Security Pro A.5 Practice Exam
The CorpDC3 server is a domain controller in the CorpNet.com domain. The server holds an Active Directory-integrated zone for the CorpNet.com domain. You need to secure zone data and prevent anyone from copying zone data from the CorpDC3 server through zone transfer. Because all zone information is replicated automatically through Active Directory replication, you know you can disable zone transfers while still replicating data with other domain controllers. In this lab, your task is to disable zone transfers for the CorpNet.com zone.
(check picture)
You are working on a small office/home office (SOHO) network. Recently, you increased the security of the wireless network. In this lab, your task is to do the following: Manually create a wireless network profile on the laptop as follows: - Network name (SSID): PoliceVan (The SSID name is case sensitive.) - Security type: WPA2-Personal - Encryption type: AES - Security Key/Passphrase: 4WatchingU (The security key is case sensitive.) - Start the connection automatically. - Connect even if the network is not broadcasting. - Start this connection automatically. - Connect even if the network is not broadcasting. - Delete the out-of-date TrendNet-BGN wireless profile.
(check picture)
You are working on a small office/home office (SOHO) network. The home owner recently changed his Internet Service Provider (ISP) and has an existing Ethernet router connected to an RJ45 jack on the wall plate. He has a new laptop and would like to connect this laptop to the Internet with a wireless connection. You need to create a wireless network. Create a wireless network as follows: - Select a wireless access point that meets the following criteria: - Transmission speeds up to 600 Mbps. - Backwards compatible with other wireless standards which use 2.4GHz. Install the wireless access point: - Place the wireless access point on the computer desk. - Select the correct cable to connect the wireless access point to a free LAN port on the existing router. - Connect power to the wireless access point through an outlet on the surge protector or wall plate. Configure the owner's new laptop to connect to the wireless network: - Slide the wireless switch on the front of the laptop to the on (I) position. This will enable the integrated wireless network interface card on the laptop. - Use the default settings as you connect the laptop to the wireless network, and save the wireless profile with these settings.
(check picture)
You are working on a small office/home office (SOHO) network. You recently created a wireless network to allow the owner's laptop and mobile devices to make a connection to the wired network and the Internet. However, without additional configuration, the wireless access point will allow connections from all laptops or mobile devices. You need to secure the wireless network to prevent unauthorized access. In this lab, your task is to secure the wireless network as follows: - Log on to the wireless access point as follows: Use Internet Explorer Use 192.168.0.254 Username: admin Password: password - Change the settings on the wireless access point as follows: SSID name: PoliceVan (The SSID name is case sensitive.) Security mode: WPA2-PSK with AES for encryption. Pass phrase: 4WatchingU (The pass phrase is case sensitive.) - Change the wireless access point's administrator authentication credentials from their defaults as follows: Username: @dm1n Password: StayOut! (O is the capital letter O.)Do not save the credentials in Internet Explorer. - Configure the laptop to connect to the wireless network and save the wireless profile with the settings as listed above.
(check picture)
You work as the IT security administrator for a small corporate network. Occasionally, you and your co-administrators need to access internal resources when you are away from the office. You would like to set up Remote Access VPN on your network security appliance to allow secure access. In this lab, your task is to perform the following: - Configure Remote Access VPN using the following settings: Parameter Value VPN Type Remote Access Connection Name CorpNetVPN Pre-shared Key 1a!2b@3c#4d$ Local Gateway Type IP Address Local WAN's IP Address 198.28.56.34 - Verify that the VPN Policy was created. - Verify that the IKE Policy was created. - Configure the following Standard IPSec users: User Password mbrown L3tM31nN0 wjgolden L3tM31nT00 sbarnes Adm1nsR0ck
(check picture)
You work as the IT security administrator for a small corporate network. You need to enable Web Threat Protection on the network security appliance (NSA) to provide content filtering for your network. In this lab, your task is to perform the following: - Enable Web Threat Protection with High security level. - Enable URL Filtering with the following filters: Category Business Leisure Computers/Bandwidth X Computers/Harmful X X Adult X X - Specify business hours Business days: Monday-Friday Morning: 08:00-12:00 Afternoon: 13:00-17:00
(check picture)
You work as the IT security administrator for a small corporate network. You need to secure access to your network security appliance, which is still configured with the default user settings. In this lab, your task is to perform the following: Rename the default user account (cisco) with the following parameters: - User name: xAdmin - Password: Admin$0nly (0 = zero) - Idle timeout: 15 minutes - Set for LAN access only (no WAN access) - Allow access only from CorpServer (192.168.0.10) Create a new administrative user with the following parameters: - User name: mbrown - First name: Mary - Last name: Brown - User type: Administrator - Password: St@y0ut! (0 = zero) - Idle timeout: 15 minutes - Set for LAN access only (no WAN access) - Allow access only from the administrator's workstation (192.168.0.21)
(check picture)
You work as the IT security administrator for a small corporate network. You recently placed a web server in the DMZ. You need to configure the perimeter firewall on the network security appliance to allow access to the web server from the LAN and from the WAN. You would also like to improve security by utilizing the attack security features provided by the firewall. In this lab, your task is to perform the following: - Add an HTTP firewall rule that allows traffic from the WAN to the web server in the DMZ. - Add an HTTPS firewall rule that allows traffic from the WAN to the web server in the DMZ. Use the following table for the HTTP and HTTPS rules: Parameter Setting From Zone UNSECURE (WAN) To Zone DMZ Service HTTP, HTTPS Action Allow Always Source Hosts Any Internal IP Address 172.16.2.100 External IP Address Dedicated WAN - Add a firewall rule to allow traffic from the LAN to the DMZ. Parameter Setting From Zone SECURE (LAN) To Zone DMZ Service Any Action Allow Always Source Hosts Any Destination Hosts Any - Enable all the firewall attack checks.
(check picture)
You are the IT administrator for a small corporate network. Recently, you added a web server that runs services that need to be accessible from the internet. You need to place this server in a DMZ and configure the DMZ settings on the network security appliance (NSA). In this lab, your task is to perform the following: Connect the left port of the CorpDMZWeb server to the Optional port on the NSA. Configure the Optional port on the NSA for DMZ mode from the IT administrator's workstation. - NSA management console address: http://198.28.56.18Username: xAdmin - Password: Admin$0nly (0 is zero) Configure the DMZ port to act as a DHCP server with the default IP addresses. - Primary DNS server address: 163.128.78.93 - Secondary DNS server address:163.128.80.93 Reserve the first IP address in the DMZ's DHCP address range for CorpDMZWeb. - IP address: 172.16.2.100 - MAC address: 1A:2B:C4:28:3B:9F Configure the CorpDMZWeb server to obtain an IP address automatically. Configure the CorpDMZWeb server to obtain a DNS address automatically. Verify that the CorpDMZWeb server receives the reserved IP address.
Complete this lab as follows: Connect the Server to the NSA as follows: - Under Workspace, select Back to switch to the back view of the server rack. - Expand Cables under the Shelf. - Select the Cat5e cable. - In the Selected Component window, click on the network cable connector and drag it to the left Ethernet port on the CorpDMZWeb server. - In the Selected Component window, click on the other network cable connector and drag it to the Optional port on the NSA. Configure the DMZ as follows: - From the top menu, select Building A. - Select Floor 1 to navigate to the IT Administration office. - Select ITAdmin. - On the taskbar, open Internet Explorer. - In the URL field, enter the NSA Management address of 198.28.56.18 and press Enter. - Maximize Internet Explorer for easier viewing. - In the Username field, enter xAdmin. - In the Password field, enter Admin$0nly (0 is zero). - Select Log In. - In the left pane under Getting Started, select Advanced. - Under DMZ Port, select Set Optional Port to DMZ Mode. - Select DMZ. - Click Apply. - In the left pane, select DMZ Config. - On the DMZ Configuration page under DHCP mode, select DHCP Server from the drop-down list. - In the Primary DNS Server field, enter 163.128.78.93. - In the Secondary DNS Server field, enter 163.128.80.93; then click Apply. - In the left pane, select DMZ Reserved IPs. - On the DMZ Reserved IPs page, select Add. - In the IP Address field, enter 172.16.2.100.In the MAC Address field, enter1A:2B:C4:28:3B:9F; then click Apply. Configure DMZ Server Networking as follows: - From the top, select Building A. - Select Basement to navigate back to the basement. - Select CorpDMZWeb. - Right-click the Network icon in the navigation area and select Open Network and Sharing Center. - Select Change adapter settings. - Right-click Ethernet and then select Properties. - Select Internet Protocol Version 4 (TCP/IPv4).Select Properties. - Select Obtain an IP address automatically. - Select Obtain DNS server address automatically; then click OK. - Click Close. - Close the Network Connections dialog. - In the Network and Sharing Center console, select Ethernet. - Select Details to verify that the server has received the correct IP address and DNS server addresses.