Only $35.99/year

Terms in this set (84)

Complete this lab as follows:
From the Inbox of the WebEmail interface, highlight an email.
Read and explore the email and determine whether it is a legitimate email. This includes using your mouse to hover over suspicious attachments and links.
Take the appropriate action for each email:If the email is an attempt at social engineering, from the menu bar, select Delete.If the email safe, do nothing.
Repeat steps 1 through 3 for each email. The following table list the actions you should take for each email.EmailDiagnosisActionExplanation for ActionMicrosoft Windows Update CenterNew Service PackPhishingDeleteThis email has various spelling errors. The link does not direct you to a Microsoft website.Joe DavisRe: Lunch Today?Malicious AttachmentDeleteThis email appears to be from a colleague; however, why would he fail to respond to your lunch question and send you a random attachment in return?Executive RecruitingExecutive JobsWhalingDeleteWhaling uses tailored information to attack executives. Clicking the link could install malware that would capture sensitive company information. The link is pointing to a site in Germany (.de). It is suspicious that this organization would recruite executives from the USA.Human ResourcesEthics VideoSafeKeepWhile this email has an embedded link, it is digitally signed, as indicated by the green shield and checkmark. Therefore, you know it actually comes from your Human Resources department. When you hover over the link, you see that it is a secure link to the corporate web server.Online Banking DepartmentPayment PendingPhishingDeleteThis is a carefully crafted attempt to get your bank account information. Hover over the link and notice that it does not direct you to your credit union website, but to an unknown IP address. It is also very unlikely that a bank would delete your account for not verifying your information.Grandma JacklinFW: FW: FW: Virus Attack WarningHoaxDeleteAny email that asks you to forward it to everyone you know is probably a hoax. This email also contains very bad grammar.Emily SmithWeb Site UpdateSpear PhishingDeleteWhile this email appears to come from a colleague, notice that the link points to an executable file from a Russian domain name (.ru). A report file is more likely to have an extension of .pdf. .docx, .xlsx, or .txt. This probably is not a message a real colleague would send. This file will likely infect the computer with malware.Sara GoodwinWow!!Malicious AttachmentDeleteEmails with attachments from unknown people who address you as "Dear Friend" are probably not safe.Grandma JacklinFree Airline TicketsHoaxDeleteAny email that asks you to forward it to everyone you know is probably a hoax, even if the contents promise you a prize. In addition, there is no way to know how many people the email has been forwarded to. Likewise, it is very unlikely that an airline would give away that many free tickets.Human ResourcesIMPORTANT NOTICE-Action RequiredSafeKeepWhile this email appears very urgent, it doesn't ask you to click on anything or run any attachments. It does inform you that you need to go a website that you should already know and make sure your courses are complete.Activities CommitteePumpkin ContestSafeKeepThis email doesn't ask you to click on anything or run any attachments.Robert WilliamsPresentationSafeKeepThis email doesn't ask you to click on anything or run any attachments.
Complete this lab as follows:
Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter.
Create a high bandwidth usage alias.From the pfSense menu bar, select Firewall > Aliases.Select Add.Configure the Properties as follows:Name: HighBWDescription: High bandwidth usersType: Host(s)Add the IP addresses of the offending computers to the host(s) configuration as follows:Under Host(s), in the IP or FQDN field, enter 172.14.1.25.Select Add Host.In the new IP or FQDN field, enter 172.14.1.100.Select Save.Select Apply Changes.
Start the Traffic Shaper wizard for dedicated links.From the pfSense menu bar, select Firewall > Traffic Shaper.Under the Firewall bread crumb, select Wizards.Select traffic_shaper_wizard_dedicated.xml.Under Traffic shaper Wizard, in the Enter number of WAN type connections field, enter 1 and then select Next.
Configure the Traffic Shaper.Make sure you are on Step 1 of 8.Using the drop-down menu for the upper Local interface, select GuestWi-Fi.Using the drop-down menu for lower Local interface, make sure PRIQ is selected.For the upper Upload field, enter 5.Using the drop-down menu for the lower Upload field, select Mbit/s.For the top Download field, enter 45.Using the drop-down menu for the lower Download field, select Mbit/s.Select Next.
Prioritize voice over IP traffic.Make sure you are on Step 2 of 8.Under Voice over IP, select Enable to prioritize the voice over IP traffic.Under Connection #1 parameters, in the Upload rate field, enter 15.Using the drop-down menu for the top Units, select Mbit/s.For the Download rate, enter 20.Using the drop-down menu for the bottom Units, select Mbit/s.Select Next.
Enable and configure a penalty box.Make sure you are on Step 3 of 8.Under Penalty Box, select Enable to enable the penalize IP or alias option.In the Address field, enter HighBW. This is the alias created earlier.For Bandwidth, enter 2.Select Next.
Continue to step 6 of 8.For Step 4 of 8, scroll to the bottom and select Next.For Step 5 of 8, scroll to the bottom and select Next.
Raise and lower the applicable application's priority.Make sure you are on Step 6 of 8.Under Raise or lower other Applications, select Enable to enable other networking protocols.Under Remote Service / Terminal emulation, use the:MSRDP drop-down menu to select Higher priority.VNC drop-down menu to select Higher priority.Under VPN:Use the PPTP drop-down menu to select Higher priorityUse the IPSEC drop-down menu to select Higher priorityScroll to the bottom and select Next.For step 7 of 8, select Finish.Wait for the reload status to indicate that the rules have been created (look for Done).
View the floating rules created for the firewall.Select Firewall > Rules.Under the Firewall breadcrumb, select Floating.In the top right, select Answer Questions.Answer the question and then minimize the question dialog.
Change the port number used for the MSRDP outbound rule.For the m_Other MSRDP outbound rule, select the edit icon (pencil).Under Edit Firewall Rule, in the Interface field, select GuestWi-Fi.Under Destination, use the Destination Port Range drop-down menu to select Other.In both Custom fields, enter 3391.Select Save.Select Apply Changes.In the top right, select Answer Questions.Select Score Lab.
Complete this lab as follows:
Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter.
Configure an interface for the DMZ.From the pfSense menu bar, select Interfaces > Assignments.Select Add.Select OPT1.Select Enable interface.Change the Description field to DMZ.Under General Configuration, use the IPv4 Configuration Type drop-down menu to select Static IPv4.Under Static IPv4 Configuration, in the IPv4 Address field, enter 172.16.1.1.Use the subnet mask drop-down menu to select 16.Select Save.Select Apply Changes.(Optional) Verify the change as follows:From the menu bar, select pfsense COMMUNITY EDITION.Under Interfaces, verify that the DMZ is shown with the correct IP address.
Add a firewall rule to the DMZ interface.From the pfSense menu bar, select Firewall > Rules.Under the Firewall breadcrumb, select DMZ. (Notice that no rules have been created.)Under the Firewall breadcrumb, select LAN.Under the Actions column, select the copy icon (two files) for the rule with a source of LAN net.For the Action field, make sure Pass is selected.Using the drop-down menu for the Interface field, select DMZ.Under Source, use the drop-down menu to select DMZ net.Under Destination, make sure it is configured for any.Under Extra Options, change the description to Allow DMZ to any rule.Scroll to the bottom and select Save.Select Apply Changes.
Configure pfSense's DHCP server for the DMZ interface.From the menu bar, select Services > DHCP Server.Under the Services breadcrumb, select DMZ.Select Enable.Configure the Range field as follows:From: 172.16.1.100To: 172.16.1.200Scroll to the bottom and select Save.
Complete this lab as follows:
Sign in to the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter.
Create and configure a firewall rule to pass HTTP traffic from the internet to the Web server.From the pfSense menu bar, select Firewall > Rules.Under the Firewall breadcrumb, select DMZ.Select Add (either one).Make sure Action is set to Pass.Under Source, use the drop-down to select WAN net.Select Display Advanced.For Source Port Range, use the From drop-down to select HTTP (80).Under Destination, use the Destination drop-down to select Single host or alias.In the Destination Address field, enter 172.16.1.5.Using the Destination Port Range drop-down, select HTTP (80).Under Extra Options, in the Description field, enter HTTP to DMZ from WAN.Select Save.Select Apply Changes.
Create and configure a firewall rule to pass HTTPS traffic from the internet to the Web server.For the rule just created, select the Copy icon (two files).Under Source, select Display Advanced.Change the Source Port Range to HTTPS (443).Under Destination, change the Destination Port Range to HTTPS (443).Under Extra Options, change the Description filed to HTTPS to DMZ from WAN.Select Save.Select Apply Changes.
Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network.Select Add (either one).Make sure Action is set to Pass.For Protocol, use the drop-down to select Any.Under Source, use the drop-down to select LAN net.Under Destination, use the drop-down to select DMZ net.Under Extra Options, change the Description filed to LAN to DMZ Any.Select Save.Select Apply Changes.
While completing this lab, use the following information:
Create and configure the following standard remote VPN users:UsernamePasswordFull NameblindleyL3tM31nNowBrian LindleyjphillipsL3tM31nTooJacob Phillips
Complete this lab as follows:
Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter.
Start the VPN wizard and select the authentication backend type.From the pfSense menu bar, select VPN > OpenVPN.From the breadcrumb, select Wizards.Under Select an Authentication Backend Type, make sure Local User Access is selected.Select Next.
Create a new certificate authority certificate.For Descriptive Name, enter CorpNet-CA.For Country Code, enter GB.For State, enter Cambridgeshire.For City, enter Woodwalton.For Organization, enter CorpNet.Select Add new CA.
Create a new server certificate.For Descriptive Name, enter CorpNet.Verify that all of the previous changes (Country Code, State/Providence, and City) are the same.Use all other default settings.Select Create new Certificate.
Configure the VPN server.Under General OpenVPN Server Information:Use the Interface drop-down menu to select WAN.Verify that the Protocol is set to UDP on IPv4 only.For Description, enter CorpNet-VPN.Under Tunnel Settings:For Tunnel Network, enter 198.28.20.0/24.For Local Network, enter 198.28.56.18/24.For Concurrent Connections, enter 4.Under Client Settings, in DNS Server1, enter 198.28.56.1.Select Next.
Configure the firewall rules.Under Traffic from clients to server, select Firewall Rule.Under Traffic from clients through VPN, select OpenVPN rule.Select Next.Select Finish.
Set the OpenVPN server just created to Remote Access (User Auth).For the WAN interface, select the Edit Server icon (pencil).For Server mode, use the drop-down and select Remote Access (User Auth).Scroll to the bottom and select Save.
Configure the following Standard VPN users.From the pfSense menu bar, select System > User Manager.Select Add.Configure the User Properties as follows:Username: UsernamePassword: PasswordFull name: FullnameScroll to the bottom and select Save.Repeat steps 8b-8d to created the remaining VPN users.
Complete this lab as follows:
Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter.
Create a firewall rule that blocks all DNS traffic coming from the LAN.From the pfSense menu bar, select Firewall > Rules.Under the Firewall breadcrumb, select LAN.Select Add (either one).Under Edit Firewall Rule, use the Action drop-down to select Block.Under Edit Firewall Rule, set Protocol to UDP.Under Source, use the drop-down menu to select LAN net.Under Destination, configure the Destination Port Range to use DNS (53) (for From and To).Under Extra Options, in the Description field, enter Block DNS from LAN.Select Save.Select Apply Changes.
Create a firewall rule that allows all DNS traffic going to the LAN network.Select Add (either one).Under Edit Firewall Rule, set Protocol to UDP.Under Destination, use the drop-down menu to select LAN net.Configure the Destination Port Range to use DNS (53) (for From and To).Under Extra Options, in the Description field, enter Allow all DNS to LAN.Select Save.Select Apply Changes.
Arrange the firewall rules in the order that allows them to function properly.Using drag-and-drop, move the rules to the following order (top to bottom):Anti-Lockout RuleAllow all DNS to LANBlock DNS from LANIn the simulated version of pfSense, you can only drag and drop the rules you created. You cannot drag and drop the default rule.Select Save.Select Apply Changes.
Enable pfBlockerNG.From the pfSense menu bar, select Firewall > pfBlockerNG.Under General Settings, select Enable pfBlockerNG.Scroll to the bottom and select Save.
Enable and configure DNS block lists.Under the Firewall breadcrumb, select DNSBL.Select Enable DNSBL.For DNSBL Virtual IP, enter 192.168.0.0.Scroll to the bottom and expand TLD Blacklist.Enter the following URLs in the TLD Blacklist box:financereports.cototalpad.comsalesscript.infoExpand TLD Whitelist and then enter the following URLs:.www.google.com.play.google.com.drive.google.comSelect Save.
Complete this lab as follows:
Create and configure an Access Profile named MgtAccess.From the left pane, expand and select Security > Mgmt Access Method > Access Profiles.Select Add.Enter the Access Profile Name of MgtAccess.Enter the Rule Priority of 1.For Action, select Deny.Select Apply and then select Close.
Add a profile rule to the MgtAccess profile.From the left pane, under Security > Mgmt Access Method, select Profile Rules.Select the MgtAccess profile and then select Add.Enter a Rule Priority of 2.For Management Method, select HTTP.For Applies to Source IP Address, select User Defined.For IP Address, enter 192.168.0.10.Enter the 255.255.255.0.Select Apply and then select Close.
Set the MgtAccess profile as the active access profile.From the left pane, under Security > Mgmt Access Method, select Access Profiles.Use the Active Access Profile drop-down list to select MgtAccess.Select Apply.Select OK.
Save the changes to the switch's startup configuration file.At the top, select Save.For Source File Name, make sure Running configuration is selected.For Destination File Name, make sure Startup configuration is selected.Select Apply.Select OK.
Upgrade the firmware image to the latest version.From the left pane, select Getting Started.Under Quick Access, select Upgrade Device Software.For File Name, select Choose File.Browse to and select C:\Sx300_Firmware\Sx300_FW-1.2.7.76.ros.Select Open.Select Apply.Select OK.From the left pane, under File Management, select Active Image.For Active Image After Reboot, use the drop-down menu to select Image 2.Select Apply.From the left pane under Administration, select Reboot.From the right pane, select Reboot.Select OK.
While completing this lab, use the following information:
Configure the GameConsoles MAC-based access control entry (ACE) settings as follows:
PriorityActionDestinationMAC AddressSource MAC Address1DenyAnyValue: 00041F111111Mask: 0000001111112DenyAnyValue: 005042111111Mask: 0000001111113DenyAnyValue: 000D3A111111Mask: 0000001111114DenyAnyValue: 001315111111Mask: 0000001111115DenyAnyValue: 0009BF111111Mask: 0000001111116DenyAnyValue: 00125A111111Mask: 000000111111
Complete this lab as follows:
Create the GameConsoles ACL.From the Getting Started page, under Quick Access, select Create MAC-Based ACL.Select Add.In the ACL Name field, enter GameConsolesClick Apply and then click Close.
Create MAC-based access control.Select MAC-Based ACE Table.Select Add.Enter the priority.Select the action.For Destination MAC Address, make sure Any is selected.For Source MAC Address, select User Defined.Enter the source MAC address value.Enter the source MAC address mask.Click Apply.Repeat steps 2c-2i for additional ACE entries.Click Close.
Bind the GameConsoles ACL to all of the interfaces.From the left pane, under Access Control, select ACL Binding (Port).Select GE1.At the bottom of the window, select Edit.Click Select MAC-Based ACL.Select Apply and then select Close.Select Copy Settings.In the Copy configuration's to field, enter 2-30.Click Apply.
Save the Configuration.From the top of the window, select Save.Under Source File Name, make sure Running configuration is selected.Under Destination File Name, make sure Startup configuration is selected.Click Apply.Click OK.
5.12.4
Explore VLANs
You are the IT security administrator for a small corporate network. You need to increase the networking closet's security by implementing a CCTV system with IP cameras. As part of this task, you need to separate the CCTV data traffic on the network using a separate VLAN on the switch.
The patch panel connections for the networking closet, lobby, and IT administration office are installed and ready for use (ports 18-20). A DHCP server is already configured to provide the IP cameras and the laptop in the IT administration office with the correct TCP/IP settings (port 21). For an easier implementation, create the logical VLAN first and then establish the physical connections of the IP cameras and the laptop.
In this lab, your task is to perform the following:
Access the switch management console from ITAdmin using the following credentials:Address: http://192.168.0.2Username: ITSwitchAdminPassword: Admin$only (the password is case-sensitive)
Create and configure a VLAN on the switch as follows:VLAN ID: 2VLAN Name: IPCamerasConfigure ports GE18, GE19, GE20, GE21 as untagged.Port 18 is connected to the network jack next to the laptop in the IT administration office.Port 19 is connected to the camera mount in the lobby.Port 20 is connected to the camera mount in the networking closet.Port 21 is connected to a DHCP server that provides IP addresses to the camera and the laptop.
In the lobby and networking closet, perform the following:Connect a Cat5e cable to the RJ-45 ports on the IP camera and the IP camera wall plate.Mount the IP camera on the wall plate.
In the networking closet, connect the DHCP server to the VLAN using a Cat5e cable from switch port 21 to patch panel port 21 in the rack.
In the IT administration office, connect a Cat5e cable to the laptop's network port and the open port on the wall plate.
On ITAdmin-Lap, verify the VLAN configuration and IP camera installation as follows:Select Start > IP Cameras.Verify that the program detects the IP cameras on the VLAN 2 network.
Complete this lab as follows:
From the ITAdmin computer, log into the CISCO switch.From the taskbar, open Google Chrome.Maximize the window for easier viewing.In the URL field, enter 192.168.0.2 and press Enter.For Username, enter ITSwitchAdmin.For Password, enter Admin$only (password is case-sensitive).Select Log In.
Create a VLAN.From the Getting Started pane, under Initial Setup, select Create VLAN.Select Add.For VLAN ID, enter 2.For VLAN Name, enter IPCameras.Select Apply.Select Close.
Configure a VLAN.From the left pane, under VLAN Management, select Port to VLAN.From the the VLAN ID equals to drop-down menu, select 2.Select Go.For ports GE18, GE19, GE20, and GE21, select Untagged.Select Apply.
Connect the IP camera in the lobby to the VLAN and mount the IP cameras.From the top navigation area, select Floor 1.Under Lobby, select Hardware.Under Shelf, expand CCTV Cameras.Drag the IP Camera (Lobby) to the workspace.Under Workspace for the IP camera, select Back to switch to the back view of the IP camera.Under Shelf, expand Cables and then select a Cat5e Cable, RJ45.Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the IP Camera wall mount plate.From the wall plate's Partial Connections list, drag the other connector to the RJ-45 port on the back of the IP camera.Drag the IP camera to the IP camera wall plate.
Connect the IP camera in the networking closet to the VLAN and mount the IP cameras.From the top navigation area, select Floor 1.Under Networking Closet, select Hardware.Under Shelf, expand CCTV Cameras.Drag the IP Camera (Networking Closet) to the workspace.Under Workspace for the IP camera, select Back to switch to the back view of the IP camera.Under Shelf, expand Cables and then select Cat5e Cable, RJ45.Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the IP Camera mount wall plate.Under Selected Component, drag the unconnected RJ45 cable to the RJ-45 port on the back of the IP camera.To mount the IP camera, drag the IP camera to the IP camera wall plate.
Connect the DHCP server and laptop to the VLAN.In the networking closet, under Shelf, select a Cat5e Cable, RJ45.Under Selected Component, drag a RJ45 Connector to port 21 on the switch.Under Selected Component, drag the unconnected RJ45 Connector to port 21 on the patch panel.
Connect the laptop to the VLAN.From the top menu, select Floor 1.Under IT Administration, select Hardware.Above the laptop, select Back to switch to the back view of the laptop.Under Shelf, select Cat5e Cable, RJ45.Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the laptop.Under Selected Component, drag the unconnected RJ45 Connector to the open RJ-45 port on the wall plate.To verify that all components are connected, you can change location to the network closet hardware view. You should see green link/activity lights on ports 18 - 21 of the switch. You should also see amber Power Over Ethernet (POE) lights on ports 19 and 20, which are connected to the IP cameras.
Launch the IP camera monitoring software.Under the laptop's workspace, select Front.On the IT-Laptop2, select Click to view Windows 10.From the taskbar, select Start.Select IP Cameras.Verify that both cameras are detected on the network.
Use the following user account specifications as you create each account.
UserJob RoleDepartmental OUJuan SuarezMarketing managerMarketing\MarketingManagersSusan SmithPermanent sales employeeSales\PermSalesMark BurnesSales managerSales\SalesManagersBorey ChanTemporary sales employeeSales\TempSales
Complete this lab as follows:
Access Active Directory Users and Computers on the CorpDC server.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC.From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing.
Create the domain user accounts.From the left pane, expand CorpNet.local.Browse to the appropriate OU.Right-click the OU and select New > User.In the First name field, enter the user's first name.In the Last name field, enter the user's last name.In the User logon name field, enter the user's logon name which should be the first letter of the user's first name together with their last name. (e.g. jsuarez)The domain, @CorpNet.local, is appended automatically to the end of the logon name.Click Next.Select Next.In the Password field, enter asdf1234$.In the Confirm password field, enter asdf1234$.Make sure User must change password at next logon is selected and then click Next.Select Finish to create the object.Repeat steps 3e-3m to create the additional users.
Modify user account restrictions for the temporary sales employee.Right-click Borey Chan and select Properties.Select the Account tab.Select Logon hours.From the Logon Hours dialog, select Logon Denied to clear the allowed logon hours.Select the time range of 8:00 a.m. to 5:00 p.m., Monday through Friday.Select Logon Permitted to allow logon.Select OK.Under Account expires, select End of.In the End of field, use the drop-down calendar to select 31 December of the current year.Select OK.
Complete this lab as follows:
Access Active Directory Users and Computers on the CorpDC server.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC.From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing.
From the left pane, expand CorpNet.local.
Unlock the Mary Barnes account.From the left pane, select Accounting.Right-click Mary Barnes and select Reset Password.In the New password field, enter asdf1234$.In the Confirm password field, enter asdf1234$.Make sure User must change password at next logon is selected.Make sure Unlock the user's account is selected.Select OK.Select OK to confirm the changed.
Disable the Mark Woods account.From the right pane, right-click Mark Woods and select Disable Account.Select OK to confirm the change.
Enable Pat Benton's account.From the left pane, select Research-Dev.From the right pane, right-click Pat Benton and select Enable Account.Select OK to confirm the change.
Rename the Andrea Simmons account.Right-click Andrea Simmons and select Rename.Enter Andrea Socko and press Enter. This opens the Rename User dialog.In the Last name field, enter Socko.In the User logon name field, replace the old name with asocko.Select OK.
Configure user account restrictions.From the left pane, select Support.From the right pane, press Ctrl and select both the Tom Plask and Janice Rons users to edit multiple users at the same time.In Safari, press Command and select each user.Right-click the user accounts and select Properties.Select the Account tab.Select Computer restrictions.Select Log On To.Select The following computers.In the Computer name field, type Support.Select Add.Select OK.Select OK.
6.6.8
Enforce User Account Control
You are the IT administrator for a small corporate network. The company has a single Active Directory domain named CorpNet.xyz. You need to increase the domain's authentication security. You need to make sure that User Account Control (UAC) settings are consistent throughout the domain and in accordance with industry recommendations.
In this lab, your task is to configure the following UAC settings in the Default Domain Policy on CorpDC as follows:
User Account ControlSettingAdmin Approval mode for the built-in Administrator accountEnabledAllow UIAccess applications to prompt for elevation without using the secure desktopDisabledBehavior of the elevation prompt for administrators in Admin Approval modePrompt for credentialsBehavior of the elevation prompt for standard usersAutomatically deny elevation requestsDetect application installations and prompt for elevationEnabledOnly elevate UIAccess applications that are installed in secure locationsEnabledOnly elevate executables that are signed and validatedDisabledRun all administrators in Admin Approval modeEnabledSwitch to the secure desktop when prompting for elevationEnabledVirtualize file and registry write failures to per-user locationsEnabled
User Account Control policies are set in a GPO linked to the domain. In this scenario, edit the Default Domain Policy and configure settings in the following path:Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
While completing this lab, use the following information when configuring the UAC settings.
User Account ControlSettingAdmin Approval mode for the built-in Administrator accountEnabledAllow UIAccess applications to prompt for elevation without using the secure desktopDisabledBehavior of the elevation prompt for administrators in Admin Approval modePrompt for credentialsBehavior of the elevation prompt for standard usersAutomatically deny elevation requestsDetect application installations and prompt for elevationEnabledOnly elevate executables that are signed and validatedDisabledOnly elevate UIAccess applications that are installed in secure locationsEnabledRun all administrators in Admin Approval modeEnabledSwitch to the secure desktop when prompting for elevationEnabledVirtualize file and registry write failures to per-user locationsEnabled
Complete this lab as follows:
On CorpDC, access the CorpNet.local domain for Group Policy Management.From Hyper-V Manager, select CORPSERVER.Double-click CorpDC.From Server Manager, select Tools > Group Policy Management.Maximize the window for easy viewing.Expand Forest: CorpNet.local > Domains > CorpNet.local.
Configure the UAC settings.Right-click Default Domain Policy and select Edit.Maximize the window for easier viewing.Under Computer Configuration, expand and select Policies > Windows Settings > Security Settings > Local Policies > Security Options.From the right pane, double-click the policy you want to edit.Select Define this policy setting.Select Enable or Disable as necessary.Edit the value for the policy as needed and then click OK.Repeat steps 2d-2g for each policy setting.
Complete this lab as follows:
(Optional) Try to enable BitLocker.From the search field on the Windows taskbar, type Control.From Best match, select Control Panel.Select System and Security.From the right pane, select BitLocker Drive Encryption.Under Operating system drive, select Turn on BitLocker.An error message at the bottom of the screen indicates that a TPM security device was not found.Select Cancel.
Access the BIOS settings.Right-click the Start menu and then select Shut down or sign out > Restart to reboot your computer.When the TestOut logo appears, press Delete to enter the BIOS.
Turn on and activate the TPM.From the left pane, expand and select Security > TPM Security.From the right pane, select TPM Security and then select Apply.Select Activate and then select Apply.Select Exit.Your computer will automatically reboot.
Turn BitLocker on.From the search field on the Windows taskbar, type Control.From Best match, select Control Panel.Select System and Security.Select BitLocker Drive Encryption.Under Operating system drive, select Turn on BitLocker. Windows begins the Drive Encryption setup.
Back up a BitLocker recovery key.Select Save to a file.In the left pane, expand and select Network > CorpServer > BU-Office1.Select Save.Select Next.
Configure BitLocker encryption.Select Encrypt entire drive and then select Next.Make sure that New encryption mode is selected and then select Next.Select Run BitLocker system check and then select Continue.Select Restart now.The computer will reboot, and the encryption process will run automatically.When the encryption process is complete, select Close.
Verify that encryption is enabled.From the Windows taskbar, select File Explorer.From the left pane, select This PC.From the right pane, verify that the System (C:) drive shows the encryption lock icon.
Complete this lab as follows:
Configure self-healing.From the top, select the Configure tab.From the left menu, select Services.Under Self-Healing, select Automatically adjust AP radio power to optimize coverage when interference is present.Using the Automatically adjust 2.4GHz channels using drop-down menu, select Background Scanning from the drop-down menu.Using the Automatically adjust 5GHz channels using drop-down menu, select Background Scanning from the drop-down menu.On the right, select Apply.
Configure background scanning.Select Run a background scan on 2.4GHz radio.Enter 30 seconds.Select Run a background scan on 5GHz radio.Enter 30 seconds.On the right, select Apply.
Configure load balancing.Select Run load balancing on 2.4GHz radio.In the Adjacent radio threshold(dB) field, enter 40.Select Run load balancing on 5GHz radio.In the Adjacent radio threshold(dB) field, enter 40.On the right, select Apply.
Configure band balancing.Select Percent of clients on 2.4GHz radio.Enter the 30.On the right, select Apply.
Adjust the AP power level.From the left menu, select Access Points.From the top right, select Exhibit to determine which access points to adjust.Select Edit next to the access point to be modified.Under Radio B/G/N(2.4G) next to TX Power, make sure Override Group Config is selected.From the TX Power drop-down list, select -3dB (1/2).Under Radio A/N/AC(5G) next to TX Power, make sure Override Group Config is selected.From the TX Power drop-down list, select -3dB (1/2).Select OK.Repeat steps 5b - 5h for additional access poin
Complete this lab as follows:
Access the Ruckus zone controller.From the taskbar, select Google Chrome.In the URL field, enter 192.168.0.6 and press Enter.Maximize the window for easier viewing.
Log in to the wireless controller console.In the Admin field, enter admin (case sensitive).In the Password field, enter password as the password.Select Login.
Change the admin username and password for the Zone Director controller.From the top, select the Administer tab.Make sure Authenticate using the admin name and password is selected.In the Admin Name field, enter WxAdmin.In the Current Password field, enter password.In the New Password field, enter ZDAdminsOnly!$.In the Confirm New Password field, enter ZDAdminsOnly!$.On the right, select Apply.
Enable MAC address filtering.From the top, select the Configure tab.From the left menu, select Access Control.Expand L2-L7 Access Control.Under L2/MAC address Access Control, select Create New.In the Name field, enter Allowed Devices.Under Restriction, make sure Only allow all stations listed below is selected.Enter a MAC address.Select Create New.Repeat step 4g-4h for each MAC address you would like to add to the ACL.Select OK.
Configure access controls.Under Access Control, expand Device Access Policy.Select Create New.In the Name field, enter NoGames.Select Create New.In the Description field, enter Games.Using the OS/Type drop-down list, select Gaming.In the Type field, select Deny.Under Uplink, make sure Disabled is selected.Under Downlink, make sure Disabled is selected.Select Save.Select OK.
While completing this lab, use the following virtual machine (VM) specifications:
VM1:
Virtual machine name: VM1
Virtual machine location: D:\HYPERV
Generation: Generation 1
Startup memory: 1024 MB (do not use dynamic memory)
Networking connection: External
Virtual hard disk name: VM1.vhdx
Virtual hard disk location: D:\HYPERV\Virtual Hard Disks
Virtual hard disk size: 50 GB
Operating system will be installed later
VM2:
Virtual machine name: VM2
Virtual machine location: D:\HYPERV
Generation: Generation 1
Startup memory: 2048 MB (use dynamic memory)
Networking connection: Internal
Virtual hard disk name: VM2.vhdx
Virtual hard disk location: D:\HYPERV\Virtual Hard Disks
Virtual hard disk size: 250 GB
Operating system will be installed later
Minimum RAM: 512 MB
Maximum RAM: 4096 MB
Complete this lab as follows:
Access the Hyper-V Manager.Select Start.Expand Windows Administrative Tools and then select Hyper-V Manager.
Create virtual machines on ITAdmin.Use all default settings unless directed otherwise.Right-click ITADMIN and then select New > Virtual Machine.From the Before You Begin dialog, select Next.In the Name field, enter VM_name and then select Next.Make sure Generation 1 is selected and then select Next.In the Startup memory field, enter size.Set the Use Dynamic Memory for this virtual machine appropriately and then select Next.Use the Connection drop-down menu to select connection_type and then select Next.In the Size field, enter disk_size and then select Next.Make sure Install an operating system later is selected and then select Next.Review your configuration and then select Finish to create the virtual machine.Repeat step 2 to created the second virtual machine.
Adjust virtual machine memory for VM2.From the Hyper-V Manager, under Virtual Machines, right-click VM2 and select Settings.From the left pane, select Memory.In the Minimum RAM field, enter 512.In the Maximum RAM field, enter 4096.Select OK.
Complete this lab as follows:
Access and log into the Ruckus ZoneDirector.From the taskbar, select Google Chrome.In the URL field, enter 192.168.0.6 and then press Enter.Maximize the window for easier viewing.In the Admin field, enter admin (case sensitive).In the Password field, enter password as the password.Select Login.
Set up Guest Access Services.Select the Configure tab.From the left menu, select Guest Access.Under Guest Access Service, select Create New.Change the Name field to Guest_BYOD.For Terms of Use, select Show terms of use.Expand Restricted Subnet Access.Verify that 192.168.0.0/16 is listed.Select OK.
Create a Guest WLAN.From the left menu, select WLANs.Under WLANs, select Create New.Change the Name to Guest.Change the ESSID to Guest_BYOD.Under Type, select Guest Access.For Wireless Client Isolation, select Isolate wireless client traffic from other clients on the same AP.Select OK.Close Google Chrome.
Request a Guest password.Open a new Google Chrome browser window.In the URL field, enter 192.168.0.6/guestpass and then press Enter.Maximize the window for easier viewing.In the Username field, enter BYODAdmin (case sensitive).Enter P@ssw0rd as the password (0 is a zero).Select Log In.In the Full Name field, enter any full name.In the Key field, highlight the key and press Ctrl + C to copy the key.Select Next.
Access the wireless Guest Access Service from the guest laptop in the lobby.From the top menu, select Floor 1.Select Gst-Lap in the lobby.In the notification area, select the Network icon.Select Guest_BYOD.Select Connect.Select Yes.After Internet Explorer opens to the Guest Access login page, paste the key from the Key field.Select Log In.
Complete this lab as follows:
Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter.
Access the Snort Global Settings.From the pfSense menu bar, select Services > Snort.Under the Services breadcrumb, select Global Settings.
Configure the required rules to be downloaded.Select Enable Snort VRT.In the Sort Oinkmaster Code field, enter 359d00c0e75a37a4dbd70757745c5c5dg85aa. You can copy and paste this from the scenario.Select Enable Snort GPLv2.Select Enable ET Open.
Configure the Sourcefire OpenAppID Detectors to be downloaded.Under Sourcefire OpenAppID Detectors, select Enable OpenAppID.Select Enable RULES OpenAppID.
Configure when and how often the rules will be updated.Under Rules Update Settings, use the Update Interval drop-down menu to select 1 Day.For Update Start Time, change to 01:00.Select Hide Deprecated Rules Categories.
Configure Snort General Settings.Under General Settings, use the Remove Blocked Hosts Interval drop-down menu to select 1 HOUR.Select Startup/Shutdown Logging.Select Save.
Configure the Snort Interface settings for the WAN interface.Under the Services breadcrumb, select Snort Interfaces and then select Add.Under General Settings, make sure Enable interface is selected.For Interface, use the drop-down menu to select WAN (PFSense port 1).For Description, use WANSnort.Under Alert Settings, select Send Alerts to System Log.Select Block Offenders.Scroll to the bottom and select Save.
Start Snort on the WAN interface.Under the Snort Status column, select the arrow.Wait for a checkmark to appear, indicating that Snort was started successfully.
Complete this lab as follows.
Run a Security Evaluator report.From the taskbar, open Security Evaluator.Next to Target Local Machine, select the Target icon to select a new target.Select Workstation.From the Workstation drop-down list, select Office2 as the target.Select OK.Next to Status, select the Run/Rerun Security Evaluation icon.Review the results to determine which issues you need to resolve on Office2.
Access local users using Office2's Computer Management console.From the top navigation tabs, select Floor 1.Under Office 2, select Office2.From Office2, right-click Start and select Computer Management.Expand and select Local Users and Groups > Users.
Rename a user account.Right-click Administrator and select Rename.Enter a new name of your choice and press Enter.
Disable the Guest account.Right-click Guest and select Properties.Select Account is disabled and then select OK.
Set a new password for Mary.Right-click Mary and select Set Password.Select Proceed.Enter a new password of your choice (12 characters or more).Confirm the new password and then select OK.Select OK.Ideally, you should have created a policy that requires passwords with 12 characters or more.
Configure Mary's password to expire and to change at next logon.Right-click Mary and select Properties.Clear Password never expires.Select User must change password at next logon and then select OK.
Unlock Susan's account and remove her from the Administrators group.Right-click Susan and select Properties.Clear Account is locked out and then select Apply.Select the Member of tab.Select Administrators.Select Remove.Select OK.Close Computer Management.
Enable Windows Firewall for all profiles.Right-click Start and then select Settings.Select Network & Internet.From the right pane, scroll down and select Windows Firewall.Under Domain network, select Turn on.Under Private network, select Turn on.Under Public network, select Turn on.Close all open Windows.
Remove a file share.From the taskbar, select File Explorer.From the left pane, select This PC.From the right pane, double-click Local Disk (C:).Right-click MyMusic and select Properties.Select the Sharing tab.Select Advanced Sharing.Clear Share this folder.Select OK.Select OK.
Use the Security Evaluator feature to verify that all of the issues on the ITAdmin computer were resolved.From the top navigation tabs, select Floor 1.Under IT Administration, select ITAdmin.From Security Evaluator, select the Run/Rerun Security Evaluation icon to rerun the security evaluation.If you still see unresolved issues, select Floor 1, navigate to the Office2 workstation and remediate any remaining issues.
While completing this lab, use the following information:
AreaPolicySettingPassword PolicyEnforce password history24 Passwords Minimum password age1 DayMinimum password length14 CharactersAccount Lockout PolicyReset account lockout counter after60 MinutesEvent LogRetention method for application logDo not overwrite events (clear log manually)Retention method for security logDo not overwrite events (clear log manually)Retention method for system logDo not overwrite events (clear log manually)System ServicesDCOM Server Process LauncherDisabledTask SchedulerDisabled
Complete this lab as follows:
Run a Security Evaluator report.From the taskbar, open Security Evaluator.Next to Target: Local Machine, select the Target icon to select a target.Select Domain Controller.Using the Domain Controller drop-down list, select CorpDC as the target.Select OK.Next to Status: No Results, select the Status Run/Rerun Security Evaluation icon.Review the results to determine which issues you need to resolve on CorpDC.
Access the CorpDC server.From the top navigation tabs, select Floor 1.Under Networking Closet, select CorpDC.If you need to return to the ITAdmin computer to review the Security Evaluator results:From the top navigation tabs, select Floor 1.Under IT Administration, select ITAdmin.
Access and edit the CorpNet.local Default Domain Policy.From Server Manager, select Tools > Group Policy Management.Maximize the window for easier viewing.Expand Forest: CorpNet.local > Domains >CorpNet.local.Right-click Default Domain Policy and then select Edit.Maximize the window for easier viewing.
Remediate the password policy issues in Account Policies.Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Account Policies.From the left pane, select Password Policy.From the right pane, double-click the policy.Select Define this policy setting.Enter the password setting and then select OK.Repeat steps 4c-4e for each additional password policy.
Remediate the reset account lockout counter issue in Account Policies.From the left pane, select Account Lockout Policy.From the right pane, double-click Reset account lockout counter after.Select Define this policy setting.Enter 60 minutes and then select OK.
Remediate the Event Log issues.From the left pane, select Event Log.From the right pane, double-click the policy.Select Define this policy setting.Select Do not overwrite events (clear log manually) and then select OK.Repeat steps 6b-6d for each additional Event Log policy.
Remediate System Services issues.From the left pane, select System Services.From the right pane, double-click the policy.Select Define this policy setting.Make sure Disabled is selected and then select OK.Repeat steps 7b-7d for the remaining System Services policy.
Verify that all the issues were resolved using the Security Evaluator feature on the ITAdmin computer.From the top navigation tabs, select Floor 1.Under IT Administration, select ITAdmin.From Security Evaluator, select the Status Run/Rerun Security Evaluation icon to rerun the security evaluation.If you still see unresolved issues, select Floor 1, navigate to CorpDC, and remediate any remaining issues.
Complete this lab as follows:
Run a Security Evaluator report.From the taskbar, select Security Evaluator.Next to Target: Local Machine, select the Target icon to select a new target.Select IPv4 Address.Enter 192.168.0.6 for the wireless access controller.Select OK.Next to Status No Results, select the Status Run/Rerun Security Evaluation icon to run the security evaluation.Review the results to determine which issues you need to resolve on the wireless access controller.
Use Google Chrome to go into the Ruckus wireless access controller.From the taskbar, open Google Chrome.Maximize Google Chrome for easier viewing.In the address bar, type 192.168.0.6 and press Enter.For Admin name, enter admin (case-sensitive).For Password, enter password.Select Login.
Change the admin username and password for the Ruckus wireless access controller.Select the Administer tab.Make sure Authenticate using the admin name and password is selected.In the Admin Name field, replace admin with a username of your choice.In the Current Password field, enter password.In the New Password field, enter a password of you choice.In the Confirm New Password field, enter the new password.On the right, select Apply.
Enable intrusion detection and prevention.Select the Configure tab.On the left, select WIPS.Under Intrusion Detection and Prevention, select Enable report rogue devices.On the right, select Apply.
Verify that all the issues were resolved using the Security Evaluator.From the taskbar, select Security Evaluator.Next to Status Needs Attention, select the Status Run/Rerun Security Evaluation icon to re-run the security evaluation.Remediate any remaining issues.
Complete this lab as follows:
View the current John the Ripper password file.From the Favorites bar, select Terminal.At the prompt, type cd /usr/share/john and press Enter.Type ls and press Enter.Type cat password.lst and press Enter to view the password list.Type cd and press Enter to go back to the root.
Crack the root password on the Support computer.Type john /etc/shadow and press Enter. The password is shown. Can you find it?Type john /etc/shadow and press Enter to attempt to crack the Linux passwords again.Notice that it does not attempt to crack the password again. The cracked password is already stored in the john.pot file.Use alternate methods of viewing the previously cracked password.Type john /etc/shadow --show and press Enter.Type cat ./.john/john.pot and press Enter to view the contents of the john.pot file.In the top right, select Answer Questions and then answer question 1.
Open a terminal on the IT-Laptop.From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select IT-Laptop.From the Favorites bar, select Terminal.
Export the contents of the protected.zip file to a text file.At the prompt, type ls and press Enter.Notice the protected.zip file you wish to crack.Type zip2john protected.zip > ziphash.txt and press Enter.Type cat ziphash.txt and press Enter to confirm that the hashes have been copied.
Using the text file, crack the password of the protected.zip file.Type john --format=pkzip ziphash.txt and press Enter to crack the password.The password is shown. Can you find it?Type john ziphash.txt --show and press Enter to show the previously cracked password.In the top right, select Answer Questions.In the top right, select Answer Questions and then answer Question 2.Select Score Lab.
Complete this lab as follows:
Access the File History options using the Settings app.Right-click Start and then select Settings.Select Update & Security.From the left pane, select Backup.Make sure Automatically back up my files is set to On.Select More options.Scroll to the bottom of the Backup options dialog and select Restore files from a current backup.Maximize the window for better viewing.
Restore the June2020_Issue.jpg file.From the bottom of the File History dialog, select the Previous version button (left arrow) to navigate to the backups captured on Monday, March 16, 2020 11:15 AM.Double-click Pictures.Double-click Layouts.Select the June2020_Issue.jpg file.Select the green Restore to original location arrow located at the bottom center.Select Replace the file in the destination.The Layouts folder where the file was restored is opened.From the Layouts folder, right-click the June2020_Issue.jpg file and then select Properties.Verify that the file is 115.44 MB in size and was last modified on March 16, 2020 at 11:15:12 AM.Select OK.Close the Layouts window.
Restore the Coverart.jpg file.In the top left of the File History dialog, select the up arrow to navigate to the Home\Pictures folder.Select the Previous version button at the bottom to navigate to the backups captured on Monday, March 16, 2020 12:15 PM.Double-click Images.Select the coverart.jpg file.Select the green Restore to original location arrow located at the bottom center.Select Replace the file in the destination.Right-click the coverart.jpg file and select Properties.Verify that the file is 1.09 MB in size and was last modified on March 16, 2020 at 12:15:12 PMSelect OK.
14.1.4
Configure Advanced Audit Policy
You work as the IT security administrator for a small corporate network. As part of an ongoing program to improve security, you want to implement an audit policy for all workstations. You plan to audit user logon attempts and other critical events.
In this lab, your task is to configure the following audit policy settings in WorkstationGPO:
Local PoliciesSettingAudit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settingsEnabledAudit: Shut down system immediately if unable to log security auditsEnabled
Event LogSettingRetention method for security logDefine: Do not overwrite events (clear log manually)
Advanced Audit Policy ConfigurationSettingAccount Logon: Audit Credential ValidationSuccess and FailureAccount Management: Audit User Account ManagementSuccess and FailureAccount Management: Audit Security Group ManagementSuccess and FailureAccount Management: Audit Other Account Management EventsSuccess and FailureAccount Management: Audit Computer Account ManagementSuccessDetailed Tracking: Audit Process CreationSuccessLogon/Logoff: Audit LogonSuccess and FailureLogon/Logoff: Audit LogoffSuccessPolicy Change: Audit Authentication Policy ChangeSuccessPolicy Change: Audit Audit Policy ChangeSuccess and FailurePrivilege Use: Audit Sensitive Privilege UseSuccess and FailureSystem: Audit System IntegritySuccess and FailureSystem: Audit Security System ExtensionSuccess and FailureSystem: Audit Security State ChangeSuccess and FailureSystem: Audit IPsec DriverSuccess and Failure
Do not use the old audit policies located in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policies.
While completing this lab, use the following WorkstationGPO settings:
Local PoliciesSettingAudit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settingsEnabledAudit: Shut down system immediately if unable to log security auditsEnabled
Event LogSettingRetention method for security logDefine: Do not overwrite events (clear log manually)
Advanced Audit Policy ConfigurationSettingAccount Logon: Audit Credential ValidationSuccess and FailureAccount Management: Audit User Account ManagementSuccess and FailureAccount Management: Audit Security Group ManagementSuccess and FailureAccount Management: Audit Other Account Management EventsSuccess and FailureAccount Management: Audit Computer Account ManagementSuccessDetailed Tracking: Audit Process CreationSuccessLogon/Logoff: Audit LogonSuccess and FailureLogon/Logoff: Audit LogoffSuccessPolicy Change: Audit Authentication Policy ChangeSuccessPolicy Change: Audit Audit Policy ChangeSuccess and FailurePrivilege Use: Audit Sensitive Privilege UseSuccess and FailureSystem: Audit System IntegritySuccess and FailureSystem: Audit Security System ExtensionSuccess and FailureSystem: Audit Security State ChangeSuccess and FailureSystem: Audit IPsec DriverSuccess and Failure
Edit Audit Policies as follows:
Using Group Policy Management, access CorpNet.local's Group Policy Objects > WorkgroupGPO.From Server Manager's menu bar, select Tools > Group Policy Management.Expand Forest: CorpNet.local > Domains > CorpNet.local > Group Policy Objects.Maximize the windows for better viewing.
Access the WorkstationGPO's Security Settings Local Policies.Right-click WorkstationGPO and select Edit.Maximize the windows for better viewing.Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies.
Modify Local Policies.Select Security Options.From the right pane, double-click the policy you want to edit.Select Define this policy setting.Select the policy settings as required.Select OK.Select Yes to confirm changes as necessary.Repeat steps 3b - 3f for additional policy settings.
Modify the Event Log.From the left pane, select Event Log.From the right pane, double-click the policy you want to edit.Select Define this policy setting.Select the policy settings as required.Select OK.
Modify Advanced Audit Policy Configuration.From the left pane, expand Advanced Audit Policy Configuration > Audit Policies.Select the audit policy category.From the right pane, double-click the policy you want to edit.Select Configure the following audit events.Select the policy settings as required.Select OK.Repeat steps 5b-5f for additional policy settings.