal workings of the item being tested are used to select the test data. Unlike black box testing, white box testing uses specific knowledge of programming code to examine outputs. The test is accurate only if the tester knows what the program is supposed to do. He or she can then see if the program diverges from its intended goal. White box testing does not account for errors caused by omission and all visible code must also be readable.

Review the Test Plan

Following development of the plan, a quality review and validation is required.

The objective of this review and validation is to confirm that the test plan, when implemented, will achieve the intended outcome. That is - 'Provide the client with confidence that the product will perform as expected'.

This review is preferably performed by someone independent from the test plan author.

The review should address the following criteria:

* The plan execution is feasible in terms of resource requirements, timeframe, and practical implementation.
* All plan activities are - Relevant, Specific and Measurable.
* All plan activities conform to the client business standards, policies and procedures.
* All plan activities focus on the objective of proving that the system or component satisfies the relevant acceptance criteria.
* The plan execution will produce timely, meaningful and relevant information.
* The plan output information will be in a format and content suitable to the user's level of understanding and knowledge.

Notification of Acceptance Test

There should be no surprises for the client who should be closely involved in the development of the acceptance criteria, test plan and relevant resource needs. The client needs to fully understand the processes involved in the plan execution and the required level of involvement. The client should be made aware that this testing provides the opportunity for them to expose the system to all reasonably expected results, prior to going 'live'. The client will be expected to accept ('sign off') at the end of the testing process. This 'sign off' may range from a decision not to implement, through acceptance with conditions, to full implementation.

Copies of any developed user manuals or instruction documentation should be made available in advance of the test to enable prior client training. Examples of system outputs - reports, error messages, on-line user instructions - are also valuable pre-test information for the client.

The communication method will depend on arrangements made with the client; but should allow the opportunity for feedback and clarification if necessary. It should, however, be a formal documented process.

The client should be requested to provide:

* Necessary infrastructure to simulate a 'live' test environment.
* Test data to populate input areas.
* User / customer input forms or data structures.
* People resources to test the system - these can range from Subject Experts to untrained users.

The timetable and location for initial and re-testing (if required) should be agreed with the client prior to the test execution. An indicative timeframe for test result feedback should also be established.

The above arrangements should be made with the authorised business representative for the client. This representative is often established earlier in the original client / developer discussion. It may be appropriate to re-confirm the authorised contact.

Activity 1: Research standards organisations and write brief report

A: The W3C is a company that provides a technical report development process which is the set of steps and requirements followed by W3C Working Groups to standardize Web technology. Through this process, W3C seeks to maximize consensus about the content of a technical report, to ensure high technical and editorial quality, to promote consistency among specifications, and to earn endorsement by W3C and the broader community. Learn more in the introduction to the W3C Process.

Besides, W3C develops technical specifications and guidelines through a process designed to maximize consensus about the content of a technical report, to ensure high technical and editorial quality, and to earn endorsement by W3C and the broader community.

W3C provides a number of views of its specifications, including:

  • by technology topic (such as “all the HTML-related specifications”)
  • by status (this is an approximation of the "classic" TR view, with recent publications at the top and then all specifications grouped by status, from Recommendations to drafts)
  • by date (most recent at the top)
  • by group (who is working on the specification)

Perform Functional Testing

Planning for the test was the first phase of Client Acceptance Testing. The planning process involved scoping of acceptance criteria based on the system requirements and formulating and documenting a test plan for communication to the client. It also completed the preparation work by scheduling the acceptance test in liaison with the client's authorised representative.

The next phase and the topic of this resource, moves to performing the functional and business process testing in a controlled environment.

This resource focuses on:

  • Setting up the client test environment
  • Performing the test in compliance with acceptance criteria scoping and associated documentation
  • Documenting the results of each test iteration.

During the system's Develop and Document stage in the System Development Life Cycle, bench-testing (often referred to as 'Unit testing') of individual components, processes and other functional aspects (code, connectivity, etc) would have occurred. This testing is generally performed by the development team to ensure that what they have created is stable and functional. They might test that:

  • They cover all the lines and logic paths through their code
  • All the screens flow backwards and forwards in the correct order
  • The software meets the functions specified (e.g. calculations are correct, reports have correct columns, screens have correct validation)

This testing might not be done through the application itself (often because it has not been completely built while they are testing), so they might only add a few records, maybe by editing the file/table and adding the records, rather than using a 'Record Entry Screen'. Also, as the developers are testing their own work, there is a tendency to skip areas they 'know there will not be a problem'.

This development testing may also have involved system prototyping which has enabled client review during development.

In the system's Implementation stage, we first move to a controlled test in a 'live' environment, where the system can be subjected to final independent client rigour. A well-designed client test gives a complete 'business coverage' (as opposed to code or logic path coverage). It tests all the transactions that the client or end-users run and will highlight any potential areas of adverse impact on the business process.

Following a satisfactory acceptance test, the system can safely progress to final real-time implementation and subsequent Maintenance stage.

Activities 2: Research on automated testing tools

Tuesday, January 26, 2010

ICAS3120 Configure and administer a network operating system

This unit is about setting up the network configuration required by a client, and using administrative tools to manage a network.

In this unit you’ll do ten tasks for a company called Call Centres R Us, to allow you to demonstrate your skills and knowledge in administering and configuring a network operating system. To do these tasks you’ll need to be able to:

  • Review network policies.
  • Create an interface with existing system.
  • Set up and manage the network file system.
  • Manage user services.
  • Monitor user accounts.
  • Provide and support backup security.
Welcome to Call Centres R Us. We provide call centre services to medium-sized businesses that are not large enough to warrant their own call centre, but have sufficient calls to make it worthwhile to use our services in telecommunications and IT systems. We have a reputation for quality and timely service.

We’ve grown rapidly over the last few years and have matured as a company. There’s the need to make sure that all IT systems are adhering to procedures and are well controlled. We recognise the need to formulate the best practices to be followed and then ensure that we do, in fact, follow them. In particular, we need to review the internal networks that are used in the company and this is where you come in.

Task 1: Identify and Select administration tools

In this unit will find out how to review organisational policies to identify the need for network administration. You will then see how to identify the appropriate tools and make suggestions to fill in any gaps in requirements. You will need to consider the type and levels of services required by the organisation in deciding when and how to make use of the tools, and whether to recommend any third party products. It will also be important that you become proficient in the use of these tools to keep the network operational and service your users.

Activity 1.1 Summarise impact of policies

Q: Write a report that summarises the impact that these policies will have on your network administration.

A: In the report should have covered the following issues:
  • There should be a regular review of old and/or temporary files to ensure that they are being deleted.
  • Disks should be regularly checked for errors.
  • Disks also need to be defragged if that is a requirement of the file system that they have been created with.
  • Unused software should be identified and removed.
  • There must be a process for updating the service packs for the operating system.
  • User names must be at least eight characters in length. If possible this should be a setting in the user creation process.
  • User access will be stored separately and show the folders that they can access.
Activity 1.2 Identify tools

Using any operating system that you have access to (ideally a networking operating system) identify the built-in tools that will help you carry out the administration functions you identified in Activity 1.

  • The ability to search for files with a certain ‘Last Modified’ date.
  • Disk Defragment utility.
Activity 1. 3 Recommend a virus checkerScenario

Q: You realise that your organisation does not have a virus checker installed. Write a report to senior management outlining your recommendations.

A:
In the report should have covered the following matters:
  • Virus checking is a requirement of the policy document.
  • There is a real threat of virus attack. You may even have found statistics on the Internet showing the number of incidents to support your assertion.
  • You can briefly describe the impact of viruses and the disruption they cause to business. These should be expressed in business terms such as lost days of production, not in terms of ‘boot sector‘ virus.
  • You should have evaluated a couple of product options and calculated the cost per user of implementing your proposal.
  • You can summarise why management should support your proposal.
Task 2: Determine and document settings and parameters

This unit will discuss the importance of keeping track of the various settings and configuration parameters that have been used in a network. The policy and procedures document will normally summarise the information that needs to be recorded, and administration tools can be used to identify the settings. These should then be recorded in the appropriate format, to be used both for troubleshooting and also for future maintenance and upgrading. Then will also introduce some common network settings.

Activity 2.1 Identify information

For a computer that you have access, to identify the following information:

  1. the computer name
  2. the operating system and version being used
  3. any network that the computer is currently part of
  4. the processor and memory in the computer.
A: In case of using a computer running Windows XP you can get the information as follows:
  1. Control Panel, System, Computer Name and then reviewing the Computer description.
  2. Control Panel, System, General and then reviewing the System information.
  3. Control Panel, System, Computer Name and then reviewing the Workgroup information.
  4. Control Panel, System, General and then reviewing the Computer information.
Activity 2.2 Identify Port Numbers

Using any network operating system running server applications that you have access to, identify the Port numbers that are currently in use on that server.
Proto Local Address Foreign Address State
TCP Servername:smtp 0.0.0.0:0 LISTENING
TCP Servername:http 0.0.0.0:0 LISTENING
TCP Servername:epmap 0.0.0.0:0 LISTENING
TCP Servername:251 0.0.0.0:0 LISTENING
TCP Servername:ldap 0.0.0.0:0 LISTENING
TCP Servername:390 0.0.0.0:0 LISTENING
TCP Servername:395 0.0.0.0:0 LISTENING
TCP Servername:https 0.0.0.0:0 LISTENING
TCP Servername:1024 0.0.0.0:0 LISTENING
TCP Servername:1025 0.0.0.0:0 LISTENING
TCP Servername:1034 0.0.0.0:0 LISTENING
TCP Servername:1037 0.0.0.0:0 LISTENING
TCP Servername:1040 0.0.0.0:0 LISTENING
TCP Servername:1042 0.0.0.0:0 LISTENING
TCP Servername:1043 0.0.0.0:0 LISTENING
TCP Servername:1046 0.0.0.0:0 LISTENING
TCP Servername:1048 0.0.0.0:0 LISTENING
TCP Servername:1050 0.0.0.0:0 LISTENING
The numbers after the computer name (Servername) are the port numbers that are currently in use on that computer. If the standard port number is being used by a TCP/IP service such as FTP or SMTP then the name of the service is shown instead of the port number.

Activity 2.3 Discover IP subnet mask
You want to use a fixed IP address that will connect to the network, for a client. To do this you must identify the IP subnet mask used on the server.
Using any network operating system that you have access to, discover the IP subnet mask that is in use.

A: With a Windows-based server you would identify the IP subnet mask by selecting the following options:

Select Network Connection, right click on the appropriate LAN connection interface component, select Properties, click on the Internet Protocol Item, and select Properties. The screen (see example below) will show you the subnet mask.

An alternative is to use the command line utility ipconfig. This will return information about the network connection as follows:
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix:
IP Address 192.16.1.16
Subnet Mask 255.255.255.0

Default Gateway
Task 3: Configure and test applications

This unit will discuss how to review the network in order to identify required configurations for applications, and how to ensure applications are multi-user and network capable. An essential role of the Network Administrator will be to ensure that an application can be, and is, configured to work on the network. Prior to installation, the Network Administrator must verify that the network will support the application, especially if it is a new application. As a network consists of many components, it is important to ensure that as changes are made to support one application, these changes do not cause problems elsewhere. This can be achieved by testing the operation of applications and the network regularly.

Activity 3.1 Client–server technology

Q: Summarise in a report why databases using client–server technology may improve performance of data access across a wide area network.

A:
Client–server technology breaks the process into two parts. The client side which is concerned with presentation to the user and the server side that undertakes all the hard work. So if a user requests a report the client computer send packets of data to the client which reflects this request. At the server the system will work out what is needed to put this report together and may extract sufficient data for the first and subsequent pages. To improve performance an amount of RAM may be used to store data retrieved from the database and have it quickly available for the next request. This is known as caching.

Activity 3.2 Test of multi user database

Q: How could you test that a database allows appropriate multi user access? What sort of test processes would you want to consider?

A:
In order to test the successful operation of a multi-user database you would need to consider the following processes:
  • ability to access the database from different parts of the network simultaneously
  • options to open the database in different modes such as Read Only or for Update — this will depend upon the database product in use
  • testing to ensure that the database handles a ‘deadly embrace’ situation
  • messages that appear if records are locked
  • how data changed by one user appears to another user.
Task 4: Design and build a network folder structure

For organisations with large disk drives or storage units and thousands of files that need to be stored, it is important that there is a structure to facilitate access. One approach is to use separate physical hard drives to separate different type of files. Even so, it is still important for each disk to have a logical folder structure. As with many of the Network Administrator tasks, it is important to review the organisational procedures and make sure that the approach taken adheres to the required standards.

Activity 4.1 Understand folder structure

Use your own computer to do this activity.

  1. Look in the Program Files folder.
  2. Select three or four programs that you have there and summarise the folder structure that they use.
  3. Try to identify where any data is stored.
  • Comment on whether you think the structure and the separation of data and programs is acceptable in terms of best practice.
  • Comment on whether vendors seem to be adopting similar approaches to the folder structures that they develop.
A: While the results will differ depending upon the software you have you, may have discovered the following requirements:
  • Some applications create log files which are often in a folder called Logs.
  • A folder called Bin is often used for the main program files.
  • Help and manuals may be in a folder called Documents (or Help). If multilingual, there may be sub folders for each language.
  • Data files should be able to be separated from the application.
  • There is often no similarity between vendors as to the folder structure that they require, other than the fact that they will install into the Program Files folder, although not all do even this.
Activity 4.2 Build a folder structure

Build the following folder structure on a hard drive.

Folder structure


A: The structure will look like the following:










T
ask 5: Administer user accounts

This task shows you how to administer user accounts so that data and information can be shared amongst users, to increase an organisation’s productivity. The data on a computer system has value to its users as well as to the organisation, so techniques are required that allow users to access the same data and information, but only allowing one user at a time to modify that data or information. Similarly, in a manual system where documents are used by more than one person at a time, a copy of the document would have to be created in order for others to use that document simultaneously.

Activity 5.1 Document user accounts

Look at these user account screens (for setting up a new user) for Windows 2003 Server and Windows XP. You have been asked to provide advice to managers so that they can supply the necessary information required for these screens.

Figure 1: New User screen from Windows 2003 Server

Figure 2: User Accounts screen from Windows XP

Q: What do you need to consider in order to identify what information will need to be supplied for the above user account screens?

A:
The answer will depend on the organisation’s security procedures. Some of the data will be determined by the procedures. For example, an organisation may have decided that users cannot change their own passwords. In this case, the ‘user cannot change password’ box will always be checked.
  • username to be surname plus initial
  • initial password to be the username but users must change at next logon
  • users can change their own password
  • passwords to be changed every 30 days.

Activity 5.2 Manage user passwords

Q: What is the most important issue that you need to consider when developing the procedures for the Network Administrator to deal with forgotten passwords? Suggest some ways of dealing with this issue.

A:
The most important issue to be dealt with is for the administrator to verify that the user requesting a replacement password is, indeed, who they say they are. There are several ways that this may be dealt with, including:
  • storing personal details about the user such as date of birth or a PIN that the user must quote
  • channelling such requests through the user’s manager in writing — a good reason to keep hard copy records of the account creation for users
  • monitoring the frequency of such requests. For example, if a hacker requests a change then the real user will not be able to log on. This user will then request a new password. Two requests in a few days could indicate a problem.
Activity 5.3 Manage users that leaveQ: List some of these IT security procedures you need to consider and follow.
  • What is to happen to all the files and documents that the outgoing person created? Prior to computers, the new person would look through the filing cabinets in the office. Today, they need to look through the electronic files and review documents, spreadsheets, databases, etc.
  • Mail may have been addressed to the former employee and could be forwarded to the new person. Does email need a similar process to be implemented or should the manager get all mail intended for someone who no longer works in the company?
  • Does the new user account (for the new person) immediately update all telephone lists and other directories that may be on the system?
Task 6: Provide secure access to network resources

A system giving unlimited access to all users is the most vulnerable system in terms of security. So, once a user account has been created on the system, it’s necessary to set the access rights for that user. The organisational security guidelines that we are required to follow should establish the required access limits, taking into account the identified risks to the system and data. In order to perform this process with efficiency we must try to ensure there is a balance between organisational security and convenience for users.

Activity 6.1 Control user access

You have received a work order from Stanley Holloway, the Systems Engineer of Forth Management Associates, requesting you to change access rights for two employees:

He wants you to alter the current open access of all times for Caroline Weller who works Monday to Friday 9:00 to 17:00, with the exception of Thursday when she works 8:00 to 13:00. You have been asked to set her logon hours accordingly.

Additionally, Brian Fellowes, in Accounting, uses two workstations that have a Windows 98 platform: accounting1 and accounting2, and you have been asked to set his access rights to those two machines only.

Q: Your task for this activity is to set up the user access for two users, using the above requirements.

A: Compare the following two screen shots with your results:

Figure 1: Logon hours for Caroline Weller

Figure 2: Restricted workstation access for Brian Fellowes

Activity 6.2 Document a file system

You have been asked to document the file system with the following properties:

  • Physical drive 0 has the operating system.
  • The inetpub folder contains the default web page and program files, etc.
  • Physical drive 1 is partitioned as a primary and extended logical drive with data on each partition.
    • One partition contains data for the Legal Department — for both individual user directories and shared directories for sub sections within the Legal Department.
    • The other partition is for the Accounting Department with directories developed in a similar manner to Legal’s.

Q: Your task is to create a graphical representation of this system. Eg think along the lines of a flow chart, or process chart.

A: It’s quite good to document the file system graphically, as well as with written specifications. Here’s an example of how this might look:

Figure 3: File system

Activity 6.3 Make a security access register entry

The security for the new Legal Department employee, Caroline Weller, was configured on 28/07/04 by David Glass, Network Administrator, with approval from Stanley Holloway, Systems Engineer.

Caroline’s logon name is cweller and her supervisor is Gavin Masters, Senior Counsel at Forth Management Associates.

Caroline can log on to the local domain and has no additional privileges.

Q: Record a security access registry entry to satisfy the above details.

A: This following table shows the
Example entry.


Task 7: Evaluate, design and implement appropriate network services

As networks are implemented to provide services to users, an essential network administration role is to find out what users want and then set up the services accordingly. This Learning Pack will show you how to evaluate user requirements to design network services, and then how to implement services using appropriate administration tools.

Activity 7.1 Determine user requirements

Consider a small office with, say, four or five users. They each had a dialup connection to the Internet. The company has now installed a network and wants users to be able to share a link to the Internet.
Q: What do you think the typical user requirements would be for such a network service?

A: Typical requirements would be:
  • high-speed Internet access to allow for the transfer of files and documents
  • single link to the Internet with shared access
  • full time Internet access
  • able to send emails within the office and to external recipients
  • secure Internet access with the need for internal or external firewalls.
Task 8: Detect and remove viruses from the network

Viruses are now, unfortunately, a fact of life. Many organisations and individuals have suffered from a virus. It is essential that the Network Administrator ensures that the network is protected in accordance with organisational guidelines. This Learning Pack will show you how to review organisational policies to identify the virus protection requirements. You will then see how to implement the virus protection tools, and how to scan and clean the network. It is important that you become proficient in the use of virus protection tools to keep the network operational and servicing the users.

Activity 8.1 Summarise virus issues and impact

Review the policy and procedures document for the company Call Centres R Us. Identify what this document states about viruses.

Q: Summarise the issues and how these should inform the work of the Network Administrator.

A: The policy standards for viruses and issues for the Network Administrator may be summarised as follows:

Activity 8.2 Research current viruses and advise users
  1. Obtain information about current virus scares that are currently occurring.
  2. Analyse the virus threats to users.
Q: Write a report that could be sent to users explaining to them what the virus does and what they should be looking out for.

A: The following example describes information about a virus called W32/Bagle.aa@MM.
  • The virus is transmitted by email.
  • It can send outgoing messages from your PC.
  • It can use your email addresses.
  • It uses several subjects in the email such as Re: Document. Changes, Re: Thank you!, etc.
  • An attachment can be called Information, Details, Joke, etc.
  • Copies itself to the C:\WINNT\SYSTEM32 directory as drvddll.exe.
  • Tries to stop security programs running such as virus checkers and firewalls.
  • Opens port 2535 on target PC.
Activity 8.3 Propose using virus protection software

You discover that many users are not using virus protection software on their PCs.

Q: Write a report to senior management describing why this should be corrected as soon as possible.

A: The report should have covered the following points:
  • Virus checking is a requirement of the policy document.
  • There is a real threat of virus attack. (You may even have found statistics on the Internet showing the number of incidents to support your assertion).
  • You can briefly describe the impact of viruses and the disruption they cause to business. These should be expressed in business terms such as lost days of production, not in terms of ‘boot sector’ virus.
  • You should have evaluated a couple of product options and calculated the cost of implementing your proposal.
  • Finish with a summary of why management should support your proposal.
Task 9: Determine the risk to network data and provide data recovery services according to organisational procedures

Network Administrators need to determine the security requirements of an organisation, identify the risks to security, and make use of a disaster recovery plan (DRP) in the event of a minor or major disaster situation. Before an organisation can develop a DRP it needs to undertake a risk analysis to gauge the impact of loss and threats to the network. Contributing to the risk analysis is part of the role of a Network Administrators. You will not be expected to undertake a full risk analysis, but rather contribute to it, especially by providing technical issues and recovery options.

Activity 9.1 Summarise the impact of policies

Review the policy and procedures document for the company Call Centres R US.

Q: Write a report that summarises the impact that these policies will have on risk analysis and disaster recovery.

A: The report should have covered the following points:
  • Disaster and recovery planning is a part of the policy standards.
  • Risk analysis needs to be undertaken regularly.
  • Measures to be employed must be cost effective.
  • Major changes need a further risk assessment.
  • Backup procedures are documented.
  • Backup procedures can only be completed after the risk assessment is completed.
  • A backup log is specified.
  • Systems are critical if they impact external clients.
  • Support staff are able to work on all hardware except for monitors.
Activity 9.2 Identify built-in facilities

Imagine that a risk analysis determined that customer files are commercially confidential and need to be protected from unauthorised access.

Q: Using any operating system that you have access to (ideally a networking operating system) identify the built-in facilities that will help stop unauthorised access to data files.

A: The response will depend upon the operating system you use, but as an example, with Windows Server you could have identified:
  • the use of encryption using public keys
  • the use of cryptography to protect data transmission
  • the use of an audit to track file accesses
  • the restricted use of shared folder permissions
  • the use of NTFS permissions.

One important disaster recovery option is to make use of uninterruptible power supplies (UPS) to allow servers to shut down properly.

Q: Review your network operating system and identify any support it may have for a UPS.

A: There are some examples, with Windows 2000 server:
  • You should check that the UPS is listed on the Hardware Compatibility List (HCL).
  • You can connect the UPS with a serial cable so the UPS can notify the server that power had been lost.
  • You can specify the conditions that will trigger a shut down on the server.
  • You can set the time internal for sending messages after power failure.
Note: The certain UPS vendors may provide their own software to provide additional services that work with their product and various operating systems.

Task 10: Maintain currency of network system security


This unit will show how to access information services and to identify and fix security gaps. Hardly a week goes by without some news of how vulnerable a popular piece of software or common protocol is. Vendors usually respond promptly and make available a fix or workaround for the security gap.

Activity 10.1 Maintain the currency of network system security

Maintaining the currency of network security is so important that it should be part of the procedures of an organisation.

Q: Develop a set of procedures to ensure that this administration task is undertaken.

A: The procedures should have addressed the following issues:

  • hardware and software components that need to be reviewed
  • any automated processes should be reviewed for suitability and where appropriate put in place
  • websites and other sources of information should have been documented
  • a schedule for obtaining incident information should be set
  • procedures for testing new patches.
Activity 10.2 Identify update features

Using any operating system that you have access to (ideally a networking operating system), identify the update features that are built in or available on a website. Run the tool and fix any vulnerabilities.

Q: Report on the software tool you used and the procedure you carried out.

A: The response will depend upon the operating system you use but as an example, with Windows Server you may have downloaded Microsoft Baseline Security Analyzer (MBSA) and used it to evaluate your systems.