Loading...
DAY 2 : MANAGE ENGINE SERVICE DESKPLUS
Quiz by Gaurav Sharma
Customize this quiz to suit your class
Instantly translate to 100+ languages
Tag the questions with any skills you have. Your dashboard will track each student's mastery of each skill.
Give this quiz to my class
Write question 2. Early British Actions in the Colonies In 1760, near the end of the Seven Years’ War, a new British king, George III, began his reign. During his 59-year rule, he resisted revolutionary and Napoleonic France. However, George appointed advisors to manage his more distant foreign affairs in North America. These advisors knew very little about the day-to-day lives of colonists and were soon taking actions that enraged many of them. The Proclamation of 1763 The British government faced many problems after the Seven Years’ War. One was how to protect colonists and their land claims as they pushed westward into areas settled by Indigenous groups. In his Proclamation of 1763, George III said to simply draw a line down the crest of the Appalachian Mountains and order colonists not to settle past the boundary. To colonists whose fortunes were founded on Indigenous land, the king’s order suggested tyranny, or the unjust use of government power. They argued that White colonists had already claimed most of the land east of the Appalachians and that farmers had to move west to find land. Besides, colonists and land investors had already crossed the mountains into Indigenous territory. The British government ignored colonists’ arguments. To control the frontier, it sent an additional 7,500 soldiers to the colonies. The Proclamation of 1763 would later be cited as a grievance in the Declaration of Independence. The Stamp Act The British government had other problems besides stopping colonists from encroaching on Indigenous land. Another dilemma was how to pay off the large debt from the Seven Years’ War. The solution seemed obvious to Prime Minister George Grenville, the leader of the British government. People in Great Britain were already paying taxes on everything from windows to salt. In contrast, American colonists were among the most lightly taxed people in the British Empire. It was time, said Grenville, for them to pay their fair share of the cost of Britain protecting colonists and their interests. In 1765, Grenville proposed a new act, or law, called the Stamp Act, which required colonists to buy a stamp for every piece of paper they used. Newspapers, wills, licenses, and even playing cards had to be printed on stamped paper. Again, the colonists sensed tyranny. One newspaper, The Pennsylvania Journal, said that as soon as “this shocking Act was known, it filled all British America from one End to the other, with Astonishment and Grief.” It was not just the idea of higher taxes that upset the colonists. They were willing to pay taxes passed by their own assemblies, in which their representatives could vote on them. However, because the colonists had no representatives in Parliament, they saw the Stamp Act as a violation of their rights as British subjects. For this reason, they argued Parliament had no right to tax them. “No taxation without representation!” they declared. Loyalists simply refused to buy stamps, while other colonists protested the Stamp Act by sending messages to Parliament. Patriots took more aggressive action. Protesters calling themselves the Sons of Liberty organized in 1765 and began attacking tax collectors’ homes. In Connecticut, they even started to bury one tax collector alive. Only when he heard dirt being shoveled onto his coffin did the terrified tax collector agree to resign from his post. After months of protest, Parliament repealed, or canceled, the Stamp Act. Colonists greeted the news with great celebration. Church bells rang, bands played, and everyone hoped the troubles with Great Britain were over. The Quartering Act As anger over the Stamp Act began to fade, Parliament passed another controversial law in 1765. The Quartering Act ordered colonial assemblies to provide British troops with quarters, or housing. The colonists were also told to furnish the soldiers with “candles, firing, bedding, cooking utensils, salt, vinegar, and . . . beer or cider.” Providing these things for British soldiers cost money. New Jersey protested that the new law was “as much an Act for laying taxes” on the colonists as the Stamp Act. New Yorkers asked why they should pay to keep troops in their colony during peacetime. In 1767, the New York assembly decided not to approve any funds for supplies for the British troops, forcing them to remain on their ships. In retaliation, the British government suspended New York’s assembly until it agreed to obey the Quartering Act. Once again, tempers began to rise on both sides of the Atlantic.Good day this is Chris today we will be doing a quick walkthrough on ISO 14001 2015 Environmental Management System and its main clauses let's get started ISO 14001 2015 Environmental Management System is a globally recognized standard for environment Management systems or EMS an EMS is a framework that organizations use to manage their environmental impact comply with regulations and improve their environmental performance the standard outlines are requirements for an EMS including the development of an environmental policy the identification of environmental aspects and impacts the establishment of objectives and targets the implementation of operational control monitoring and measurement systems and the ongoing review and Improvement of the system ISO 14001 is a flexible standard that can be used by organizations of any size or type regardless of their environment impact or level of environment performance it provides a practical framework for organizations to manage their environmental impact reduce environment risks and demonstrate their commitment on sustainability to their stakeholders here is the standard that provides a structured approach to develop an EMS which includes several key steps one organizations must develop an environmental policy that outlines their commitment to environmental sustainability this policy should be communicated to all employees and stakeholders two organizations must identify their environmental aspects and impacts this involves identifying the activities products and services that have an impact on the environment as well as the potential environmental consequences of those impacts three once the environmental aspects and the impacts have been identified organizations must establish environmental objectives and targets these objectives and targets should be specific measurable achievable relevant and time-bound 4. after setting objectives and targets organizations must Implement operational controls and establish monitoring and measurement systems to ensure that they are meeting their objectives and targets finally organizations must review and continually improve their EMS this involves conducting regular audits reviewing the EMS to ensure that it remains relevant and effective and making any necessary changes or improvements the main Clause of iso 14001 2015 apart from its scope normative references and terms and conditions that the main Clauses of iso 14001 2015 can be listed as context of the organization leadership planning support operation performance evaluation and Improvement Clause 4.0 context of the organization is about understanding the organization and its context understanding the needs and expectations of the interested parties determining the scope of the Environmental Management System EMS and Environmental Management System itself Clause 5.0 talks about leadership and commitment Environmental Policy organizational roles responsibility and authorities Clause 6.0 planning focuses on actions to address risk and opportunities as well as environmental objectives and planning to achieve them Clause 7.0 support are detailed requirements on resources competence awareness communication that includes external and internal communication documented information that involves creating updating in control of documented information Clause 8.0 operation talks about operational planning and control as well as emergency preparedness and response overall the design of iso 14001 2015 provides guidelines to form a system that is structured to cater the requirements of stakeholder needs and expectations to drive life cycle perspective and Energy Efficiency as pictured here Clause 9.0 performance evaluation provides guidelines to monitoring measurement analysis and evaluation evaluation compliance and management review an additional note here is that ISO 19011 2018 guidelines for auditing Management Systems which is an audit process that will determine the scope to establish the audit criteria by collecting evidence evaluating the evidence and then draw a conclusion based on the findings as pictured here [Music] finally Clause 10.0 Improvement talks about how Improvement is an integral factor to an effective Environmental Management system through General non-conformity and corrective action and continual Improvement talking about Improvement it is always continual in putting efforts towards the betterment of the existing system here is a snapshot of the main Clauses of iso 14001 2015 [Music] I hope you find this video useful we are industry experts specialized in management system consultancy and Industry relevant corporate training give us a call and let us help you drive your business excellence and upskill your employees to elevate workplace efficiency [Music] CREATE 10 MCQ AND 2 SAQ QUESTIONS BASED ON THE ABOVE PARAGRAPHThe price of electricity has risen (1) ______ over the last year. A) specially | B) obviously | C) significantly | D) remarkably The heavy rain led to floods, (2) ______ a lot of trouble for local farmers. A) causing | B) making | C) resulting | D) affecting I have never seen (3) ______ a beautiful sunset in my entire life! A) as | B) like | C) so | D) such It is very (4) ______ that some people still don't believe in climate change. A) doubtful | B) suspicious | C) worrying | D) uncertain My brother is learning how to (5) ______ a small business. A) adjust | B) run | C) manage | D) direct Can you (6) ______ the person who took your bag? A) inform | B) identify | C) tell | D) know On a daily (7) ______, we should try to use less plastic. A) basis | B) motive | C) cause | D) method Regular exercise and a healthy diet are very (8) ______ for your heart. A) rewarding | B) valuable | C) beneficial | D) productive She was (9) ______ to win the race, so she practiced every single day. A) fixed | B) decided | C) committed | D) determined An (10) ______ student spends about three hours on homework every evening. A) everyday | B) average | C) normal | D) regularGUIDELINES ON THE ESTABLISHMENT AND IMPLEMENTATION OF THE RESULTS-BASED PERFORMANCE MANAGEMENT SYSTEM IN THE DEPARTMENT OF EDUCATION I. Rationale 1. The Civil Service Commission (CSC), through the issuance of Memorandum Circular (MC) No. 06, series of 2012, sets the guidelines on the establishment and implementation of the Strategic Performance Management System (SPMS) in all government agencies. The SPMS gives emphasis to the strategic alignment of the agency’s thrusts with the day-to-day operation of the units and individual personnel within the organization. It focuses on measures of performance vis-a-vis the targeted milestones, and provides a credible and verifiable basis for assessing the organizational outcomes and the collective performance of the government employees. 2. As a learner-centered institution, the Department of Education (DepEd) is committed to continuously improve itself to better serve the Filipino learners and the community. The adoption of the SPMS in DepEd strengthens the culture of performance and accountability in the agency, with the DepEd’s mandate, vision and mission at its core. 3. There is a need to concretize the linkage between the organizational thrusts and the performance management system. It is important to ensure organizational effectiveness and track individual improvement and efficiency by cascading the institutional accountabilities to the various levels, units and individual personnel, as anchored on the establishment of a rational and factual basis for performance targets and measures. Finally, it is necessary to link the SPMS with other systems relating to human resources and to ensure adherence to the principle of performance-based tenure and incentives. 4. In view of the above, this Order aims to adopt the SPMS as the Results-based Performance Management System (RPMS). II. Scope of Policy 5. This DepEd Order provides for the establishment and implementation of the RPMS in all DepEd schools and offices, covering all officials and employees, school-based and non school-based, in the Department holding regular plantilla positions. It stipulates the specific mechanisms, criteria and processes for the performance target setting, monitoring, evaluation and development planning. IV. Policy Statement 9. The DepEd hereby sets the guidelines on the establishment and implementation of the Results-based Performance Management System (RPMS) in the Department, stipulating the strategies, methods, tools and rewards for assessing the accomplishments vis-a-vis the commitments. This will be used for measuring and rewarding higher levels of performance of the various units and development planning of all personnel in all levels. 10. For non school-based personnel, the RPMS shall provide for an objective and verifiable basis for rating and ranking the performance of units and individual personnel in view of the granting of the Performance-Based Bonus (PBB) starting 2015. 11. For school-based personnel, the RPMS shall be used only as an appraisal tool, which shall be the basis for training and development. The granting of PBB shall be governed by the existing PBB guidelines. 12. The Department shall adopt the RPMS framework shown in Annex B. 13. The DepEd RPMS shall follow the four-stage performance management system cycle as prescribed by the CSC: i. Performance planning and commitment (Phase I); ii. Performance monitoring and coaching (Phase II); iii. Performance review and evaluation (Phase III); and iv. Performance rewarding and development planning (Phase IV). V. Performance Cycle/Process 14. The RPMS shall align the performance targets and accomplishments with the Department’s mandate, vision, mission and strategic goals. It shall ensure 100% results orientation vis-a-vis the planned targets. On the other hand, the ratee’s demonstration of the required competencies shall be monitored for developmental purposes only. 15. The RPMS cycle shall cover performance for one whole year. All school-based personnel shall follow a performance cycle starting in April of the current year and ending in March of the following year; while non school-based personnel shall follow a performance cycle starting in January and ending in December. Annexes C and D illustrate the performance cycles which shall apply to school-based and non school-based personnel, respectively. 16. The performance planning and commitment shall be done prior to the beginning of the performance cycle; while the performance monitoring and coaching shall take place immediately after Phase I, and continue throughout the performance cycle. The performance review and evaluation, as well as the performance rewarding and development planning shall be done at the end of the performance cycle. A. Phase I: Performance Planning and Commitment 17. The performance planning and commitment shall be done prior to the start of the performance cycle where the rater meets with the ratee to discuss and agree on the following: i. Office KRAs, Objectives and Performance Indicators as anchored to the overall organizational outcomes; and ii. Individual KRAs, Objectives and Performance Indicators as anchored to the Office KRAs and Objectives. 18. The Office Performance Commitment and Review Form (OPCRF) shall be accomplished by the head of office to reflect the Office KRAs, Objectives and Performance Indicators. The head of office, in coordination with the Planning Office, shall ensure alignment of the office plans and commitments to the overall organizational outcomes. The OPCRF shall be equivalent to the IPCRF of the head of office. A sample of the filled out OPCRF, including the instructions for accomplishing the form, is shown in Annex E. 19. The Individual Performance Commitment and Review Form (IPCRF) shall be accomplished by the individual personnel to reflect the agreed Individual KRAs, Objectives and Performance Indicators. A sample of the filled out IPCRF, including the instructions for accomplishing the form, is shown in Annex F. 20. Defining the Key Result Areas. The head of office, in coordination with the Planning Office, shall define the office KRAs as anchored on the overall organizational outcomes. The rater and the ratee shall discuss and agree on the break down of the office KRAs into individual KRAs. Three (3) to five (5) KRAs shall be defined for each office and individual employee. KRAs are broad categories of general outputs or outcomes. It is the mandate or function of the office and/or individual employee. The KRA is the reason why an office and/or job exist. It is an area where the office and/or individual employee are expected to focus on. 21. Setting the Objectives. The head of office shall set three (3) objectives per office KRA. The rater and the ratee shall discuss and agree on three (3) objectives per individual KRA. Objectives are specific tasks, which an office and/or employee need to do to achieve their specific KRAs. In objective setting, the SMART criteria, which stands for Specific, Measurable, Attainable, Relevant, Time Bound, shall be applied. The SMART criteria are illustrated in Annex G. 22. Setting the Timeline. The timeline shall define the target date for accomplishing each of the Objectives. The timeline for the office Objectives shall be set by the head of office in coordination with the Planning Office and School Planning Team; while the timeline for the individual Objectives shall be discussed and agreed by the rater and the ratee. 23. Assigning the Weight. Assigning of weights shall be done per KRA. Weights for each office KRA shall be assigned by the head of office in coordination with the Planning Office; while the weights for each of the individual KRAs shall be discussed and agreed upon by the rater and the ratee. 24. Identifying the Performance Indicators. Using a five (5)-point rating scale, the head of office shall identify a performance indicator for each of the office objectives, while the rater and the ratee shall identify and agree on the performance indicator for each of the individual objectives. Performance indicators are exact quantification of objectives expressed through rubrics. They are assessment tools, which gauge whether a performance is positive or negative. In identifying the performance indicator, the operational definition or meaning of each numerical rating shall be indicated under each relevant dimension (i.e., quality, efficiency, or timeliness) per performance target or success indicator. This shall ensure that the rating is objective, impartial and verifiable. Table 1 below discusses the performance measures by which the indicator must satisfy. Table 1. Performance Measures CATEGORY DEFINITION Effectiveness/Quality The extent to which actual performance compares with targeted performance. The degree to which objectives are achieved and the extent to which targeted problems are solved. In management, effectiveness relates to getting the right things done. Efficiency The extent to which time or resources is used for the intended task or purpose. Measures whether targets are accomplished with a minimum amount or quantity of waste, expense, or unnecessary effort. Timeliness Measures whether the deliverable was done on time based on the requirements of the rules and regulations, and/or clients/stakeholders. Time-related performance indicators evaluate such things as project completion deadlines, time management skills and other time-sensitive expectations. Some Performances are only rated on quality and efficiency, some on quality and timeliness, and others on efficiency only. You need not use all three (3) categories. 25. Demonstration of Competencies. During Phase I, the rater shall discuss with the ratee the competencies required of the individual personnel. Competencies are defined as the knowledge, skills and behavior that individuals demonstrate in achieving one’s results. Competencies shall uphold the DepEd’s core values. They represent the way individuals define and live the values. 26. DepEd shall adopt four classes of competencies as follows: i. Core behavioral competencies are competencies, which cut across the organization; ii. Leadership competencies are competencies intended for managerial positions; a. Third level officials b. Chiefs and Assistant Chiefs c. School Heads and Department Heads iii. Staff Core Skills are competencies intended for staff and teaching-related personnel; and iv. Teaching competencies are competencies intended for teachers. The DepEd-required competencies are illustrated in Annex I. 27. The ratee’s demonstration of the required competencies shall be monitored to effectively plan the interventions needed for behavioral and professional development. The assessment in the demonstration of competencies shall not be reflected in the final rating. 28. Reaching Agreement. Once the office and individual KRAs, Objectives and Performance Indicators are clearly defined, the rater and the ratee shall commit and reach an agreement by signing the OPCRF and IPCRF. The signed/approved OPCRF and IPCRF shall be the basis for monitoring and assessment, which shall take place in Phases II and III, respectively. B. Phase II: Performance Monitoring and Coaching 29. The performance monitoring and coaching shall commence after the rater and the ratee commit on the KRAs, Objectives and Performance Indicators, and sign the OPCRF and IPCRF. This shall be done throughout the year. 30. The two (2) main components of Phase II are the following: i. Performance monitoring; and ii. Coaching and feedback. 31. Performance monitoring shall provide key inputs and objective basis for rating. It shall facilitate feedback and provide evidence of performance. Performance monitoring shall be the responsibility of both the rater and the ratee who agree to track and record significant incidents through the use of the Performance Monitoring and Coaching Form (PMCF) shown in Annex J. Significant incidents are actual events and behaviors in which both positive and negative performances are observed and documented. 32. Coaching and feedback shall be a continuous process. Coaching and feedback shall be provided by the rater and/or shall be sought by the ratee to improve work performance and behavior. The rater, as the coach or mentor of the ratee, playing a critical role in the performance monitoring and coaching, shall provide an enabling environment and intervention to improve the office performance and to manage and develop individual potentials. 33. The PMCF shall capture the significant incidents. It shall provide a record of demonstrated behaviors, competencies and performance, and shall be an effective substitute in the absence of quantifiable data. The rater and the ratee shall sign each significant incident recorded in the PMCF to ensure that agreement has been reached. C. Phase III: Performance Review and Evaluation 34. The performance review and evaluation shall be done at the end of the performance cycle to assess the office and individual employee’s performance level based on the commitments and measures as contained in the signed OPCRF and IPCRF. 35. A mid-year review is prescribed to determine the progress in achieving the Objectives. In exceptional cases, and only if the situation warrants, a one-time recalibration of office and individual Objectives shall be allowed during the mid-year review. Exceptional cases shall include instances when high level decisions are taken into effect such as changes in strategic directions, and circumstances beyond the control of the ratee such as natural and/or man-made calamities, including typhoon, earthquake and other fortuitous events. During the mid-year review, the rater shall inform in writing the ratee of the status of performance, in case of an Unsatisfactory or Poor performance. Coaching, feedback and appropriate interventions shall be provided where necessary. 36. The RPMS shall put premium on KRAs towards the realization of organizational vision, mission, strategic priorities and the OPIF logframe. Hence, rating for planned and/or intervening tasks shall always be supported by reports, documents or any output as proofs of actual performance. In the absence of said bases or proofs, a particular task shall not be rated and shall be disregarded. 37. Office and Individual Performance Assessment. The head of office, in coordination with the Planning Office, shall assess the performance of the office vis-a-vis the committed targets at the beginning of the performance cycle. The rater and the ratee shall discuss and agree on the individual assessment based on the actual accomplishments of each of the KRAs and Objectives. The final rating shall be based solely on the accomplishment of the specific objectives as measured by the Performance Indicators. The OPCRF and IPCRF shall be accomplished and completed by the rater and the ratee to: i. Reflect actual accomplishments and results; ii. Rate each of the objectives; iii. Compute for the score per objective; iv. Determine the overall rating for accomplishments; v. Reach an agreement; and vi. Assess the competencies. 38. Initial self-rating shall be encouraged prior to the rater-ratee discussion. 39. Third Level Officials, as heads of offices, shall accomplish the OPCRF for submission to the Planning Office. The individual assessment of Third Level Officials shall be contained in the CESPES Forms for submission to the Career Executive Service Board (CESB). The BHROD and Personnel Division shall be furnished a copy of both forms. 40. Actual Results. The rater and the ratee shall discuss and agree on the actual accomplishments and results based on the performance commitments and measures made at the beginning of the rating period. They shall evaluate each objective whether it has been achieved or not. The significant incidents as reflected in the PMCF shall be considered for the actual results. 41. Rating the Objectives. Based on the actual accomplishments and results, each of the Objectives shall be rated using the rating scale specified below: Table 2. The RPMS Rating Scale NUMERICAL RATING ADJECTIVAL RATING DESCRIPTION OF MEANING OF RATING 5 Outstanding Performance represents an extraordinary level of achievement and commitment in terms of quality and time, technical skills and knowledge, ingenuity, creativity and initiative. Employees at this performance level should have demonstrated exceptional job mastery in all major areas of responsibility. Employee achievement and contributions to the organization are of marked excellence. 4 Very Satisfactory Performance exceeded expectations. All goals, objectives and targets were achieved above the established standards. 3 Satisfactory Performance met expectations in terms of quality of work, efficiency and timeliness. The most critical annual goals were met. 2 Unsatisfactory Performance failed to meet expectations, and/or one or more of the most critical goals were not met. 1 Poor Performance was consistently below expectations, and/or reasonable progress toward critical goals was not made. Significant improvement is needed in one or more important areas. The final assessment shall correspond to the adjectival description of Outstanding, Very Satisfactory, Satisfactory, Unsatisfactory or Poor. The range of adjectival rating is as per attached in Forms A, B, and C. 42. Process for Computing the Score per KRA. i. The rater and ratee shall ensure that each KRA has been assigned weight according to priority. ii. As an option, the rater and ratee may assign weights to objectives which shall be equal to the total weight assigned to a particular KRA. KRA 1 – Weight assigned is 40% Objective 1 is 20% Objective 2 is 10% Objective 3 is 10% iii. The score per KRA shall be computed using the following formula: 43. Plus Factor. The plus factor shall be considered as another KRA. These are value adding accomplishments, which are not covered within the regular duties and responsibilities. The weight on the plus factor shall not exceed the weight of the highest mandated KRA. For teachers, the plus factor shall be limited to work/activities, which contribute to the teaching-learning process. 44. Determining the Overall Rating for Accomplishments. The overall rating/assessment for the accomplishments shall fall within the following adjectival ratings and shall be in three (3) decimal points: Table 3. Adjectival Ratings RANGE ADJECTIVAL RATING 4.500-5.000 Outstanding 3.500-4.499 Very Satisfactory 2.500-3.499 Satisfactory 1.500-2.499 Unsatisfactory below 1.499 Poor 45. Reaching Agreement. Upon determining the overall rating for the actual accomplishments and results, the rater and the ratee shall reach an agreement by signing the OPCRF and IPCRF. The average rating of individual staff members should not go higher than the collective performance assessment of the office. 46. Assessing the Competencies. The rater shall discuss with the ratee the set of competencies observed during the performance cycle. The competencies shall not be reflected in the final rating. Competencies shall be monitored for developmental purposes. In evaluating the individual’s demonstration of competencies, the rating scale in Table 4 shall apply: Table 4. The DepEd Competencies Scale SCALE DEFINITION 5 Role model 4 Consistently demonstrates 3 Most of the time demonstrates 2 Sometimes demonstrates 1 Rarely demonstrates 5 (role model) – all competency indicators 4 (consistently demonstrates) – four competency indicators 3 (most of the time demonstrates) – three competency indicators 2 (sometimes demonstrates) – two competency indicators 1 (rarely demonstrates) – one competency indicator D. Phase IV: Performance Rewarding and Development Planning 47. The results of the performance review and evaluation shall be used in performance rewarding and development planning. This phase shall be done after Phase III. 48. The rater shall discuss and provide qualitative comments, observations and recommendations in the individual employee’s performance commitment, competency assessment and significant incidents which shall be used for training and professional development. These can be written under the strengths and development needs column of the Part IV-Development Plans of the IPCRF. 49. The rater and the ratee shall identify and discuss the individual’s strengths and development needs, and reflect them in the Part IV-Development Plans of the IPCRF. The competencies which the ratee demonstrated consistently and the areas, where the ratee meet or exceed expectations shall be referred to as the ratee’s strengths. The competencies, which the ratee rarely demonstrates and the areas where the ratee has room for improvement and has not met the expectations, shall be identified as the ratee’s development needs. Make a situational SOLO-based questions in the context of school leadershipChapter 7 - Review Data and Decision Making *Glow bus due at midnight, name and student number: answer questions using content in class People have created wonderful things for centuries, and management Management can be traced as far back as 500 bc when the ancient Sumerians used written records to improve government and business activities Why is it important to lean from the past Not to repeat our mistakes Classical management approaches Scientific management Administrative Principles Bureaucratic organisation Behavioural Management Approaches Follett’s Organizations as communities The Hawthorne studies Maslow’s theory of human needs Mcgregor’s Theory x and Theory Y Argyris Personality and organisation Modern Management foundations Organises as systems Contingency thinking Quality management Quantitative and analysis and tools Evidence-based management Contributions Frederick Taylor - Father of Scientific management He noticed that workers often did their jobs with wasted motions and without a constant approach. His resulted in inefficiency and low performance He believed the problem could be fixed if workers were taught to do their jobs in the best ways and ten were helped and guided by supervisors Four guiding principles of scientific management Rules of motion, standardized work and proper working conditions Select workers with the right abilities Train workers and give them incentives Support workers by planning and smoothing the way as they do their work Frank and Lillian Gilbreth Pioneered use of motitono studies as a management tool In one famous case, the gilbreaths cut down the number of motions used by bricklayers adn tripled their productivity Contributions from scientific management Make results-based compensation a performance incentive Carefully design jobs with efficient work methods Carefully select workers with the ability to perform the job Trian workers to execute activities to the best of their abilities Train supervisors to support workers so they can perform jobs to the best of their abilities Classical Management Adiminstative principle (Henro Fayol) 1919, after a career in French industry, Henri F published “adminisration Industrielle et Generale” (General and industrial management) in which we out like his views on the management of organiztion and workers Rules and duties in management Foresight - to complete a plan of action for the future Organization - To provide and mobilize resources to implement the plan Common- to lead, select and evaluate workers to get the best work toward the plan Coordination- to fit diverse efforts together and ensure information is shared and problems solved Control- to make sure things happen according to plan and to take necessary corrective action Classical management Bureacratic organiztion (Max Weber) Max weber (Bureaucrativ organization) - late 19th century German political economist who had a major impact in the fields of management and sociology Bureaucratic Organization An ideal, intentionally rational adn very efficient form of organization Based on the principles of logic, order and legitimate authority Characteristics of BO Clear division of labour Clear hierarchy of authority Formal rules and procedure Impersonality Careers based on merit What are some disadvantages of bureaucracy Takes a long time for problems to become solved bec there are procedures and there is a chain of people in command Having the power Rules have to follow Excessive paperwork or “red tape” Slowness in handling problems Rigidity in the face of shifting needs Resistance to change Employee apathy Behavioural Management Approaches (focus on understanding the elements that affect human behaviour in organisations) Follett’s Organizations as communites Mary park follett contributed to the transition from classical thinking inot behavioural management Groups and human cooperation Groups allow individuales too combine their talents for a greater good Organizations are cooperating “communites” of managers adn workers Managers job is to help people copperate and achive an integration of goals and intrests Forward-looking managment insight: Making every emploee an owner creates a sense of collective responsibility Prescursor of employrr ownership, profit sharing and gain sharing Buniess problems invovle a varity of inter realted factors Prescursor of systems thinking Private profits realtive to public good Precursor of managerial ethics and social respinsibility Hawthorne studies Took place at western electric chicago plan, a tran led by Harvards Elton Mayo set out to learn how econmic incentives and workplace conditions affected workers output Maing objective Intial study examined how ecomoin incentives adn physical conditions affected worker output (productivity) No consistent relationship found During experientmetn they had 2 groups The expertiant groups (impoved wokring ocnditions ) The control group ( no changes to original working conidtions) No consitant relationship found, perfomance in both groups increased even after removing incentives Social setting and human relations Concluded New “social setting” led workers to do good job Good “Human relations” = higher productivity The contect - The Great Depression (1929-1940) Employee attitudes and groups processes Osme thinsf satisifed some workers but not others People resticited output to adhere to groups norms (Avoid layoffs) Lessons from he hawthrone stufirs Social and human concerns are keys to prductivity Hawthrone effect - People who are singled out for special attention perform as expected Maslow’s Theory of human needs Human needs The work of psychologist Abraham Maslow in the area if human “needs,” also has had a major impact in the behavioual apporach to management Maslow’s hierarchy of human needs Self actualization needs Higherst level: need foe self fulfillment to grow and use abilites to fullest and most creative extent Esteem needs Needs fro esteem in eyes of others need for respect, prestige, recognition; need for self esteem, personal sense of competence, mastery Social needs Need for love, affection, sense of belongingness in ones relationship either other people Safett needs Need for security, protection and stability in teh events of day to day life Physiological needs Most basic of all human needs: need for biological maintence; food, water and phydical well being Principles Defict principle: A satidifed need is not a motivator of behaviour Progress principles: A need becomes a motivator once the preceding lower-level need is satisfied Both principles cease to operate at self actulilzation level McGregor’s Theories Thepry x assumes that workers; Dislike work Lack ambition Are irresponsible Resist change Prefer to be led Theoyry y assumes that workers are Willing to work Willing to accept responsibility Capable of self control Capable of self direction Imaginative and creative According to McGregor, Managers create: Self fulfilling prophecies Implications of Theory x and y Theory x managers: Create situations where workers become dependent, passive and reluctant Theory y managers create situations where workers respond with initiative and high performance Central to notions of empowerment and self management Argyris’s theory of adult personality Classical management principles and practices inhibit worker maturation and are inconsistent with the mature adult personality Management practices should accommodate the mature personality: Increasing task responsibility Increasing task variety Using participative decision making Modern Management Foundation Quantitative analysis and Tools Analytics: the use of large data bases and mathematics to solve problems and make informed decision using systematic analysis Organization as systems System Collection of interrelated parts that function together to achieve a common purpose Subsystem A smaller component of a larger system Open systems Organisations that interact with their environment Contingency thinking Tires to maths managerial responses with problem (situation) No “one best way” to manage The “appropriate way to to manage depends on the situations Quality management Qality anc competitive advantafe are linked Total quality managment (TQM) Comprehensive approach to contiou impovment on teh entire organization ISO certification Gloval quality management standards Refine and upgrade quality to meet ISO requirments Evidednce Based Managment Making management decision on “hard facts” about what really works The advantage of direct method is that the teacher can control the class and fit in a lot of activity into a short class period. This leaves plenty of opportunities for the students to hone their skills, especially new ones. On the other hand, because the class is centered around the teacher, some students may not receive proper feedback, and creativity is limited. Also, the lesser talented athletes often tend to get lost in the shuffle while the great athletes shine. However, there are now a multitude of various teaching strategies that can be employed in addition to that method. Ex: Announcements, Module/Unit introductions, Descriptions/modeling of assignments and learning activities, Written or video lectures, Demonstration videos, Presentations, Discussions moderated by instructors, Interactive tutorials. Indirect Method The Indirect Teaching Style allows students to be involved in their own learning through experience and other peer’s knowledge. Students can use critical thinking to expand their learning capabilities by seeing what others may be doing correct and adjusting this to their own knowledge. The Indirect approach is the opposite of what the direct style suggests, but they are both strictly related, meaning you can’t have one without the other. Direct teaching: The instructor stands in front of the class or group and lectures or advises. Indirect teaching: The instructor assumes a more passive role and guides the student interactions. Movement exploration: Incorporates the use of equipment that involves movement. Movement Exploration The movement exploration class is founded on developing a strong, positive association to physical activity. Classes are aimed at developing movement skills and foundational strength through fun and engaging activities. The activities are age appropriate and include games, challenges, and exploration that positively challenge children’s competency while improving their physical capabilities. Skills such as the ability to climb, hold animal shapes, gymnastic style activities, and the introduction to athletic motor skill competencies are the foundations to youth training. This class provides the introduction to strength training to give children the opportunity to learn the skills required to safely and confidently engage in resistance training. Cooperative Skills Cooperative activities teach students to work together for their group's common good. By participating in these activities, students can learn the skills of listening, discussing, thinking as a group, group decision making, and sacrificing individual wants for the common good. There are two primary objectives guiding the teaching of cooperative activities. First, cooperative activities allow students to apply a variety of fundamental motor skills in a unique setting. Students are typically asked to perform motor skills in a specific way, such as “skip in general space” or “balance on one foot and one elbow.” Cooperative activities ask students to perform different activities such as skip with their hands on the shoulders of someone in front of them, walk with big steps while placing their feet on small spots, or walk across an area blindfolded while someone directs their moves. Due to the uniqueness of such experiences, students often find cooperative activities exciting and motivating. Second, cooperative activities are a wonderful medium for teaching social and emotional learning (SEL). SEL offers students an opportunity to understand and manage their emotions. In addition, such activities offer an opportunity to show empathy for others and develop positive relationships. Cooperative activities demand that all students play a role in completing the task or solving the movement problem. Every student, regardless of ability level, is important and contributes to group goals. 9 traits a PE teacher often needs Here are nine essential traits of an effective PE teacher: 1. Athletic ability Athletic ability is an essential trait for a PE teacher because they're often showing kids how to perform exercises. To demonstrate proper form and encourage the kids to continue their fitness education, it's important they can perform the exercises themselves. Having experience with fitness training can enhance a PE teacher's lesson planning because they're familiar with how each exercise affects a person's body. Athletic ability can also refer to an aptitude for sports and games. PE teachers can instruct students on how to play these games or lead after-school activities involving them, like soccer or basketball. An aptitude for sports and games can help a PE teacher encourage students to participate in the activities during class. If the PE teacher enjoys physical activity, they may make the lessons more enjoyable for the student. 2. Teaching ability A PE teacher is a member of a school faculty, so it's essential they have the teaching ability that allows them to communicate lessons to students. There are various skills involved in teaching, including the technical capabilities associated with each professional's particular field. Learning these skills can help PE teacher plan their lessons effectively and connect with their students, meaning they can encourage students to practice fitness skills in optimal ways for their health. Here are some important teaching skills for PE teachers: Having an engaging classroom presence Real-world learning Project building Lesson planning Technology 3. Interpersonal skills PE coaches are part of faculty teams, so working alongside other teachers is an essential part of their job. They often collaborate with a student's general education teacher to address any behavioral issues that arise. They can also team up with other classes to plan activities for students, like field days and special field trips. Communicating with peers can ensure these interactions remain productive and create opportunities for more fulfilling lessons. Teachers can also model emotional skills for their students by displaying positive social interactions. Interpersonal skills can also help PE teachers interact with students and their families. If a student can make a student feel comfortable expressing their needs and preferences, they can often perform physical exercises or play games to the best of their individual capacities. Understanding how to soothe nerves and support students' emotional needs are important examples of interpersonal skills. When interacting with family members, you may use some of these same techniques to communicate effectively and best uplift students. 4. Written and verbal communication Both verbal and written communication is important for PE teachers because they often communicate with students, families and various personnel on a day-to-day basis. For example, a PE teacher uses their communication skills in a lesson plan to describe any student assignments or expectations accurately. They may also write instructions in a document, then explain them in a classroom lecture. They also use communication skills to share their lesson plans with other PE teachers during conferences or classroom development exercises. Many teachers continue to learn their trade even after working as a teacher for many years. They may share tips with each other or special lessons they've developed if they feel another teacher may benefit from it. Creating a community can help PE teachers continue to expand their teaching methodology and receive feedback on their lessons. 5. Patience and adaptability Working with children can require patience and adaptability because they're encountering many new concepts at the same time and learning how to regulate their emotions. As a result, it's important to treat them with patience and care while they're in your class so they can feel comfortable and feel motivated to complete assignments. As children become teenagers, they may require patience and adaptability to account for their changing bodies and attention spans. Like any job where you perform tasks in real-time, certain circumstances may occur that require you to adapt lesson plans. For example, if the weather turns from sunshine to rain on a day you planned for students to run a mile outside, you may need to adapt the lesson plan so they can practice endurance sports inside a gymnasium instead. 6. Organization PE teachers can use organization skills to improve their lesson planning sessions. For example, they can keep their plans in one place, and determine which parts of a semester or quarter to introduce new concepts. Throughout the year, these objectives may change because of unforeseen setbacks, but organizational skills can help PE teachers control the trajectory of their class curriculum. PE teachers can also use organizational skills to maintain their classroom space. Physical education frequently requires balls, equipment and tools to play games that may be on a lesson plan. They also organize equipment and decide where to store it within their classroom or storage space. 7. Creativity Creativity can help a PE teacher develop fun ways to introduce new material to their students or reinforce previous lessons. They can teach new games or devise interesting ideas to change the rules of a game to help keep students engaged. To find inspiration for their lesson plans, they can turn to personal hobbies or media aspects they enjoy, like movie scenes, songs or dances. A varied lesson plan can foster more engagement among students who prefer action- based learning activities, rather than lectures. 8. Focus Focus is an essential trait of a PE teacher because students often require their full attention during class, especially if they're learning a complicated physical task. You can focus your lesson plans around specific elements of physical education you believe are essential for students of a certain age group or skill level. If students require mentorship, you can also focus on each student's needs to supply them with a steady support system. Focusing on your students can help guide your career purpose. It can give you a core value system that informs your lesson plans and mentorship activities. This passion for your student's well-being can also help you become an advocate for each student in your class. You can also help organize funding for different field trips or establish after-school activities to support their interests. 9. Enthusiasm for teaching sports and fitness Enthusiasm is essential for a PE teacher. Many physical education activities require high energy and may suit someone who enjoys teaching them to others. Being an effective PE teacher also requires an enthusiasm for working with kids and making a positive impact on their lives.How is personal data collected? There are several ways that an unauthorised person can try and collect your data. These include: •phishing •smishing •vishing •pharming. Phishing Phishing is when a person sends a legitimate looking email to a user. The email contains a link to a website that also looks legitimate. The user is encouraged to click the link and to input personal data into a form on the website. The email could also simply ask the user to reply to the email with their personal data. The user is tricked into giving their personal data to a source that they believe is legitimate. However, both the email and the linked website are from a fake unauthorised source. The personal data that is input is then collected by an unauthorised person. This person can then use this data for criminal acts, for example, to commit fraud or steal the person's identity. Intimidation has become a common feature of phishing emails, threatening the user that they must click the link and rectify a situation immediately, or there will be a further issue. The aim of a phishing attack is to steal the user's personal data. Figure 5.1: Phishing. A real-life example of phishing PayPal have been the subject of several different phishing emails. Users receive an email that looks as though it has been sent from PayPal, as it has the PayPal branding. The email normally warns of an issue such as unexpected activity on their account, or that some kind of verification of their account is required. The user is then asked to click a link to log into their account and resolve the issue. The link takes them to a webpage that looks like the PayPal login page. If the user inputs their login details into this page, they will not be taken to their account. It is often at this stage that the user may realise that the email and webpage are fake. However, they have already given the unauthorised person their PayPal login details. Figure 5.2: An example of a phishing email claiming to be from PayPal. How to recognise phishing There are several guidelines to be aware of regarding emails to avoid being subjected to phishing. These include: •Don't even open an email that is not from a sender that you recognise or a trusted source. •Legitimate companies will never ask you for your personal data using email. Be immediately suspicious of any email that requests your personal data. •Legitimate companies will normally address you by your name. Be suspicious of any email that addresses you as ‘Dear Member' or ‘Dear Customer'. •Legitimate companies will send an email that uses their domain name. If you hover your mouse over the sender's name, it will show the email address that the email is sent from. If this does not look legitimate, for example, does not contain the correct domain name, then it is probably fake. For example, if the sender's email is user@paypal1.com rather than user@paypal.com, this is from an incorrect domain name. •Legitimate companies are protective of their professional reputation and thoroughly check any communications. They will make sure that all information given is grammatically and correctly spelt. Be suspicious of any email that contains bad grammar or spelling mistakes. •A link in an email from a legitimate company will also normally contain the domain name of the company. You can sometimes hover over the link, or right click and inspect the link, to see the address of the URL that is attached. If the URL does not contain the domain name, or also contains typical errors such as spelling mistakes, then be suspicious of this. PRACTICAL ACTIVITY 5.02 Ask a friend or a member of your family if they have ever received an email that they believed was a phishing email. Ask them how they identified it was phishing. Ask them if they know all of the given guidelines for identifying phishing emails. Smishing Smishing (or SMS phishing) is a variant of phishing that uses SMS text messages to lure the user into providing their personal details. The user is sent an SMS text message that either contains a link to a website, in the same way that phishing does, or it will ask the user to call a telephone number to resolve an urgent issue. The same advice can be followed for smishing as given for phishing. The user must question at all times any links that are sent from an unknown or suspicious user. It is advisable that if a user believes the message may be legitimate, to type in the domain name for the legitimate company website into their web browser, rather than following the link in the message. Users should block any numbers that they believe are suspicious to prevent any further risk of smishing from that number. Figure 5.3: Smishing. Vishing Vishing (or voice phishing) has the same aim as phishing, to obtain a user's personal details. The user receives a telephone call that could either be an automated system or could be a real person. An automated voice could speak to the user and advise them that an issue has occurred, such as there has been suspicious activity regarding their bank account. The user may then be asked to call another number, or just to simply press a digit and be directed to another automated system. This system will ask them to provide their bank account details to resolve the issue. The bank account details have then been obtained by the unauthorised user and can be used to commit a crime against the user. The automated system could be replaced by a real person who will try to do the same thing. They will try to convince the user that there has been an issue with an account they have and to provide the log-in details or PIN for the account to verify who they are so the issue can be resolved. The precaution to take for vishing is that no company will ever call you and ask you to provide any log-in details or PIN details over the telephone. They may ask you to provide other personal information, and if you are in doubt that the person on the other end of the phone is legitimate, it is always advisable to put the phone down and call the company back on a legitimate number that you may already know or can obtain. Figure 5.4: Vishing. Pharming Pharming is when an unauthorised user installs malicious code on a person's hard drive or server. The malicious code is designed to redirect a user to a fake website when they type in the address of a legitimate one. The fake website is designed to look like the legitimate one, to trick the user and make sure they are not aware that their request has been redirected. The user will then enter their personal details into the fake website, believing it is the legitimate one, and the unauthorised person will now have their personal data. A common technique used in pharming is called domain name server (DNS) cache poisoning. This technique exploits vulnerabilities in the DNS and diverts the internet traffic intended for a legitimate server toward a fake one instead. The unauthorised user needs to find a way to install the malicious code on the computer. They often hide the malicious code in an email attachment or link. When the user opens the email attachment or clicks the link, the malicious code is downloaded also. Figure 5.5: Pharming. The aim of a pharming attack is also to steal a user's personal data. A real-life example of pharming In 2007 50 different companies all over the world were subject to a pharming attack, these included PayPal, eBay, Barclays bank and American Express. Over a three-day period, hackers managed to infect over 1000 PCs a day with a malicious pharming code. When users who had been infected visited the websites of the different companies, they were redirected to a legitimate-looking version of the site that was designed to steal their personal data. The original email, containing the malicious code, was set up to look like a shocking news story. Users were encouraged to click a link in the email to find out more information. The code was downloaded when the user clicked the link. This was quite a sophisticated attack that required legitimate looking websites to be set up for a large number of companies. It is not known how much money the hackers were able to retrieve as a result. How to prevent pharming All of the guidelines to avoid being subjected to phishing are also relevant for recognising pharming. There are also several other precautions that can be taken to check for pharming attacks. These include: •Have a firewall installed and operational. A firewall monitors incoming and outgoing traffic from your computer. It checks this traffic against set criteria and will flag and stop any traffic that does not meet the criteria. A firewall could detect and block suspicious traffic, such as a malicious code trying to enter your system. •Have an anti-virus program installed that is designed to detect malicious pharming code. You need to scan your computer on a regular basis to check for any malicious code. It is advisable to set up an automatic scan on a daily basis at a time when your computer will normally be switched on. •Be aware when using public Wi-Fi connections. A hacker could look to directly access your computer and install the malicious code if you are connected to a public Wi-Fi connection. It is often advisable to use a VPN when using public Wi-Fi. This will help shield your internet activity and personal details from a hacker, making it more difficult for them to access your computer. Smishing can also be used as a form of pharming. A user is sent a link, that when they click is designed to download malware onto their mobile device. Therefore, it is advisable to have security software installed on your mobile and also scan it regularly to detect any presence of malware.Multiple Choice Questions A6. You’ve hired a third-party to gather information about your company’s servers and data. The third-party will not have direct access to your internal network but can gather information from any other source. Which of the following would BEST describe this approach? ❍ A. Backdoor testing ❍ B. Passive footprinting ❍ C. OS fingerprinting ❍ D. Partially known environment A7. Which of these protocols use TLS to provide secure communication? (Select TWO) ❍ A. HTTPS ❍ B. SSH ❍ C. FTPS ❍ D. SNMPv2 ❍ E. DNSSEC ❍ F. SRTP A8. Which of these threat actors would be MOST likely to attack systems for direct financial gain? ❍ A. Organized crime ❍ B. Hacktivist ❍ C. Nation state ❍ D. Competitor A9. A security incident has occurred on a file server. Which of the following data sources should be gathered to address file storage volatility? (Select TWO) ❍ A. Partition data ❍ B. Kernel statistics ❍ C. ROM data ❍ D. Temporary file systems ❍ E. Process table Quick Answer: 33 The Details: 43 Quick Answer: 33 The Details: 44 Quick Answer: 33 The Details: 45 Quick Answer: 33 The Details: 46 6 Practice Exam A - Questions A10. An IPS at your company has found a sharp increase in traffic from all-in-one printers. After researching, your security team has found a vulnerability associated with these devices that allows the device to be remotely controlled by a third-party. Which category would BEST describe these devices? ❍ A. IoT ❍ B. RTOS ❍ C. MFD ❍ D. SoC A11. Which of the following standards provides information on privacy and managing PII? ❍ A. ISO 31000 ❍ B. ISO 27002 ❍ C. ISO 27701 ❍ D. ISO 27001 A12. Elizabeth, a security administrator, is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method of data exfiltration? ❍ A. Create an operating system security policy to prevent the use of removable media ❍ B. Monitor removable media usage in host-based firewall logs ❍ C. Only allow applications that do not use removable media ❍ D. Define a removable media block rule in the UTM Quick Answer: 33 The Details: 47 Quick Answer: 33 The Details: 48 Quick Answer: 33 The Details: 49 Practice Exam A - Questions 7 A13. A CISO (Chief Information Security Officer) would like to decrease the response time when addressing security incidents. Unfortunately, the company does not have the budget to hire additional security engineers. Which of the following would assist the CISO with this requirement? ❍ A. ISO 27701 ❍ B. PKI ❍ C. IaaS ❍ D. SOAR A14. An insurance company has created a set of policies to handle data breaches. The security team has been given this set of requirements based on these policies: • Access records from all devices must be saved and archived • Any data access outside of normal working hours must be immediately reported • Data access must only occur inside of the country • Access logs and audit reports must be created from a single database Which of the following should be implemented by the security team to meet these requirements? (Select THREE) ❍ A. Restrict login access by IP address and GPS location ❍ B. Require government-issued identification during the onboarding process ❍ C. Add additional password complexity for accounts that access data ❍ D. Conduct monthly permission auditing ❍ E. Consolidate all logs on a SIEM ❍ F. Archive the encryption keys of all disabled accounts ❍ G. Enable time-of-day restrictions on the authentication server Quick Answer: 33 The Details: 50 Quick Answer: 33 The Details: 51 8 Practice Exam A - Questions A15. Rodney, a security engineer, is viewing this record from the firewall logs: UTC 04/05/2018 03:09:15809 AV Gateway Alert 136.127.92.171 80 -> 10.16.10.14 60818 Gateway Anti-Virus Alert: XPACK.A_7854 (Trojan) blocked. Which of the following can be observed from this log information? ❍ A. The victim's IP address is 136.127.92.171 ❍ B. A download was blocked from a web server ❍ C. A botnet DDoS attack was blocked ❍ D. The Trojan was blocked, but the file was not A16. A user connects to a third-party website and receives this message: Your connection is not private. NET::ERR_CERT_INVALID Which of the following attacks would be the MOST likely reason for this message? ❍ A. Brute force ❍ B. DoS ❍ C. On-path ❍ D. Disassociation A17. Which of the following would be the BEST way to provide a website login using existing credentials from a third-party site? ❍ A. Federation ❍ B. 802.1X ❍ C. PEAP ❍ D. EAP-FAST Quick Answer: 33 The Details: 53 Quick Answer: 33 The Details: 54 Quick Answer: 33 The Details: 55 Practice Exam A - Questions 9 A18. A system administrator, Daniel, is working on a contract that will specify a minimum required uptime for a set of Internet-facing firewalls. Daniel needs to know how often the firewall hardware is expected to fail between repairs. Which of the following would BEST describe this information? ❍ A. MTBF ❍ B. RTO ❍ C. MTTR ❍ D. MTTF A19. An attacker calls into a company’s help desk and pretends to be the director of the company’s manufacturing department. The attacker states that they have forgotten their password and they need to have the password reset quickly for an important meeting. What kind of attack would BEST describe this phone call? ❍ A. Social engineering ❍ B. Tailgating ❍ C. Watering hole ❍ D. On-path A20. A security administrator has been using EAP-FAST wireless authentication since the migration from WEP to WPA2. The company’s network team now needs to support additional authentication protocols inside of an encrypted tunnel. Which of the following would meet the network team’s requirements? ❍ A. EAP-TLS ❍ B. PEAP ❍ C. EAP-TTLS ❍ D. EAP-MSCHAPv2 Quick Answer: 33 The Details: 56 Quick Answer: 33 The Details: 57 Quick Answer: 33 The Details: 58 10 Practice Exam A - Questions A21. Which of the following would be commonly provided by a CASB? (Select TWO) ❍ A. List of all internal Windows devices that have not installed the latest security patches ❍ B. List of applications in use ❍ C. Centralized log storage facility ❍ D. List of network outages for the previous month ❍ E. Verification of encrypted data transfers ❍ F. VPN connectivity for remote users A22. The embedded OS in a company’s time clock appliance is configured to reset the file system and reboot when a file system error occurs. On one of the time clocks, this file system error occurs during the startup process and causes the system to constantly reboot. Which of the following BEST describes this issue? ❍ A. DLL injection ❍ B. Resource exhaustion ❍ C. Race condition ❍ D. Weak configuration A23. A recent audit has found that existing password policies do not include any restrictions on password attempts, and users are not required to periodically change their passwords. Which of the following would correct these policy issues? (Select TWO) ❍ A. Password complexity ❍ B. Password expiration ❍ C. Password history ❍ D. Password lockout ❍ E. Password recovery Quick Answer: 33 The Details: 59 Quick Answer: 33 The Details: 60 Quick Answer: 33 The Details: 61 Practice Exam A - Questions 11 A24. What kind of security control is associated with a login banner? ❍ A. Preventive ❍ B. Deterrent ❍ C. Corrective ❍ D. Detective ❍ E. Compensating ❍ F. Physical A25. A security team has been provided with a noncredentialed vulnerability scan report created by a thirdparty. Which of the following would they expect to see on this report? ❍ A. A summary of all files with invalid group assignments ❍ B. A list of all unpatched operating system files ❍ C. The version of web server software in use ❍ D. A list of local user accounts A26. A business manager is documenting a set of steps for processing orders if the primary Internet connection fails. Which of these would BEST describe these steps? ❍ A. Communication plan ❍ B. Continuity of operations ❍ C. Stakeholder management ❍ D. Tabletop exercise A27. A security administrator is concerned about data exfiltration resulting from the use of malicious phone charging stations. Which of the following would be the BEST way to protect against this threat? ❍ A. USB data blocker ❍ B. Personal firewall ❍ C. MFA ❍ D. FDE Quick Answer: 33 The Details: 62 Quick Answer: 33 The Details: 63 Quick Answer: 33 The Details: 64 Quick Answer: 33 The Details: 65 12 Practice Exam A - Questions A28. A company would like to protect the data stored on laptops used in the field. Which of the following would be the BEST choice for this requirement? ❍ A. MAC ❍ B. SED ❍ C. CASB ❍ D. SOAR A29. A file server has a full backup performed each Monday at 1 AM. Incremental backups are performed at 1 AM on Tuesday, Wednesday, Thursday, and Friday. The system administrator needs to perform a full recovery of the file server on Thursday afternoon. How many backup sets would be required to complete the recovery? ❍ A. 2 ❍ B. 3 ❍ C. 4 ❍ D. 1