chap 7 labs
You work as the IT security administrator for a small corporate network. The employee in Office 1 is working on a very sensitive project. Management is concerned that if the hard drive in the computer were stolen, sensitive information could be compromised. As a result, you have been asked to encrypt the entire System volume. The Office1 computer has a built-in TPM on the motherboard. In this lab, your task is to configure BitLocker drive encryption as follows: From within the computer's BIOS, turn on and activate TPM Security. From Windows, turn on BitLocker for the System (C:) drive. Back up the recovery key to the \\CorpServer\BU-Office1 folder. Encrypt the entire System (C:) drive. Use the new encryption mode. Run the BitLocker system check.
1. (Optional) Try to enable BitLocker. From the search field on the Windows taskbar, type Control. From Best match, select Control Panel. Select System and Security. From the right pane, select BitLocker Drive Encryption. Under Operating system drive, select Turn on BitLocker. An error message at the bottom of the screen indicates that a TPM security device was not found. Select Cancel. 2. Access the BIOS settings. Right-click the Start menu and then select Shut down or sign out > Restart to reboot your computer. When the TestOut logo appears, press Delete to enter the BIOS. 3. Turn on and activate the TPM. From the left pane, expand and select Security > TPM Security. From the right pane, select TPM Security and then select Apply. Select Activate and then select Apply. Select Exit. Your computer will automatically reboot. 4. Turn BitLocker on. From the search field on the Windows taskbar, type Control. From Best match, select Control Panel. Select System and Security. Select BitLocker Drive Encryption. Under Operating system drive, select Turn on BitLocker. Windows begins the Drive Encryption setup. 5. Back up a BitLocker recovery key. Select Save to a file. In the left pane, expand and select Network > CorpServer > BU-Office1. Select Save. Select Next. 6. Configure BitLocker encryption. Select Encrypt entire drive and then select Next. Make sure that New encryption mode is selected and then select Next.
You are the IT administrator for a growing corporate network. You manage the certification authority for your network. As part of your daily routine, you perform several certificate management tasks. CorpCA, the certification authority, is a guest server on CorpServer2. In this lab, your task is to complete the following: Your network uses smart cards to control access to sensitive computers. Currently, the approval process dictates that you manually approve smart card certificate requests.Approve pending certificate requests for smart card certificates from tsutton and mmallory. Deny the pending web server certificate request for CorpSrv12. User bchan lost his smartcard. Revoke the certificate assigned to bchan.CorpNet.com using the Key Compromise reason code. Unrevoke the CorpDev3 certificate.
1. Access Certification Authority on the CORPSERVER2 server. From Hyper-V Manager, select CORPSERVER2. Maximize the window for easier viewing. From the Virtual Machines pane, double-click CorpCA. From Server Manager's menu bar, select Tools > Certification Authority. Maximize the window for easier viewing. From the left pane, expand CorpCA-CA. 2. Approve the pending certificate request for tsutton and mmallory. Select Pending Requests. From the right pane, scroll to the Request Common Name column. Right-click tsutton and select All Tasks > Issue to approve the certificate. Right-click mmallory and select All Tasks > Issue. 3. Deny the pending request for CorpSrv12. Right-click CorpSrv12.CorpNet.com and select All Tasks > Deny. Select Yes. 4. Revoke bchan's certificates. From the left pane, select Issued Certificates. From the right pane, right-click bchan.CorpNet.com and select All Tasks > Revoke Certificate. Using the Reason code drop-down menu list, select Key Compromise. Select Yes. 5. Unrevoke the CorpDev3 certificate. From the left pane, select Revoked Certificates. From the right pane, right-click CorpDev3.CorpNet.com and select All Tasks > Unrevoke Certificate.
You are the IT security administrator for a small corporate network. Recently, some of your firm's proprietary data leaked online. You have been asked to use steganography to encrypt data into a file that is to be shared with a business partner. The data will allow you to track the source if the information is leaked again. In this lab, your task is to use OpenStego to hide data in photos as follows: Encrypt and password protect the user data into the a to be shared.Message file: John.txtCover file: gear.pngOutput Sego file: send.png (saved in the Documents folder)Password: NoMor3L3@ks! Confirm the functionality of the steganography by:Extracting the data to C:\Users\Administrator\Documents\Export.Open the extracted file to confirm that the associated username has been embedded into the file.
1. Encrypt the user data into the file to be shared. In the search field on the taskbar, type OpenStego. Under Best match, select OpenStego. 2. Select the Message, Cover, and Output Stego files. For Message File field, select the ellipses [...] button at the end of the field. Double-click John.txt to select the file. For Cover File field, select the ellipses [...] button at the end of the field. Double-click gear.png to select the file. For the Output Stego File field, select the ellipses [...] button at the end of the field. In the File name field, enter send.png and then select Open. 3. Password protect the file. In the Password field, enter NoMor3L3@ks! In the Confirm Password field, enter NoMor3L3@ks! Select Hide Data. Select OK. 4. Extract the data. Under Data Hiding, select Extract Data. For the Input Stego File field, select the ellipses [...] button. Double-click send.png to select the file with the encryption. For the Output Folder for Message File field, select the ellipses [...] button. Double-click Export to set it as the destination of the file output. Click Select Folder.In the Password field, enter NoMor3L3@ks! as the password. Select Extract Data. Select OK. 5. Verify that the decryption process was successful. From the taskbar, select File Explorer. Double-click Documents to navigate to the folder. Double-click Export to navigate to the folder. Double-click John.txt.
At work, you share a computer with other users. You want to secure the contents of the Finances folder so that unauthorized users cannot view its contents. In this lab, your task is to: Encrypt the D:\Finances folder and all of its contents. Add the Susan user account as an authorized user for the D:\Finances\2020report.xls file.
1. Open the D: drive. From the Windows taskbar, select File Explorer. From the left pane, select This PC. From the right pane, double-click Data (D:). 2. Encrypt the Finances folder. Right-click Finances and then select Properties. Select Advanced. Select Encrypt contents to secure data and then select OK. Select OK to close the properties dialog. Select OK to confirm the attribute changes. 3. Give Susan authorization to modify the 2020report.xls file. Double-click Finances. Right-click 2020report.xls and then select Properties. Select Advanced. Select Details. Select Add. Select Susan and then select OK. Select OK as many times as needed to close all remaining dialogs.
You are the IT administrator at a small corporate office. You just downloaded a new release for a program you use. You need to make sure the file was not altered before you received it. Another file containing the original file hash was also downloaded. Both files are located in the C:\Downloads folder. In this lab, your task is to use MD5 hash files to confirm that the Release.zip file was unaltered. From Windows PowerShell: Generate a file hash for the Release.zip file. View the hash of the original file stored in the release821hash.txt file. Use the following command to compare the original hash of the Release.zip file to its calculated hash to see if they match:"the_new_hash_generated" -eq "known_hash_extracted_from_the_.txt_file"Example: "4A84C7958C246E39439C784349F4ZDB4" -eq "9C784349F4ZDB44A84C7958C246E3943"You can highlight text in PowerShell and right-click it to copy the text to the active line. If using Chromebooks, highlight the desired hash amount and then click on the touchpad using 2 fingers to copy and paste the value. Answer the question. The new hash is the hash generated by the get-filehash file_name -a md5 command. The known hash is the hash generated by the get-content file_name.txt command. Include the quotation marks and the file extensions with the file names in the commands.
Q1 Do the file hashes match? A1 No 1. View the files in the C:\Downloads folder. Right-click Start and select Windows PowerShell (Admin). At the prompt, type cd C:\downloads and press Enter to navigate to the directory that contains the files. Type dir and press Enter to view the available files. 2. Confirm that the Release.zip file is unaltered. Type get-filehash Release.zip -a md5 and press Enter to view the MD5 hash. Type get-content release821hash.txt and press Enter to view the known hash contained in the .txt file. Type "new hash" -eq "known hash" and press Enter to determine whether the file hashes match. 3. Answer the question. In the top right, select Answer Questions. Answer the question. Select Score Lab.