testout labs

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

5.1.10 Configure QoS You are the IT administrator for a small corporate network. Several employees have complained of slow internet bandwidth. You have discovered that the user stations on the guest Wi-Fi network are consuming much of your company's bandwidth. You have decided to use pfSense's Traffic Shaper wizard to create the various rules needed to better control the bandwidth usage and to fine-tune the priority for the type of traffic used on your guest Wi-Fi network. Your network has one LAN and one WAN. In this lab, your task is to: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Create a firewall alias using the following specifications:Name: HighBWDescription: High bandwidth usersAssign the IP addresses of the high-bandwidth users to the alias:Vera's IP address: 172.14.1.25Paul's IP address: 172.14.1.100 The Shaper must be configured for the GuestWi-Fi interface using:An upload bandwidth of 5 MbitsA download bandwidth of 45 Mbits Allow your voice over IP traffic to have priority with:An upload bandwidth of 15 MbitsA download bandwidth of 20 Mbits To limit the user stations most likely to hog bandwidth, use the alias created earlier to penalize the offending stations to 2% of the bandwidth. Give a higher priority to the following services and protocols:MSRDPVNCPPTPIPSEC Change the port number used on the floating rule created for MSRDP as follows:Interface: GuestWi-FiDestination Port Range: 3391 Answer the question.

Complete this lab as follows: Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Create a high bandwidth usage alias.From the pfSense menu bar, select Firewall > Aliases.Select Add.Configure the Properties as follows:Name: HighBWDescription: High bandwidth usersType: Host(s)Add the IP addresses of the offending computers to the host(s) configuration as follows:Under Host(s), in the IP or FQDN field, enter 172.14.1.25.Select Add Host.In the new IP or FQDN field, enter 172.14.1.100.Select Save.Select Apply Changes. Start the Traffic Shaper wizard for dedicated links.From the pfSense menu bar, select Firewall > Traffic Shaper.Under the Firewall bread crumb, select Wizards.Select traffic_shaper_wizard_dedicated.xml.Under Traffic shaper Wizard, in the Enter number of WAN type connections field, enter 1 and then select Next. Configure the Traffic Shaper.Make sure you are on Step 1 of 8.Using the drop-down menu for the upper Local interface, select GuestWi-Fi.Using the drop-down menu for lower Local interface, make sure PRIQ is selected.For the upper Upload field, enter 5.Using the drop-down menu for the lower Upload field, select Mbit/s.For the top Download field, enter 45.Using the drop-down menu for the lower Download field, select Mbit/s.Select Next. Prioritize voice over IP traffic.Make sure you are on Step 2 of 8.Under Voice over IP, select Enable to prioritize the voice over IP traffic.Under Connection #1 parameters, in the Upload rate field, enter 15.Using the drop-down menu for the top Units, select Mbit/s.For the Download rate, enter 20.Using the drop-down menu for the bottom Units, select Mbit/s.Select Next. Enable and configure a penalty box.Make sure you are on Step 3 of 8.Under Penalty Box, select Enable to enable the penalize IP or alias option.In the Address field, enter HighBW. This is the alias created earlier.For Bandwidth, enter 2.Select Next. Continue to step 6 of 8.For Step 4 of 8, scroll to the bottom and select Next.For Step 5 of 8, scroll to the bottom and select Next. Raise and lower the applicable application's priority.Make sure you are on Step 6 of 8.Under Raise or lower other Applications, select Enable to enable other networking protocols.Under Remote Service / Terminal emulation, use the:MSRDP drop-down menu to select Higher priority.VNC drop-down menu to select Higher priority.Under VPN:Use the PPTP drop-down menu to select Higher priorityUse the IPSEC drop-down menu to select Higher priorityScroll to the bottom and select Next.For step 7 of 8, select Finish.Wait for the reload status to indicate that the rules have been created (look for Done). View the floating rules created for the firewall.Select Firewall > Rules.Under the Firewall breadcrumb, select Floating.In the top right, select Answer Questions.Answer the question and then minimize the question dialog. Change the port number used for the MSRDP outbound rule.For the m_Other MSRDP outbound rule, select the edit icon (pencil).Under Edit Firewall Rule, in the Interface field, select GuestWi-Fi.Under Destination, use the Destination Port Range drop-down menu to select Other.In both Custom fields, enter 3391.Select Save.Select Apply Changes.In the top right, select Answer Questions.Select Score Lab.

12.8.10 Backup a Domain Controller You are the IT administrator for a small corporate network. You need to back up the system state of your domain controllers so that, in the event of a disaster, Active Directory is backed up. You want to configure regular backups on CorpDC4. In this lab, your task is to perform the following using Windows Server Backup on CorpDC4: Create a regular backup schedule for the CorpDC4 server using the following settings:Backup items: System StateBackup schedule: once per day at 1:00 a.m.Backup location: \\CorpFiles\Backup Take an immediate backup using the following settings:Backup items: System State and C: driveBackup location: \\CorpFiles\Backup Start Lab

Complete this lab as follows: Access Windows Server Backup on the CorpDC4 server.From Hyper-V Manager, select CORPSERVER2.From the Virtual Machines pane, double-click CorpDC4.From the Server Manager menu bar, select Tools > Windows Server Backup.Maximize the window for easier viewing. Create a backup schedule.From the left pane, select Local Backup.From the far right pane, under Actions, select Backup Schedule.Select Next in the wizard.From the Select Backup Configuration window, select Custom; then select Next.Select Add items.Select System state; then select OK.Select Next.Make sure Once a day is selected.Using the Select time of day drop-down list, select 1:00 AM; then select Next.Select Back up to a shared network folder; then select Next.Read the warning message; then select OK.In the Location field, enter \​​\​CorpFiles​\​Backup; then select Next.Select Finish.Select Close. Perform an immediate backup.From the far right pane, under Actions, select Backup Once.From the Backup Options window, select Different options; then select Next.From the Select Backup Configuration window, select Custom; then select Next.Select Add items.Select System state.Select Local Disk (C:).Select OK.Select Next.Select Remote shared folder; then select Next.In the Location field, enter \​​\​CorpFiles​\​Backup; then select Next.Select Backup to start the backup.When the backup is complete, select Close.

6.8.4 Add Users to a Group Maggie Brown (mbrown) and Corey Flynn (cflynn) have recently been hired in the human resources department. You have already created their user accounts. In this lab, your task is to: Add the hr group as a secondary group for the mbrown and cflynn user accounts. When you're finished, view the /etc/group file or use the groups command to verify the changes.

Complete this lab as follows: Add users to the hr group.At the prompt, type usermod -G hr mbrown and press Enter.Use usermod -G hr cflynn and press Enter. Verify the group membership for the users added to each group.Use groups mbrown and press Enter.Use groups cflynn and press Enter.

5.11.6 Spoof MAC Addresses with SMAC As an IT administrator, you need to know how security breaches are caused. You know that SMAC is used for MAC spoofing, so you are going to spoof your MAC address. In this lab, your task is to complete the following: On Office2, use ipconfig /all and find the IP address and MAC address. Using SMAC, spoof the MAC address on ITAdmin to match that of Office2. Refresh the IP address on ITAdmin. Verify the MAC and IP address now match Office2.

Complete this lab as follows: Find the MAC address for Office2.Right-click Start and then select Windows PowerShell (Admin).From the Command Prompt, type ipconfig /all and press Enter.Find the MAC address. Spoof the MAC address.From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select ITAdmin.In the Windows search bar, type SMAC.Under Best match, right-click SMAC and select Run as administrator.In the New Spoofed Mac Address field, type 00:00:55:55:44:15 (the MAC address from Office2).Select Update MAC.Select OK to confirm the adapter restart. Renew the IP information for the ITAdmin computer.Right-click Start and select Windows PowerShell (Admin).From the Command Prompt, type ipconfig /renew to renew the IP address.Type ipconfig /all to confirm the MAC address and the IP address have been updated.

6.5.10 Create and Link a GPO You are the IT security administrator for a small corporate network. You would like to use Group Policy to enforce settings for certain workstations on your network. You have prepared and tested a security template file that contains policies that meet your company's requirements. In this lab, your task is to perform the following on CorpDC: Create a GPO named Workstation Settings in the CorpNet.local domain. Link the Workstation Settings GPO to the following organizational units (OUs):Marketing > TempMarketingSales > TempSalesSupport Import the ws_sec.inf template file, located in C:\Templates, to the Workstation Settings Group Policy object.

While completing this lab, you need the following information: Link the Workstation Settings GPO to the following organizational units (OUs):Marketing > TempMarketingSales > TempSalesSupport Import the ws_sec.inf template file located in C:\Templates. Complete this lab as follows: Access the CorpNet.local domain.From Server Manager, select Tools > Group Policy Management.Expand Forest: CorpNet.local > Domains > CorpNet.local.Maximize the window for better viewing. Create the Workstation Settings GPO and link it to the CorpNet.local domain.Right-click the Group Policy Objects OU and select New.In the Name field, enter the Workstation Settings and then click OK. Link OUs to the Workstation Settings GPO.Right-click the OU and select Link an Existing GPO.Under Group Policy Objects, select Workstation Settings from the list and then click OK.Repeat step 3 to link the additional OUs. Import the ws_sec.inf security policy template.Expand Group Policy Objects.Right-click Workstation Settings and select Edit.Under Computer Configuration, expand Policies > Windows Settings.Right-click Security Settings and select Import Policy.Browse to the C:\Templates.Select ws_sec.inf and then click Open.

6.7.4 Create a User Account The VP of marketing has told you that Paul Denunzio will join the company as a market analyst in two weeks. You need to create a new user account for him. In this lab, your task is to: Create the pdenunzio user account. Include the full name, Paul Denunzio, as a comment for the user account. Set eye8cereal as the password for the user account. When you're finished, view the /etc/passwd file to verify the creation of the account. Answer the question.

Complete this lab as follows: Create the Paul Denunzio account and comment.From the Linux prompt, type useradd -c "Paul Denunzio" pdenunzio and press Enter. Create a password for Paul.Type passwd pdenunzio and press Enter.Type eye8cereal as the password and press Enter.Retype eye8cereal as the password and press Enter. Verify that the account was created.Type cat /etc/passwd and press Enter. Answer the question.In the top right, select Answer Questions.Select the correct answer.Select Score Lab.

5.13.5 Restrict Telnet and SSH Access You are in the process of configuring a new router. The router interfaces connect to the following networks: InterfaceNetworkFastEthernet0/0192.168.1.0/24FastEthernet0/1192.168.2.0/24FastEthernet0/1/0192.168.3.0/24 Only Telnet and SSH access from these three networks should be allowed. In this lab, your task is to: Use the access-list command to create a standard numbered access list using number 5. Add a permit statement for each network to the access list. Use the access-class command to apply the access list to VTY lines 0-4. Use the in direction to filter incoming traffic. Save your changes in the startup-config file.

Complete this lab as follows: Enter the configuration mode for the router:From the exhibit, select the router.From the terminal, press Enter.Type enable and then press Enter.Type config term and then press Enter. From the terminal, create a standard numbered access list using number 5. Add a permit statement for each network to the access list.Type access-list 5 permit 192.168.1.0 0.0.0.255 and then press Enter.Type access-list 5 permit 192.168.2.0 0.0.0.255 and then press Enter.Type access-list 5 permit 192.168.3.0 0.0.0.255 and then press Enter. Apply the access list to VTY lines 0-4. Filter incoming traffic.Type line vty 0 4 and then press Enter.Type access-class 5 in and then press Enter.Press Ctrl + Z. Save your changes in the startup-config file.Type copy run start and then press Enter.Press Enter to begin building the configuration.Press Enter.

11.3.5 Implement Intrusion Prevention You work as the IT security administrator for a small corporate network. In an effort to protect your network against security threats and hackers, you have added Snort to pfSense. With Snort already installed, you need to configure rules and settings and then assign Snort to the desired interface. In this lab, your task is to use pfSense's Snort to complete the following: Sign into pfSense using the following:Username: adminPassword: P@ssw0rd (zero) Enable the downloading of the following:Snort free registered User rulesOinkmaster Code: 359d00c0e75a37a4dbd70757745c5c5dg85aaSnort GPLv2 Community rulesEmerging Threats Open rulesSourcefire OpenAppID detectorsAPPID Open rules Configure rule updates to happen once a day at 1:00 a.m.Hide any deprecated rules. Block offending hosts for 1 hour. Send all alerts to the system log when the Snort starts and stops. Assign Snort to the WAN interface using a description of WANSnort.Include:Sending alerts to the system logAutomatically blocking hosts that generate a Snort alert Start Snort on the WAN interface.

Complete this lab as follows: Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Access the Snort Global Settings.From the pfSense menu bar, select Services > Snort.Under the Services breadcrumb, select Global Settings. Configure the required rules to be downloaded.Select Enable Snort VRT.In the Sort Oinkmaster Code field, enter 359d00c0e75a37a4dbd70757745c5c5dg85aa. You can copy and paste this from the scenario.Select Enable Snort GPLv2.Select Enable ET Open. Configure the Sourcefire OpenAppID Detectors to be downloaded.Under Sourcefire OpenAppID Detectors, select Enable OpenAppID.Select Enable RULES OpenAppID. Configure when and how often the rules will be updated.Under Rules Update Settings, use the Update Interval drop-down menu to select 1 Day.For Update Start Time, change to 01:00.Select Hide Deprecated Rules Categories. Configure Snort General Settings.Under General Settings, use the Remove Blocked Hosts Interval drop-down menu to select 1 HOUR.Select Startup/Shutdown Logging.Select Save. Configure the Snort Interface settings for the WAN interface.Under the Services breadcrumb, select Snort Interfaces and then select Add.Under General Settings, make sure Enable interface is selected.For Interface, use the drop-down menu to select WAN (PFSense port 1).For Description, use WANSnort.Under Alert Settings, select Send Alerts to System Log.Select Block Offenders.Scroll to the bottom and select Save. Start Snort on the WAN interface.Under the Snort Status column, select the arrow.Wait for a checkmark to appear, indicating that Snort was started successfully.

2.3.11 Identify Social Engineering You work as the IT security administrator for a small corporate network in the United States of America. The name of your site is www.corpnet.xyz. The company president has received several questionable emails that he is concerned may be malicious attacks on the company. He has asked you to determine whether the emails are hazardous and to handle them accordingly. In this lab, your task is to: · Read each email and determine whether it is legitimate. · Delete any emails that are attempts at social engineering. · Keep emails that are safe.

Complete this lab as follows: From the Inbox of the WebEmail interface, highlight an email. Read and explore the email and determine whether it is a legitimate email. This includes using your mouse to hover over suspicious attachments and links. Take the appropriate action for each email:If the email is an attempt at social engineering, from the menu bar, select Delete.If the email safe, do nothing. Repeat steps 1 through 3 for each email. The following table list the actions you should take for each email.EmailDiagnosisActionExplanation for ActionMicrosoft Windows Update CenterNew Service PackPhishingDeleteThis email has various spelling errors. The link does not direct you to a Microsoft website.Joe DavisRe: Lunch Today?Malicious AttachmentDeleteThis email appears to be from a colleague; however, why would he fail to respond to your lunch question and send you a random attachment in return?Executive RecruitingExecutive JobsWhalingDeleteWhaling uses tailored information to attack executives. Clicking the link could install malware that would capture sensitive company information. The link is pointing to a site in Germany (.de). It is suspicious that this organization would recruite executives from the USA.Human ResourcesEthics VideoSafeKeepWhile this email has an embedded link, it is digitally signed, as indicated by the green shield and checkmark. Therefore, you know it actually comes from your Human Resources department. When you hover over the link, you see that it is a secure link to the corporate web server.Online Banking DepartmentPayment PendingPhishingDeleteThis is a carefully crafted attempt to get your bank account information. Hover over the link and notice that it does not direct you to your credit union website, but to an unknown IP address. It is also very unlikely that a bank would delete your account for not verifying your information.Grandma JacklinFW: FW: FW: Virus Attack WarningHoaxDeleteAny email that asks you to forward it to everyone you know is probably a hoax. This email also contains very bad grammar.Emily SmithWeb Site UpdateSpear PhishingDeleteWhile this email appears to come from a colleague, notice that the link points to an executable file from a Russian domain name (.ru). A report file is more likely to have an extension of .pdf. .docx, .xlsx, or .txt. This probably is not a message a real colleague would send. This file will likely infect the computer with malware.Sara GoodwinWow!!Malicious AttachmentDeleteEmails with attachments from unknown people who address you as "Dear Friend" are probably not safe.Grandma JacklinFree Airline TicketsHoaxDeleteAny email that asks you to forward it to everyone you know is probably a hoax, even if the contents promise you a prize. In addition, there is no way to know how many people the email has been forwarded to. Likewise, it is very unlikely that an airline would give away that many free tickets.Human ResourcesIMPORTANT NOTICE-Action RequiredSafeKeepWhile this email appears very urgent, it doesn't ask you to click on anything or run any attachments. It does inform you that you need to go a website that you should already know and make sure your courses are complete.Activities CommitteePumpkin ContestSafeKeepThis email doesn't ask you to click on anything or run any attachments.Robert WilliamsPresentationSafeKeepThis email doesn't ask you to click on anything or run any attachments.

11.4.8 Scan for Linux Vulnerabilities You are the IT security administrator for a small corporate network. You need to use a vulnerability scanner to check for security issues on your Linux computers. In this lab, your task is to: Use the Security Evaluator to check the security:On the Linux computer with the 192.168.0.45 IP address.On the Linux computers in the IP address range of 192.168.0.60 through 192.168.0.69 Answer the questions.

Complete this lab as follows: Run a Security Evaluator report for 192.168.0.45.From the taskbar, open Security Evaluator.Next to Target: Local Machine, select the Target icon.Select IPv4 Address.Enter 192.168.0.45Select OK.Next to Status: No Results, select the Status Run/Rerun Security Evaluation icon.Review the results.In the top right, select Answer Questions.Answer Question 1. Run a Security Evaluator report for the IP address range of 192.168.0.60 through 192.168.0.69.From Security Evaluator, select the Target icon to select a new target.Select IPv4 Range.In the left field, type 192.168.0.60In the right field, type 192.168.0.69Select OK.Select the Status Run/Rerun Security Evaluation icon.Review the results.Answer Questions 2 and 3.Select Score Lab.

7.5.6 Manage Certificates You are the IT administrator for a growing corporate network. You manage the certification authority for your network. As part of your daily routine, you perform several certificate management tasks. CorpCA, the certification authority, is a guest server on CorpServer2. In this lab, your task is to complete the following: Your network uses smart cards to control access to sensitive computers. Currently, the approval process dictates that you manually approve smart card certificate requests.Approve pending certificate requests for smart card certificates from tsutton and mmallory. Deny the pending web server certificate request for CorpSrv12. User bchan lost his smartcard. Revoke the certificate assigned to bchan.CorpNet.com using the Key Compromise reason code. Unrevoke the CorpDev3 certificate.

Complete this lab as follows: Access Certification Authority on the CORPSERVER2 server.From Hyper-V Manager, select CORPSERVER2.Maximize the window for easier viewing.From the Virtual Machines pane, double-click CorpCA.From Server Manager's menu bar, select Tools > Certification Authority.Maximize the window for easier viewing.From the left pane, expand CorpCA-CA. Approve the pending certificate request for tsutton and mmallory.Select Pending Requests.From the right pane, scroll to the Request Common Name column.Right-click tsutton and select All Tasks > Issue to approve the certificate.Right-click mmallory and select All Tasks > Issue. Deny the pending request for CorpSrv12.Right-click CorpSrv12.CorpNet.com and select All Tasks > Deny.Select Yes. Revoke bchan's certificates.From the left pane, select Issued Certificates.From the right pane, right-click bchan.CorpNet.com and select All Tasks > Revoke Certificate.Using the Reason code drop-down menu list, select Key Compromise.Select Yes. Unrevoke the CorpDev3 certificate.From the left pane, select Revoked Certificates.From the right pane, right-click CorpDev3.CorpNet.com and select All Tasks > Unrevoke Certificate.

11.6.4 Poison ARP and Analyze with Wireshark You are the IT security administrator for a small corporate network. You believe a hacker has penetrated your network and is using ARP poisoning to infiltrate it. In this lab, your task is to discover whether ARP poisoning is taking place as follows: Use Wireshark to capture packets on the enp2s0 interface for five seconds. Analyze the Wireshark packets to determine whether ARP poisoning is taking place. Use the 192.168.0.2 IP address to help make your determination. Answer the questions.

Complete this lab as follows: Use Wireshark to capture packets on enp2s0.From the Favorites bar, select Wireshark.Maximize the window for easier viewing.Under Capture, select enp2s0. From the menu bar, select the blue fin to begin a Wireshark capture.After capturing packets for five seconds, select the red box to stop the Wireshark capture. Filter for only ARP packets.In the Apply a display filter field, type arp and press Enter to only show ARP packets.In the Info column, look for the lines containing the 192.168.0.2 IP address. Answer the questions.In the top right, select Answer Questions.Answer the questions.Select Score Lab.

4.3.6 Disable Inheritance Confidential personnel data is stored on the CorpFiles file server in a shared directory named Personnel. You need to configure NTFS permissions for this folder so that only managers are authorized to access it. In this lab, your task is to perform the following: Grant the Managers group the Full Control permission to the D:\Personnel folder. Remove all inherited permissions that are flowing to the D:\Personnel folder.

Complete this lab as follows: Open the Data (E:) drive.From the Windows taskbar, select File Explorer.From the left pane, expand and select This PC > Data (D:). Configure NTFS permissions.From the right pane, right-click Personnel and select Properties.Select the Security tab.Select Edit.Select Add.Enter Managers as the group that will receive permission to the folder.Click OK.With the Managers group selected, select the appropriate Full control.Click OK. Prevent inherited permissions from parent.On the Security tab, select Advanced.Select Disable inheritance.Select Remove all inherited permissions from this object.Click OK to close the Advanced Security Settings for Personnel dialog.Click OK to close the Properties dialog.

5.6.3 Configure URL Blocking You are the security analyst for a small corporate network. After monitoring your network, you have discovered that several employees are wasting time visiting non-productive and potentially malicious websites. As such, you have added pfBlockerNG to your pfSense device. You now need to configure this feature and add the required firewall rules that allow/block specific URLs and prevent all DNS traffic from leaving your LAN network. In this lab, your task is to: Sign in to pfSense using:Username: adminPassword: P@ssw0rd (zero) Create a firewall rule that blocks all DNS traffic leaving the LAN network. Create a firewall rule that allows all DNS traffic going to the LAN network. Use the following table for the two rules: ParameterSettingProtocolUDP (53)DescriptionsFor the block rule: Block DNS from LANFor the allow rule: Allow all DNS to LAN Arrange the firewall rules in the order that allows them to function properly. Enable and configure pfBlockerNG using the information in the following table: ParameterSettingDNSBL Virtual IP192.168.0.0Top-Level Domain (TLD) Blacklistfinancereports.cototalpad.comsalesscript.infoTop-Level Domain (TLD) Whitelist.www.google.com.play.google.com.drive.google.com

Complete this lab as follows: Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Create a firewall rule that blocks all DNS traffic coming from the LAN.From the pfSense menu bar, select Firewall > Rules.Under the Firewall breadcrumb, select LAN.Select Add (either one).Under Edit Firewall Rule, use the Action drop-down to select Block.Under Edit Firewall Rule, set Protocol to UDP.Under Source, use the drop-down menu to select LAN net.Under Destination, configure the Destination Port Range to use DNS (53) (for From and To).Under Extra Options, in the Description field, enter Block DNS from LAN.Select Save.Select Apply Changes. Create a firewall rule that allows all DNS traffic going to the LAN network.Select Add (either one).Under Edit Firewall Rule, set Protocol to UDP.Under Destination, use the drop-down menu to select LAN net.Configure the Destination Port Range to use DNS (53) (for From and To).Under Extra Options, in the Description field, enter Allow all DNS to LAN.Select Save.Select Apply Changes. Arrange the firewall rules in the order that allows them to function properly.Using drag-and-drop, move the rules to the following order (top to bottom):Anti-Lockout RuleAllow all DNS to LANBlock DNS from LANIn the simulated version of pfSense, you can only drag and drop the rules you created. You cannot drag and drop the default rule.Select Save.Select Apply Changes. Enable pfBlockerNG.From the pfSense menu bar, select Firewall > pfBlockerNG.Under General Settings, select Enable pfBlockerNG.Scroll to the bottom and select Save. Enable and configure DNS block lists.Under the Firewall breadcrumb, select DNSBL.Select Enable DNSBL.For DNSBL Virtual IP, enter 192.168.0.0.Scroll to the bottom and expand TLD Blacklist.Enter the following URLs in the TLD Blacklist box:financereports.cototalpad.comsalesscript.infoExpand TLD Whitelist and then enter the following URLs:.www.google.com.play.google.com.drive.google.comSelect Save.

6.7.6 Delete a User Terry Haslam (thaslam) was dismissed from the organization. His colleagues have harvested the files they need from his home and other directories. Your company security policy states that upon dismissal, users accounts should be removed in their entirety. In this lab, your task is to: Delete the thaslam user account and home directory from the system. When you're finished, view the /etc/passwd file and /home directory to verify the account's removal.

Complete this lab as follows: Delete the Terry Haslam account and home directory.At the prompt, type userdel -r thaslam and press Enter. Verify the account's removal.Type cat /etc/passwd and press Enter.Type ls /home and press Enter to verify that the account was removed.

10.4.12 Implement Data Execution Preventions You work as the IT security administrator for a small corporate network. You are configuring the computer in Office 1 to use Data Execution Prevention (DEP) for all programs and services. You have noticed that the accounting program used on some computers does not function well when DEP is enabled. In this lab, your task is to configure DEP as follows: Enable DEP for all files. Disable DEP for C:\Program Files (x86)\AccountWizard\AccountWizard.exe. Restart the computer to activate DEP. Start Lab

Complete this lab as follows: Access the Advanced system settings (System Properties).Right-click Start and then select System.From the left pane, select About.From the right pane, under Related settings, select System info.Select Advanced system settings to open the System Properties dialog. Configure Data Execution Prevention.From the Advanced tab, under Performance, select Settings.Select the Data Execution Prevention tab.Select Turn on DEP for all programs and services except those I select.Select Add.Open the C:\Program Files (x86)\AccountWizard folder.Select AccountWizard.exe.Select Open.Make sure AccountWizard.exe is selected and then select OK.Select OK to confirm that a system restart is needed.Select OK to close System Properties.Select Restart Now to restart the computer and activate DEP.

14.1.6 Enable Device Logs You are the IT security administrator for a small corporate network. You need to enable logging on the switch in the networking closet. In this lab, your task is to: Enable logging and the Syslog Aggregator. Configure RAM Memory Logging as follows:Emergency, Alert, and Critical: EnableError, Warning, Notice, Informational, and Debug: Disable Configure Flash Memory Logging as follows:Emergency and Alert: EnableCritical, Error, Warning, Notice, Informational, and Debug: Disable Copy the running configuration file to the startup configuration file using the following settings:Source File Name: Running configurationDestination File Name: Startup configuration

Complete this lab as follows: Access the Log Settings for the switch.From the left menu, expand Administration > System Log.Select Log Settings. Enable Logging and Syslog Aggregator.For Logging, mark Enable.For Syslog Aggregator, mark Enable. Configure RAM and Flash memory logging:Under RAM Memory Logging:Mark Emergency, Alert, and Critical.Clear Error, Warning, Notice, Informational, and Debug.Under Flash Memory Logging:Mark Emergency and Alert.Clear Critical, Error, Warning, Notice, Informational, and Debug. Select Apply. From the top menu bar, select Save. Under Copy/Save Configuration, select Apply. Select OK. Select Done.

7.4.3 Encrypt Files with EFS At work, you share a computer with other users. You want to secure the contents of the Finances folder so that unauthorized users cannot view its contents. In this lab, your task is to: Encrypt the D:\Finances folder and all of its contents. Add the Susan user account as an authorized user for the D:\Finances\2020report.xls file.

Complete this lab as follows: Open the D: drive.From the Windows taskbar, select File Explorer.From the left pane, select This PC.From the right pane, double-click Data (D:). Encrypt the Finances folder.Right-click Finances and then select Properties.Select Advanced.Select Encrypt contents to secure data and then select OK.Select OK to close the properties dialog.Select OK to confirm the attribute changes. Give Susan authorization to modify the 2020report.xls file.Double-click Finances.Right-click 2020report.xls and then select Properties.Select Advanced.Select Details.Select Add.Select Susan and then select OK.Select OK as many times as needed to close all remaining dialogs.

9.1.6 Create Virtual Machines You have installed Hyper-V on ITAdmin. You're experimenting with creating virtual machines. In this lab, your task is to create two virtual machines named VM1 and VM2. Use the following settings as specified for each machine: VM1: Virtual machine name: VM1 Virtual machine location: D:\HYPERV Generation: Generation 1 Startup memory: 1024 MB (do not use dynamic memory) Networking connection: External Virtual hard disk name: VM1.vhdx Virtual hard disk location: D:\HYPERV\Virtual Hard Disks Virtual hard disk size: 50 GB Operating system will be installed later VM2: Virtual machine name: VM2 Virtual machine location: D:\HYPERV Generation: Generation 1 Startup memory: 2048 MB (use dynamic memory) Networking connection: Internal Virtual hard disk name: VM2.vhdx Virtual hard disk location: D:\HYPERV\Virtual Hard Disks Virtual hard disk size: 250 GB Operating system will be installed later Minimum RAM: 512 MB Maximum RAM: 4096 MB

While completing this lab, use the following virtual machine (VM) specifications: VM1: Virtual machine name: VM1 Virtual machine location: D:\HYPERV Generation: Generation 1 Startup memory: 1024 MB (do not use dynamic memory) Networking connection: External Virtual hard disk name: VM1.vhdx Virtual hard disk location: D:\HYPERV\Virtual Hard Disks Virtual hard disk size: 50 GB Operating system will be installed later VM2: Virtual machine name: VM2 Virtual machine location: D:\HYPERV Generation: Generation 1 Startup memory: 2048 MB (use dynamic memory) Networking connection: Internal Virtual hard disk name: VM2.vhdx Virtual hard disk location: D:\HYPERV\Virtual Hard Disks Virtual hard disk size: 250 GB Operating system will be installed later Minimum RAM: 512 MB Maximum RAM: 4096 MB Complete this lab as follows: Access the Hyper-V Manager.Select Start.Expand Windows Administrative Tools and then select Hyper-V Manager. Create virtual machines on ITAdmin.Use all default settings unless directed otherwise.Right-click ITADMIN and then select New > Virtual Machine.From the Before You Begin dialog, select Next.In the Name field, enter VM_name and then select Next.Make sure Generation 1 is selected and then select Next.In the Startup memory field, enter size.Set the Use Dynamic Memory for this virtual machine appropriately and then select Next.Use the Connection drop-down menu to select connection_type and then select Next.In the Size field, enter disk_size and then select Next.Make sure Install an operating system later is selected and then select Next.Review your configuration and then select Finish to create the virtual machine.Repeat step 2 to created the second virtual machine. Adjust virtual machine memory for VM2.From the Hyper-V Manager, under Virtual Machines, right-click VM2 and select Settings.From the left pane, select Memory.In the Minimum RAM field, enter 512.In the Maximum RAM field, enter 4096.Select OK.

6.7.7 Change Your Password You use a special user account called Administrator to log on to your computer. However, you think someone has learned your password. You are logged on as Administrator. In this lab, your task is to change your password to r8ting4str. The current Administrator account uses 7hevn9jan as the password.

Complete this lab as follows: Change your password.At the prompt, type passwd and press Enter.When prompted, enter 7hevn9jan and press Enter. This is the current password.At the New password prompt, enter r8ting4str and press Enter.Retype r8ting4str as the new password and press Enter.

10.1.5 Allow SSL Connections You are the IT security administrator for a small corporate network. You currently run a website on the CorpWeb server. You want to allow SSL connections to this website. In this lab, your task is to add a binding to the CorpNet website using the following settings: Website: www.corpnet.xyz Protocol: HTTPS Port: 443 SSL certificate: www.corpnet.xyz Start Lab Last Score Report

Complete this lab as follows: Open the IIS Manager to the CorpNet.xyz site.From the Server Manager's menu bar, select Tools > Internet Information Services (IIS) Manager.Expand CorpWeb(CorpNet.com\Administrator) > Sites.Select CorpNet.xyz. Add a binding to the CorpNet website.From the Actions pane (far right), select Bindings.Select Add.Using the Type drop-down menu, select HTTPS.Make sure the port is set to 443.Using the SSL certificate drop-down menu, select www.CorpNet.xyz and then select OK.Select Close.

7.4.8 Configure BitLocker with a TPM You work as the IT security administrator for a small corporate network. The employee in Office 1 is working on a very sensitive project. Management is concerned that if the hard drive in the computer were stolen, sensitive information could be compromised. As a result, you have been asked to encrypt the entire System volume. The Office1 computer has a built-in TPM on the motherboard. In this lab, your task is to configure BitLocker drive encryption as follows: From within the computer's BIOS, turn on and activate TPM Security. From Windows, turn on BitLocker for the System (C:) drive. Back up the recovery key to the \\CorpServer\BU-Office1 folder. Encrypt the entire System (C:) drive. Use the new encryption mode. Run the BitLocker system check.

Complete this lab as follows: (Optional) Try to enable BitLocker.From the search field on the Windows taskbar, type Control.From Best match, select Control Panel.Select System and Security.From the right pane, select BitLocker Drive Encryption.Under Operating system drive, select Turn on BitLocker.An error message at the bottom of the screen indicates that a TPM security device was not found.Select Cancel. Access the BIOS settings.Right-click the Start menu and then select Shut down or sign out > Restart to reboot your computer.When the TestOut logo appears, press Delete to enter the BIOS. Turn on and activate the TPM.From the left pane, expand and select Security > TPM Security.From the right pane, select TPM Security and then select Apply.Select Activate and then select Apply.Select Exit.Your computer will automatically reboot. Turn BitLocker on.From the search field on the Windows taskbar, type Control.From Best match, select Control Panel.Select System and Security.Select BitLocker Drive Encryption.Under Operating system drive, select Turn on BitLocker. Windows begins the Drive Encryption setup. Back up a BitLocker recovery key.Select Save to a file.In the left pane, expand and select Network > CorpServer > BU-Office1.Select Save.Select Next. Configure BitLocker encryption.Select Encrypt entire drive and then select Next.Make sure that New encryption mode is selected and then select Next.Select Run BitLocker system check and then select Continue.Select Restart now.The computer will reboot, and the encryption process will run automatically.When the encryption process is complete, select Close. Verify that encryption is enabled.From the Windows taskbar, select File Explorer.From the left pane, select This PC.From the right pane, verify that the System (C:) drive shows the encryption lock icon.

4.2.5 Configure Automatic Updates You need to customize how Windows Update checks for and installs updates on the ITAdmin desktop system. In this lab, your task is to: Configure Windows Update to:Install updates for other Microsoft products when Windows is updated.Allow the installation of feature updates to be deferred 60 days.Allow quality updates to be deferred 30 days. Configure Windows to automatically download manufacturers' apps and custom icons for devices.

Complete this lab as follows: Configure the Windows Update settings.Right-click Start and then select Settings.Select Update & Security.From the right pane, select Advanced options.Under Update Options, turn on Receive updates for other Microsoft products when you update Windows by sliding the switch to On.Under Choose when updates are installed, configure each option as follows:A feature update includes new capabilities and improvements. It can be deferred for 60 days.A quality update includes security improvements. It can be deferred for this many days: 30Close the Settings window. Configure Windows to automatically download the manufacture's apps and custom icons.In the search field on the Windows taskbar, type Control.From Best match, select Control Panel.Select System and Security.Select System.From the left pane, select Advanced system settings.Select the Hardware tab.Select Device Installation Settings.Select Yes and then select Save Changes.Select OK.

6.8.3 Rename and Create Groups Currently, all the salespeople in your company belong to a group called sales. The VP of sales wants two sales groups, a western sales division and an eastern sales division. In this lab, your task is to: Rename the sales group to western_sales_division. Create the eastern_sales_division group. Remove aespinoza as a member of the western_sales_division group. Assign aespinoza as a member of the eastern_sales_division group. When you're finished, view the /etc/group file or use the groups command to verify the changes.

Complete this lab as follows: Rename the sales group western_sales_division and create the eastern_sales_division group.At the prompt, type groupmod -n western_sales_division sales and press Enter.Type groupadd eastern_sales_division and press Enter. Modify the group membership as needed.Type usermod -G eastern_sales_division aespinoza and press Enter.When you assign aespinoza to the eastern_sales_division group using the usermod -G option, the user account is removed from the western_sales_division group. Use cat /etc/group or groups aespinoza to verify aespinoza's group membership.

6.5.5 Create OUs You are the IT administrator for a small corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. Now you need to create an Active Directory organizational unit (OU) structure based on the company's departmental structure. In this lab, your task is to create the following organizational units (OUs) on the CorpDC server and ensure that each is protected from accidental deletion as follows: Beneath the CorpNet.local domain, create the following OUs:AccountingAdminsMarketingResearch-DevServersSupportWorkstationsSales Within the Sales OU, create the following OUs:SalesManagersTempSales

While completing this lab, use the following information: Beneath the CorpNet.local domain, create the following OUs:AccountingAdminsMarketingResearch-DevServersSupportWorkstationsSales Beneath the Sales OU, create the following OUs:SalesManagersTempSales Complete this lab as follows: Access the CorpDC server.From the left pane of Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC. Create the Active Directory organizational units (OUs) beneath the CorpNet.local domain.From Server Manager's menu bar, select Tools > Active Directory Users and Computers.From the left pane, right-click CorpNet.local and then select New > Organizational Unit.You can also create OUs by selecting the Create a new organizational unit in the current container icon () located in the Active Directory Users and Computers ribbon.Enter the name of the OU to be created.Ensure that Protect container from accidental deletion is selected and then select OK.Repeat steps 2b - 2d until all the required domain OUs are created. Create the OUs within the Sales OU.From the left pane, select CorpNet.local > Sales.From the menu bar, select the Create a new organizational unit in the current container icon.Enter the name of the OU to be created.Ensure that Protect container from accidental deletion is selected and then select OK.Repeat steps 3a - 3d to create the remaining OU.

6.5.14 Create Global Groups You are the IT Administrator for the CorpNet.local domain. You are in the process of implementing a group strategy for your network. You have decided to create global groups as shadow groups for specific departments in your organization. Each global group will contain all users in the corresponding department. In this lab, your task is to: Create the following global security groups on the CorpDC server in their corresponding OUs:OU CreationLocationNew Group NameAccountingAccountingResearch-DevResearch-DevSalesSales Add all user accounts in the corresponding OUs and sub-OUs as members of the newly created groups.

While completing this lab, use the following information: OU CreationLocationNew Group NameAccountingAccountingResearch-DevResearch-DevSalesSales Complete this lab as follows: Access Active Directory Users and Computers on the CorpDC server.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC.From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing.From the left pane, expand CorpNet.local. Create the groups.Right-click the OU where the new group is to be added and select New > Group.In the Group name field, enter the name of the group.Make sure the Global Group scope is selected.Make sure the Security Group type is selected.Click OK. Add users to groups.In the right pane, right-click the user account(s) and select Add to a group. (Use the Ctrl or Shift keys to select and add multiple user accounts to a group at one time.)In the Enter the object names to select field, enter the name of the group.Select Check Names and verify that the object name was found.Click OK to accept the groups added.Click OK to acknowledge the change.If a sub-OU with users exist, double-click on the sub-OU and then repeat step 3. Do this for each sub-group. Repeat steps 2 - 3 for additional groups and users.

10.3.10 Clear the Browser Cache You use Google Chrome as your web browser on the desktop computer in your dorm room. You are concerned about privacy and security while surfing the web. You are also concerned about exploits that harvest data from your Google Chrome browsing history. In this lab, your task is to delete the following items from your Google Chrome browser history for all time: Browsing history Download history Cookies and other site data Cached images and files Hosted app data

Complete this lab as follows: Delete all items from your Google Chrome history.From the Windows taskbar, select Google Chrome.In the upper right, select the ellipsis (three dots) and then select History > History.Maximize the window for easier viewing.Select Clear browsing data.Select Advanced.For the Time range field, use the drop-down menu to select All time.Make sure the following items are checked:Browsing historyDownload historyCookies and other site dataCached images and filesHosted app dataSelect Clear data.

11.6.8 Analyze a SYN Flood Attack You are the CorpNet IT administrator. Your support team says that CorpNet's customers are unable to browse to the public-facing web server. You suspect that it might be under some sort of denial-of-service attack, possibly a TCP-SYN flood attack. Your www_stage computer is on the same network segment as your web server, so you should use this computer to investigate the problem. In this lab, your task is to: Capture packets from the network segment on www_stage using Wireshark.Use the enp2s0 interface. Analyze the attack using the following filters:tcp.flags.syn==1 and tcp.flags.ack==1tcp.flags.syn==1 and tcp.flags.ack==0 Answer the question.

Complete this lab as follows: Using Wireshark, only capture packets containing both the SYN flag and ACK flags.From the Favorites bar, select Wireshark.Under Capture, select enp2s0.From the menu, select the blue fin to begin the capture.In the Apply a display filter field, type tcp.flags.syn==1 and tcp.flags.ack==1 and press Enter to filter Wireshark to display only those packets with both the SYN flag and ACK flag.You may have to wait up to a minute before any SYN-ACK packets are captured and displayed.Select the red square to stop the capture. Change the filter to only display packets with the SYN flag.In the Apply a display filter field, change the tcp.flags.ack ending from the number 1 to the number 0 and press Enter.Notice that there are a flood of SYN packets being sent to 198.28.1.1 (www.corpnet.xyz) that are not being acknowledged.In the top right, select Answer Questions.Answer the question.Select Score Lab

11.7.7 Crack a Password with John the Ripper You are the IT security administrator for a small corporate network. You've received a zip file that contains sensitive password-protected files. You need to access these files. The zip file is located in the home directory. In this lab, your task is to use John the Ripper to: Crack the root password on the Linux computer named Support. Crack the password of the protected.zip file located in the home directory on IT-Laptop. After John the Ripper cracks the password, it won't crack it again. The results are stored in the john.pot file

Complete this lab as follows: View the current John the Ripper password file.From the Favorites bar, select Terminal.At the prompt, type cd /usr/share/john and press Enter.Type ls and press Enter.Type cat password.lst and press Enter to view the password list.Type cd and press Enter to go back to the root. Crack the root password on the Support computer.Type john /etc/shadow and press Enter. The password is shown. Can you find it?Type john /etc/shadow and press Enter to attempt to crack the Linux passwords again.Notice that it does not attempt to crack the password again. The cracked password is already stored in the john.pot file.Use alternate methods of viewing the previously cracked password.Type john /etc/shadow --show and press Enter.Type cat ./.john/john.pot and press Enter to view the contents of the john.pot file.In the top right, select Answer Questions and then answer question 1. Open a terminal on the IT-Laptop.From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select IT-Laptop.From the Favorites bar, select Terminal. Export the contents of the protected.zip file to a text file.At the prompt, type ls and press Enter.Notice the protected.zip file you wish to crack.Type zip2john protected.zip > ziphash.txt and press Enter.Type cat ziphash.txt and press Enter to confirm that the hashes have been copied. Using the text file, crack the password of the protected.zip file.Type john --format=pkzip ziphash.txt and press Enter to crack the password.The password is shown. Can you find it?Type john ziphash.txt --show and press Enter to show the previously cracked password.In the top right, select Answer Questions.In the top right, select Answer Questions and then answer Question 2.Select Score Lab.

5.11.9 Harden a Switch You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the networking closet. The following table lists the used and unused ports: Unused PortsUsed PortsGE2GE7GE9-GE20GE25GE27-GE28GE1GE3-GE6GE8GE21-GE24GE26 In this lab, your task is to: Shut down the unused ports. Configure the following Port Security settings for the used ports:Interface Status: LockLearning Mode: Classic LockAction on Violation: Discard

While completing this lab, use the following information: Unused PortsUsed PortsGE2GE7GE9-GE20GE25GE27-GE28GE1GE3-GE6GE8GE21-GE24GE26 Complete this lab as follows: Shut down the unused ports.Under Initial Setup, select Configure Port Settings.Select the GE2 port.Scroll down and select Edit.Under Administrative Status, select Down.Scroll down and select Apply.Select Close.With the GE2 port selected, scroll down and select Copy Settings.In the Copy configuration field, enter the remaining unused ports.Select Apply.From the Port Setting Table, in the Port Status column, you can see that all the ports are down now. Configure the Port Security settings.From the left menu, expand Security.Select Port Security.Select the GE1 port.Scroll down and select Edit.Under Interface Status, select Lock.Under Learning Mode, make sure Classic Lock is selected.Under Action on Violation, make sure Discard is selected.Select Apply.Select Close.Scroll down and select Copy Settings.Enter the remaining used portsSelect Apply.

6.5.11 Create User Accounts You are the IT administrator for a small corporate network. You recently added an Active Directory domain to the CorpDC server to manage network resources centrally. You now need to add user accounts in the domain. In this lab, your task is to create the following user accounts on CorpDC: UserJob RoleDepartmental OUJuan SuarezMarketing managerMarketing\MarketingManagersSusan SmithPermanent sales employeeSales\PermSalesMark BurnesSales managerSales\SalesManagersBorey ChanTemporary sales employeeSales\TempSales Use the following user account naming standards and specifications as you create each account: Create the user account in the departmental OU corresponding to the employee's job role. User account name: First name + Last name Logon name: firstinitial + lastname with @CorpNet.local as the domain Original password: asdf1234$ (must change after the first logon) Configure the following for the temporary sales employee:Limit the logon hours to allow logon only from 8:00 a.m. to 5:00 p.m., Monday through Friday.Set the user account to expire on December 31st of the current yea

Use the following user account specifications as you create each account. UserJob RoleDepartmental OUJuan SuarezMarketing managerMarketing\MarketingManagersSusan SmithPermanent sales employeeSales\PermSalesMark BurnesSales managerSales\SalesManagersBorey ChanTemporary sales employeeSales\TempSales Complete this lab as follows: Access Active Directory Users and Computers on the CorpDC server.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC.From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing. Create the domain user accounts.From the left pane, expand CorpNet.local.Browse to the appropriate OU.Right-click the OU and select New > User.In the First name field, enter the user's first name.In the Last name field, enter the user's last name.In the User logon name field, enter the user's logon name which should be the first letter of the user's first name together with their last name. (e.g. jsuarez)The domain, @CorpNet.local, is appended automatically to the end of the logon name.Click Next.Select Next.In the Password field, enter asdf1234$.In the Confirm password field, enter asdf1234$.Make sure User must change password at next logon is selected and then click Next.Select Finish to create the object.Repeat steps 3e-3m to create the additional users. Modify user account restrictions for the temporary sales employee.Right-click Borey Chan and select Properties.Select the Account tab.Select Logon hours.From the Logon Hours dialog, select Logon Denied to clear the allowed logon hours.Select the time range of 8:00 a.m. to 5:00 p.m., Monday through Friday.Select Logon Permitted to allow logon.Select OK.Under Account expires, select End of.In the End of field, use the drop-down calendar to select 31 December of the current year.Select OK.

5.5.4 Configure a Remote Access VPN You work as the IT security administrator for a small corporate network. Occasionally, you and your co-administrators need to access internal resources when you are away from the office. You would like to set up a Remote Access VPN using pfSense to allow secure access. In this lab, your task is to use the pfSense wizard to create and configure an OpenVPN Remote Access server using the following guidelines: Sign in to pfSense using:Username: adminPassword: P@ssw0rd (zero) Create a new certificate authority certificate using the following settings:Name: CorpNet-CACountry Code: GBState: CambridgeshireCity: WoodwaltonOrganization: CorpNet Create a new server certificate using the following settings:Name: CorpNetCountry Code: GBState: CambridgeshireCity: Woodwalton Configure the VPN server using the following settings:Interface: WANProtocol: UDP on IPv4 onlyDescription: CorpNet-VPNTunnel network IP: 198.28.20.0/24Local network IP: 198.28.56.18/24Concurrent Connections: 4DNS Server 1: 198.28.56.1 Configure the following:A firewall ruleAn OpenVPN rule Set the OpenVPN server just created to Remote Access (User Auth). Create and configure the following standard remote VPN users:UsernamePasswordFull NameblindleyL3tM31nNowBrian LindleyjphillipsL3tM31nTooJacob Phillips

While completing this lab, use the following information: Create and configure the following standard remote VPN users:UsernamePasswordFull NameblindleyL3tM31nNowBrian LindleyjphillipsL3tM31nTooJacob Phillips Complete this lab as follows: Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Start the VPN wizard and select the authentication backend type.From the pfSense menu bar, select VPN > OpenVPN.From the breadcrumb, select Wizards.Under Select an Authentication Backend Type, make sure Local User Access is selected.Select Next. Create a new certificate authority certificate.For Descriptive Name, enter CorpNet-CA.For Country Code, enter GB.For State, enter Cambridgeshire.For City, enter Woodwalton.For Organization, enter CorpNet.Select Add new CA. Create a new server certificate.For Descriptive Name, enter CorpNet.Verify that all of the previous changes (Country Code, State/Providence, and City) are the same.Use all other default settings.Select Create new Certificate. Configure the VPN server.Under General OpenVPN Server Information:Use the Interface drop-down menu to select WAN.Verify that the Protocol is set to UDP on IPv4 only.For Description, enter CorpNet-VPN.Under Tunnel Settings:For Tunnel Network, enter 198.28.20.0/24.For Local Network, enter 198.28.56.18/24.For Concurrent Connections, enter 4.Under Client Settings, in DNS Server1, enter 198.28.56.1.Select Next. Configure the firewall rules.Under Traffic from clients to server, select Firewall Rule.Under Traffic from clients through VPN, select OpenVPN rule.Select Next.Select Finish. Set the OpenVPN server just created to Remote Access (User Auth).For the WAN interface, select the Edit Server icon (pencil).For Server mode, use the drop-down and select Remote Access (User Auth).Scroll to the bottom and select Save. Configure the following Standard VPN users.From the pfSense menu bar, select System > User Manager.Select Add.Configure the User Properties as follows:Username: UsernamePassword: PasswordFull name: FullnameScroll to the bottom and select Save.Repeat steps 8b-8d to created the remaining VPN users.

7.3.5 Compare an MD5 Hash You are the IT administrator at a small corporate office. You just downloaded a new release for a program you use. You need to make sure the file was not altered before you received it. Another file containing the original file hash was also downloaded. Both files are located in the C:\Downloads folder. In this lab, your task is to use MD5 hash files to confirm that the Release.zip file was unaltered. From Windows PowerShell: Generate a file hash for the new Release.zip file. View the hash of the original file stored in the release821hash.txt file. Use the following command to compare the original hash of the Release.zip file to its calculated hash to see if they match:"new hash" -eq "known hash"You can highlight text in PowerShell and right-click it to copy the text to the active line. If using Chromebooks, highlight the desired hash amount and then click on the touchpad using 2 fingers to copy and paste the value. Answer the question.

Complete this lab as follows: View the files in the C:\Downloads folder.Right-click Start and select Windows PowerShell (Admin).At the prompt, type cd C:\downloads and press Enter to navigate to the directory that contains the files.Type dir and press Enter to view the available files. Confirm that the Release.zip file is unaltered.Type get-filehash Release.zip -a md5 and press Enter to view the MD5 hash.Type get-content release821hash.txt and press Enter to view the known hash contained in the .txt file.Type "new hash" -eq "known hash" and press Enter to determine whether the file hashes match.The new hash is the hash generated by the get-filehash file_name -a md5 command.The known hash is the hash generated by the get-content file_name.txt command.Include the quotation marks and the file extensions with the file names in the commands. Answer the question.In the top right, select Answer Questions.Answer the question.Select Score Lab.

6.6.4 Configure Account Password Policies You have been asked to perform administrative tasks for a computer that is not a member of a domain. To increase security and prevent unauthorized access to the computer, you need to configure specific password and account lockout policies. In this lab, your task is to use the Local Security Policy to configure the following password and account lockout policies: Configure password settings so that the user must:Cycle through 10 passwords before reusing an old one.Change the password every 90 days.Keep the password at least 14 days.Create a password at least eight characters long.Create a password that meets complexity requirements, such as using uppercase letters, lowercase letters, numbers, or symbols. Configure the account lockout policy to: Lock out any user who enters five incorrect passwords. Unlock an account automatically after 60 minutes. Configure the number of minutes that must elapse after a failed logon attempt to 10 minutes.

In this lab, your task is to edit the Local Security Policy and configure settings as follows: Policy LocationPolicySettingAccount Policies/Password PolicyEnforce password history10Maximum password age90Minimum password age14Minimum password length8Passwords must meet complexity requirementsEnabledAccount Policies/Account Lockout PolicyAccount lockout threshold5Account lockout duration60Reset account lockout counter after10 Complete this lab as follows: Using Windows Administrative Tools, access the Local Security Policy.Select Start.Locate and expand Windows Administrative Tools.Select Local Security Policy.Maximize the window for easier viewing. Configure the password policies.From the left pane, expand Account Policies and then select Password Policy.From the center pane, expand the Policy column.Double-click the policy to be configured.Configure the policy settings.Click OK.Repeat steps 2c-2e to configure the additional password policies. Configure the account lockout policies.From the left pane, select Account Lockout Policy.From the center pane, expand the Policy column.Double-click the policy to be configured.Configure the policy settings (if needed, answer any prompts shown).Click OK.Repeat steps 3c-3e to configure the additional lockout policies.

6.5.6 Delete OUs You are the IT administrator for a corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. You have created an Active Directory structure based on the company's departmental structure. While creating the structure, you added a Workstations OU in each of the departmental OUs. After further thought, you decide to use one Workstations OU for the entire company. As a result, you need to delete the departmental Workstations OUs. In this lab, your task is to delete the following OUs on CorpDC: Within the Marketing OU, delete the Workstations OU. Within the Research-Dev OU, delete the Workstations OU. Within the Sales OU, delete the Workstations OU.

To complete this lab, you need to delete the following OUs on CorpDC: Within the Marketing OU, delete the Workstations OU. Within the Research-Dev OU, delete the Workstations OU. Within the Sales OU, delete the Workstations OU. Complete this lab as follows: Access the CorpDC server.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC. Delete the applicable OUs.From Server Manager, select Tools > Active Directory Users and Computers.Select View > Advanced Features.This enables the Advanced feature, allowing you to disable the OU from accidental deletion.From the left pane, expand CorpNet.local > the_parent OU.Right-click the OU that needs to be deleted and then select Properties.Select the Object tab.Clear Protect object from accidental deletion and then select OK.Right-click the OU to be deleted and then click Delete.Click Yes to confirm the OU's deletion.Repeat steps 2c - 2h to delete the remaining OUs. From the Active Directory Users and Computers menu bar, select View > Advanced Features to turn off the Advanced Features view.

11.4.7 Scan for Windows Vulnerabilities You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Mary is the primary administrator for the network and the only person authorized to perform local administrative actions. The company network security policy requires complex passwords for all users. It is also required that Windows Firewall is enabled on all workstations. Sharing personal files is not allowed. In this lab, your task is to: Run a vulnerability scan for the Office2 workstation using the Security Evaluator. A shortcut is located on the taskbar. Remediate the vulnerabilities found in the vulnerability report for Office2. Re-run a vulnerability scan to make sure all of the issues are resolved.

Complete this lab as follows. Run a Security Evaluator report.From the taskbar, open Security Evaluator.Next to Target Local Machine, select the Target icon to select a new target.Select Workstation.From the Workstation drop-down list, select Office2 as the target.Select OK.Next to Status, select the Run/Rerun Security Evaluation icon.Review the results to determine which issues you need to resolve on Office2. Access local users using Office2's Computer Management console.From the top navigation tabs, select Floor 1.Under Office 2, select Office2.From Office2, right-click Start and select Computer Management.Expand and select Local Users and Groups > Users. Rename a user account.Right-click Administrator and select Rename.Enter a new name of your choice and press Enter. Disable the Guest account.Right-click Guest and select Properties.Select Account is disabled and then select OK. Set a new password for Mary.Right-click Mary and select Set Password.Select Proceed.Enter a new password of your choice (12 characters or more).Confirm the new password and then select OK.Select OK.Ideally, you should have created a policy that requires passwords with 12 characters or more. Configure Mary's password to expire and to change at next logon.Right-click Mary and select Properties.Clear Password never expires.Select User must change password at next logon and then select OK. Unlock Susan's account and remove her from the Administrators group.Right-click Susan and select Properties.Clear Account is locked out and then select Apply.Select the Member of tab.Select Administrators.Select Remove.Select OK.Close Computer Management. Enable Windows Firewall for all profiles.Right-click Start and then select Settings.Select Network & Internet.From the right pane, scroll down and select Windows Firewall.Under Domain network, select Turn on.Under Private network, select Turn on.Under Public network, select Turn on.Close all open Windows. Remove a file share.From the taskbar, select File Explorer.From the left pane, select This PC.From the right pane, double-click Local Disk (C:).Right-click MyMusic and select Properties.Select the Sharing tab.Select Advanced Sharing.Clear Share this folder.Select OK.Select OK. Use the Security Evaluator feature to verify that all of the issues on the ITAdmin computer were resolved.From the top navigation tabs, select Floor 1.Under IT Administration, select ITAdmin.From Security Evaluator, select the Run/Rerun Security Evaluation icon to rerun the security evaluation.If you still see unresolved issues, select Floor 1, navigate to the Office2 workstation and remediate any remaining issues.

2.2.6 Configure Microsoft Defender You recognize that the threat of malware is increasing. As such, you would like to use Windows Virus & Threat Protection to protect your computer from malware. In this lab, your task is to enable and configure Windows Virus & Threat Protection as follows: 1. Add a file exclusion for D:\Graphics\cat.jpg. 2. Add a process exclusion for welcome.scr. 3. Locate the current threat definition version number. 4. Answer Question 1. 5. Check for updates. 6. Answer Question 2. Perform a quick scan

Complete this lab as follows: 1. Access the Virus & threat protection options. a. Right-click Start; then select Settings. b. Select Update & Security. c. From the left pane, select Windows Security. d. Select Virus & threat protection. 2. Add a file exclusion for D:\Graphics\cat.jpg. a. Under Virus & threat protection settings, select Manage settings. b. Scroll down to Exclusions and then select Add or remove exclusions. c. Select Add an exclusion; then select File. d. From the left pane, browse to and select Data (D:) > Graphics > cat.jpg, and then select Open. 3. Add a process exclusion for welcome.scr. a. From the Exclusions dialog, select Add an exclusion; then select Process. b. In the Enter process name field, type welcome.scr; then select Add. 4. Check for protection updates. a. In the top left, select the back arrow twice to return to the Virus & threat protection page. b. Scroll down to Virus & threat protection updates and then select Check for updates to access the Protection updates page. c. In the top right, select Answer Questions. d. Answer Question 1. e. Select Check for updates. f. Answer Question 2. 5. Perform a quick virus scan. a. In the top left of the Windows Security dialog, select the back arrow to return to the Virus & threat protection page. b. Select Quick scan. c. Wait for the scan to complete. 6. From the Lab Questions dialog, select Score Lab.

6.5.12 Manage User Accounts You are the IT administrator for a small corporate network. You recently added an Active Directory domain on the CorpDC server to manage network resources centrally. Organizational units in the domain represent departments. User and computer accounts are in their respective departmental OUs. Over the past few days, several personnel changes have occurred that require changes to user accounts. In this lab, your task is to use the following information to make the necessary user account changes on CorpDC: Mary Barnes from the Accounting Department has forgotten her password, and now her account is locked.Unlock the account.Reset the password to asdf1234$.Require a password change at the next logon. Mark Woods has been fired from the accounting department. Disable his account. Pat Benton is returning to the Research-Dev department from maternity leave. Her account is disabled to prevent logon. Enable her account. Andrea Simmons from the Research-Dev department has recently married.Rename the account Andrea Socko.Change the last name to Socko.Change the display name to Andrea Socko.Change the user logon and the pre-Windows 2000 user logon name to asocko. For all users in the Support OU (but not the SupportManagers OU), allow logon only to the Support computer.

Complete this lab as follows: Access Active Directory Users and Computers on the CorpDC server.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC.From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing. From the left pane, expand CorpNet.local. Unlock the Mary Barnes account.From the left pane, select Accounting.Right-click Mary Barnes and select Reset Password.In the New password field, enter asdf1234$.In the Confirm password field, enter asdf1234$.Make sure User must change password at next logon is selected.Make sure Unlock the user's account is selected.Select OK.Select OK to confirm the changed. Disable the Mark Woods account.From the right pane, right-click Mark Woods and select Disable Account.Select OK to confirm the change. Enable Pat Benton's account.From the left pane, select Research-Dev.From the right pane, right-click Pat Benton and select Enable Account.Select OK to confirm the change. Rename the Andrea Simmons account.Right-click Andrea Simmons and select Rename.Enter Andrea Socko and press Enter. This opens the Rename User dialog.In the Last name field, enter Socko.In the User logon name field, replace the old name with asocko.Select OK. Configure user account restrictions.From the left pane, select Support.From the right pane, press Ctrl and select both the Tom Plask and Janice Rons users to edit multiple users at the same time.In Safari, press Command and select each user.Right-click the user accounts and select Properties.Select the Account tab.Select Computer restrictions.Select Log On To.Select The following computers.In the Computer name field, type Support.Select Add.Select OK.Select OK.

6.5.13 Create a Group You are the IT administrator for the CorpNet domain. You have decided to use groups to simplify the administration of access control lists. Specifically, you want to create a group containing the department managers. In this lab, your task is to use Active Directory Users and Computers to complete the following actions on the CorpDC server: In the Users container, create a group named Managers. Configure the group as follows:Group scope: GlobalGroup type: Security Make the following users members of the Managers group: Organization UnitUsernameAccountingMark WoodsResearch-DevPat BentonMarketing\MarketingManagersJuan SuarezResearch-Dev\ResearchManagersArlene KimblySales\SalesManagersMark BurnesSupport\SupportManagersShelly Emery

Complete this lab as follows: Access Active Directory Users and Computers on the CorpDC server.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC.From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing. In the Users container, create a group named Managers.From the left pane, expand and select CorpNet.local > Users.Right-click the Users container and select New > Group.You can also create a new group by selecting the Create a new group in the current container icon found in the ribbon.In the Group name field, enter Managers.A pre-Windows 2000 group name is created automatically, but it can be changed.Under Group scope, make sure Global is selected.Under Group type, make sure Security is selected and select OK. Add user accounts to the Managers group.From the left pane, ensure that the Users container is still selected.From the right pane, right-click Managers and select Properties.Select the Members tab.Select Add.In the Enter the object names to select field, enter all the usernames. Use a semicolon to separate each name.Example: Steve Hoffer; Peter Williams; Princess DianaSelect Check Names.Select OK to add the users and close the dialog.Select OK to close the Managers Properties dialog.You can also add individ

9.8.6 Create a Guest Network for BYOD You are a network technician for a small corporate network. You need to enable BYOD Guest Access Services on your network for guests and employees that have mobile phones, tablets, and personal computers. In this lab, your task is to perform the following: Access the Wireless Controller console through Google Chrome on http://192.168.0.6.Username: admin (case sensitive)password: password Set up Guest Access Services using the following parameters:Name: Guest_BYODAuthentication: Use guest pass authenticationThe guest should be presented with your terms of use statement and then allowed to go to the URL he or she was trying to access.Verify that 192.168.0.0/16 is on the list of restricted subnets. Create a guest WLAN using the following parameters:Network name: GuestESSID: Guest_BYODType: Guest AccessAuthentication: OpenEncryption Method: NoneGuest Access Service: Guest_BYODIsolate guest wireless clients from other clients on the access point. Open a new Google Chrome window and request a guest pass using the BYODAdmin user as follows:URL: 192.168.0.6/guestpassUsername: BYODAdmin (case sensitive)Password: P@ssw0rd (0 is a zero)Use any full name in the Full Name field.Make a note of or copy and paste the key in the Key field. Use the key from the guest pass request to authenticate to the wireless LAN Guest_BYOD from the Gst-Lap laptop computer in the Lobby.

Complete this lab as follows: Access and log into the Ruckus ZoneDirector.From the taskbar, select Google Chrome.In the URL field, enter 192.168.0.6 and then press Enter.Maximize the window for easier viewing.In the Admin field, enter admin (case sensitive).In the Password field, enter password as the password.Select Login. Set up Guest Access Services.Select the Configure tab.From the left menu, select Guest Access.Under Guest Access Service, select Create New.Change the Name field to Guest_BYOD.For Terms of Use, select Show terms of use.Expand Restricted Subnet Access.Verify that 192.168.0.0/16 is listed.Select OK. Create a Guest WLAN.From the left menu, select WLANs.Under WLANs, select Create New.Change the Name to Guest.Change the ESSID to Guest_BYOD.Under Type, select Guest Access.For Wireless Client Isolation, select Isolate wireless client traffic from other clients on the same AP.Select OK.Close Google Chrome. Request a Guest password.Open a new Google Chrome browser window.In the URL field, enter 192.168.0.6/guestpass and then press Enter.Maximize the window for easier viewing.In the Username field, enter BYODAdmin (case sensitive).Enter P@ssw0rd as the password (0 is a zero).Select Log In.In the Full Name field, enter any full name.In the Key field, highlight the key and press Ctrl + C to copy the key.Select Next. Access the wireless Guest Access Service from the guest laptop in the lobby.From the top menu, select Floor 1.Select Gst-Lap in the lobby.In the notification area, select the Network icon.Select Guest_BYOD.Select Connect.Select Yes.After Internet Explorer opens to the Guest Access login page, paste the key from the Key field.Select Log In.

10.4.10 Implement Application Whitelisting with AppLocker You are the IT security administrator for a small corporate network. You are increasing network security by implementing application whitelisting. Your first step is to prevent applications not located in the operating system directory or the program files directory from running on your computers. In addition, the call center application used by the support team runs from C:\CallCenter\CallStart.exe and must be allowed to run. You also want any future versions of the call center application to run without changing any settings. In this lab, your task is to configure AppLocker in the default domain policy as follows: Create the default rules.Allow all files located in the Program Files folder.Allow all files located in the Windows folder. Allow the Support group to run the call center software found in C:\CallCenter\CallStart.exe. Configure a publisher rule to allow future updates from the same vendor.

Complete this lab as follows: Access the CorpNet.local domain under Group Policy Management.From Server Manager's menu bar, select Tools > Group Policy Management.Maximize the window for better viewing.Expand Forest: CorpNet.local > Domains > CorpNet.local. Access the AppLocker policy.Right-click Default Domain Policy and select Edit.Maximize the window for better viewing.Under Computer Configuration, expand and select:Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker. Configure rule enforcement.From the right pane, select Configure rule enforcement.Under Executable rules, select Configured.Make sure Enforce rules is selected in the drop-down list.Select OK. Configure a Publisher rule and allow the Support group to run the call center software.From the left pane, expand AppLocker.Right-click Executable Rules and then select Create New Rule.Select Next.Make sure Allow is selected.For User or group, click Select.In the Enter the object names to select box, type Support and then select OK.Select Next.Make sure Publisher is selected; then select Next.For the Reference file, select Browse.Browse to and select the C:\CallCenter\CallStart.exe file.Select Open.Slide the pointer from File version to Publisher and then select Next.Select Next.Accept the default name and select Create.Select Yes to create the default rules.Notice that the Publisher rule was created.

6.6.6 Restrict Local Accounts You are the IT security administrator for a small corporate network. You are working to increase the authentication security of the domain. You need to make sure that only authorized users have administrative rights to all local machines. Local users and groups can be controlled through a GPO linked to the domain. In this lab, your task is to edit the Default Domain Policy and configure the Local Users and Groups policy settings as follows: Create a policy to update the built-in Administrator local group. Delete all member users. Delete all member groups. Add BUILTIN\Administrator to the group. Add %DOMAINNAME%\Domain Admins to the group

Complete this lab as follows: Access the CorpNet.local domain under Group Policy Management.From Server Manager, select Tools > Group Policy Management.Maximize the windows for better viewing.Expand Forest: CorpNet.local > Domains > CorpNet.local. Create a policy to update the built-in Administrator local group.Right-click Default Domain Policy and select Edit.Maximize the windows for better viewing.Under Computer Configuration, expand Preferences > Control Panel Settings.Right-click Local Users and Groups and select New > Local Group.Using the Group name drop-down, select Administrators (built-in).Select Delete all member users to remove all member users.Select Delete all member groups to remove all member groups.Select Add.In the Name field, enter BUILTIN\Administrator and then select OK.Select Add.In the Name field, enter %DOMAINNAME%\Domain Admins and then select OK.Select OK to save the policy.

12.8.6 Back Up Files with File History You have recently installed a new Windows 10 computer. To protect valuable data, you need to implement file history backups on this computer. In this lab, your task is to configure automatic backups for the Exec computer as follows: Save the backup to the Backup (E:) volume. Back up files daily. Keep backup files for six months. Back up the entire Data (D:) volume. Make a backup now.

Complete this lab as follows: Access the File History Backup options.Right-click Start and then select Settings.Select Update & Security.From the left pane, select Backup. Configure and run a file history backup plan.From the right pane, select Add a drive.Select Backup (E:).Under Automatically back up my files, slide the switch to On.Select More options.Under Back up my files, use the drop-down menu to select Daily.Under Keep my backups, use the drop-down menu to select 6 months.Under Back up these folders, select Add a folder.Double-click the Data (D:) volume and then select Choose this folder.Select Back up now.Wait for the backup to complete.

12.8.8 Recover a File from File History Susan produces your organization's monthly magazine. While working on an upcoming issue, Susan accidentally deleted significant portions of the layout image. She also made extensive changes to the cover artwork, but has now been asked to discard the changes and use the original artwork. Susan has asked you to help her recover older versions of her files in the Pictures library so she can still meet her publishing deadline. In this lab, your task is to complete the following: Using the Settings app, access the program needed to restore files from a current backup. From the File History dialog, restore the following files: FileFile Version to RestorePictures\Layouts\June2020_Issue.jpgWednesday, March 16, 2020 11:15 AMPictures\Images\coverart.jpgWednesday, March 16, 2020 12:15 PM

Complete this lab as follows: Access the File History options using the Settings app.Right-click Start and then select Settings.Select Update & Security.From the left pane, select Backup.Make sure Automatically back up my files is set to On.Select More options.Scroll to the bottom of the Backup options dialog and select Restore files from a current backup.Maximize the window for better viewing. Restore the June2020_Issue.jpg file.From the bottom of the File History dialog, select the Previous version button (left arrow) to navigate to the backups captured on Monday, March 16, 2020 11:15 AM.Double-click Pictures.Double-click Layouts.Select the June2020_Issue.jpg file.Select the green Restore to original location arrow located at the bottom center.Select Replace the file in the destination.The Layouts folder where the file was restored is opened.From the Layouts folder, right-click the June2020_Issue.jpg file and then select Properties.Verify that the file is 115.44 MB in size and was last modified on March 16, 2020 at 11:15:12 AM.Select OK.Close the Layouts window. Restore the Coverart.jpg file.In the top left of the File History dialog, select the up arrow to navigate to the Home\Pictures folder.Select the Previous version button at the bottom to navigate to the backups captured on Monday, March 16, 2020 12:15 PM.Double-click Images.Select the coverart.jpg file.Select the green Restore to original location arrow located at the bottom center.Select Replace the file in the destination.Right-click the coverart.jpg file and select Properties.Verify that the file is 1.09 MB in size and was last modified on March 16, 2020 at 12:15:12 PMSelect OK.

8.1.5 Configure a Wireless Network You are a network technician for a small corporate network. You just installed a Ruckus zone controller and wireless access points throughout your office buildings using wired connections. You now need to configure basic wireless network settings. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: Create a WLAN using the following settings:Name: CorpNet WirelessESSID: CorpNetType: Standard UsageAuthentication: OpenEncryption: WPA2Encryption algorithm: AESPassphrase: @CorpNetWeRSecure! Connect the Exec-Laptop in the Executive office to the new wireless network.

Complete this lab as follows: Access the Ruckus zone controller.From the taskbar, open Chrome.In the URL field, enter 192.168.0.6 and press Enter.Maximize the window for easier viewing. Log into the Wireless Controller console.In the Admin field, enter admin (case sensitive).In the Password field, enter password as the password.Select Login. Create a new WLAN.Select the Configure tab.From the left menu, select WLANs.Under WLANs, select Create New.In the New Name field, enter the CorpNet Wireless.In the ESSID field, enter the CorpNet.Under Type, make sure Standard Usage is selected.Under Authentication Options, make sure Open is selected.Under Encryption Options, select WPA2.Under Algorithm, make sure AES is selected.In the Passphrase field, enter @CorpNetWeRSecure!.Select OK. Switch to the Exec-Laptop.Using the navigation tabs at the top of the screen, select Floor 1.Under Executive Office, select Exec-Laptop. Connect to the new CorpNet wireless network.In the notification area, select the wireless network icon to view the available networks.Select CorpNet.Select Connect.Enter @CorpNetWeRSecure! for the security key.Select Next.Select Yes to make the computer discoverable on the network.The CorpNet network now shows as being connected and secured.

8.3.7 Configure WIPS You are a network technician for a small corporate network. You would like to enable Wireless Intrusion Prevention on the wireless controller. You are already logged in as WxAdmin. Access the Wireless Controller console through Chrome on http://192.168.0.6. In this lab, your task is to: Configure the wireless controller to protect against denial-of-service (DOS) attacks as follows:Protect against excessive wireless requests.Block clients with repeated authentication failures for two minutes (120 seconds). Configure Intrusion Detection and Prevention as follows:Report all rogue devices regardless of type.Protect the network from rogue access points. Enable Rogue DHCP Server Detection.

Complete this lab as follows: Access the Ruckus zone controller.From the taskbar, open Google Chrome.In the URL field, enter 192.168.0.6 and press Enter.Maximize the window for easier viewing. Configure Denial of Service protection.Select the Configure tab.From the left menu, select WIPS.Under Denial of Services(DoS), select Protect my wireless network against excessive wireless requests.Select Temporarily block wireless clients with repeated authentication failures.Enter 120 seconds.On the right, select Apply. Configure Intrusion Detection and Prevention:Under Intrusion Detection and Prevention, select Enable report rogue devices.Select Report all rogue devices.Select Protect the network from malicious rogue access points.On the right, select Apply. Select Enable rogue DHCP server detection and then select Apply.

8.3.6 Harden a Wireless Network You are a network technician for a small corporate network. You need to increase the security of your wireless network. Your new wireless controller provides several security features that you want to implement. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: Change the admin username and password for the Zone Director controller to the following:Admin Name: WxAdminPassword: ZDAdminsOnly!$ (O is the capital letter O) Set up MAC address filtering (L2 Access Control) to create a whitelist called Allowed Devices that includes the following wireless devices:00:18:DE:01:34:6700:18:DE:22:55:9900:02:2D:23:56:8900:02:2D:44:66:88 Implement a device access policy called NoGames that blocks gaming consoles from the wireless network.

Complete this lab as follows: Access the Ruckus zone controller.From the taskbar, select Google Chrome.In the URL field, enter 192.168.0.6 and press Enter.Maximize the window for easier viewing. Log in to the wireless controller console.In the Admin field, enter admin (case sensitive).In the Password field, enter password as the password.Select Login. Change the admin username and password for the Zone Director controller.From the top, select the Administer tab.Make sure Authenticate using the admin name and password is selected.In the Admin Name field, enter WxAdmin.In the Current Password field, enter password.In the New Password field, enter ZDAdminsOnly!$.In the Confirm New Password field, enter ZDAdminsOnly!$.On the right, select Apply. Enable MAC address filtering.From the top, select the Configure tab.From the left menu, select Access Control.Expand L2-L7 Access Control.Under L2/MAC address Access Control, select Create New.In the Name field, enter Allowed Devices.Under Restriction, make sure Only allow all stations listed below is selected.Enter a MAC address.Select Create New.Repeat step 4g-4h for each MAC address you would like to add to the ACL.Select OK. Configure access controls.Under Access Control, expand Device Access Policy.Select Create New.In the Name field, enter NoGames.Select Create New.In the Description field, enter Games.Using the OS/Type drop-down list, select Gaming.In the Type field, select Deny.Under Uplink, make sure Disabled is selected.Under Downlink, make sure Disabled is selected.Select Save.Select OK.

4.2.7 Configure Microsoft Defender Firewall You have a new laptop that is running Windows 10. You notice a security message that indicates that Windows Firewall has been disabled. The laptop is currently connected to your organization's network, and the Domain network profile settings are in effect. You plan to travel this week, and you willconnect the laptop to various airport Wi-Fi hotspots. You need to enable Windows Firewall for any public network. In this lab, your task is to configure Windows Firewall as follows: Turn on Windows Firewall for the Public network profile only. In addition to the programs and ports currently allowed, allow the following service and programs through the firewall for the Public network profile only:A service named Key Management ServiceAn application named Arch98An application named Apconf

Complete this lab as follows: Access the Windows Firewall settings.Right-click Start and then select Settings.Select Network & Internet.From the right pane, scroll down and select Windows Firewall. From the Firewall & network protection dialog, under Public network, select Turn on. Allow applications to communicate through the firewall for the Public network only.Select Allow an app through firewall.Select Change settings.For Key Management Service, clear Domain and Private, and then select Public.Select Allow another app to configure an exception for an application not currently allowed through the firewall.Select the application from the list and then select Add.For the newly added application, clear Domain and Private, and then select Public.Repeat steps 3d - 3f for the remaining application. Select OK.

6.6.7 Secure Default Accounts You work as the IT security administrator for a small corporate network. You are improving office computers' security by renaming and disabling default computer accounts. In this lab, your task is to perform the following on the Office1 computer: Rename the Administrator account Yoda. Disable the Guest account. Verify that Password never expires is not selected for any local users. This forces them to change their passwords regularly. Delete any user accounts with User must change password at next logon selected. This indicates that a user has never logged in. Start Lab

Complete this lab as follows: Access the computer's Computer Management tool.Right-click Start and select Computer Management.Under System Tools, expand Local Users and Groups.Select Users. Rename the Administrator account.From the center pane, right-click Administrator and select Rename.Enter Yoda and press Enter. Disable the Guest account.Right-click Guest and select Properties.Select Account is disabled and click OK. Remove Password never expires option if it is selected.Right-click a user and select Properties.Deselect Password never expires (if selected) and then select OK.Repeat step 4 for each user. Delete any unused accounts.Right-click the user that has User must change password at next logon selected and select Delete.Click Yes to confirm deletion of the account.

6.7.9 Lock and Unlock User Accounts Every seven years, your company provides a six-week sabbatical for every employee. Vera Edwards (vedwards), Corey Flynn (cflynn), and Bhumika Kahn (bkahn) are leaving today. Maggie Brown (mbrown), Brenda Cassini (bcassini), and Arturo Espinoza (aespinoza) are just returning. The company security policy mandates that user accounts for employees gone for longer than two weeks be disabled. In this lab, your task is to: Lock the following user accounts:vedwardscflynnbkahn Unlock the following user accounts:mbrownbcassiniaespinoza When you're finished, view the /etc/shadow file to verify the changes.

Complete this lab as follows: Lock the applicable accounts.At the prompt, type usermod -L vedwards or passwd -l vedwards and press Enter.Type usermod -L cflynn or passwd -l cflynn and press Enter.Type usermod -L bkahn or passwd -l bkahn and press Enter. Unlock the applicable accounts.Type usermod -U mbrown or passwd -u mbrown and press Enter.Type usermod -U bcassini or passwd -u bcassini and press Enter.Type usermod -U aespinoza or passwd -u aespinoza and press Enter. Verify your changes by typing cat /etc/shadow and pressing Enter.The inclusion of the exclamation point (!) in the password field indicates whether the account is disabled.

5.1.8 Configure Network Security Appliance Access You work as the IT security administrator for a small corporate network. You need to secure access to your pfSense appliance, which is still configured with the default user settings. In this lab, your task is to: Change the password for the default pfSense account from pfsense to P@ssw0rd (use a zero). Create a new administrative user with the following parameters:Username: zolsenPassword: St@yout!Full Name: Zoey OlsenGroup Membership: admins Set a session timeout of 15 minutes for pfSense. Disable the webConfigurator anti-lockout rule for HTTP.

Complete this lab as follows: Access the pfSense management console.From the taskbar, select Google Chrome.Maximize the window for better viewing.In the Google Chrome address bar, enter 198.28.56.18 and then press Enter.Enter the pfSense sign-in information as follows:Username: adminPassword: pfsenseSelect SIGN IN. Change the password for the default (admin) account.From the pfSense menu bar, select System > User Manager.For the admin account, under Actions, select the Edit user icon (pencil).For the Password field, change to P@ssw0rd (use a zero).For the Confirm Password field, enter [email protected] to the bottom and select Save. Create and configure a new pfSense user.Select Add.For Username, enter zolsen.For the Password field, enter St@yout!.For the Confirm Password field, enter St@yout!For Full Name, enter Zoey Olsen.For Group Membership, select admins and then select Move to Member of list.Scroll to the bottom and select Save. Set a session timeout for pfSense.Under the System breadcrumb, select Settings.For Session timeout, enter 15.Select Save. Disable the webConfigurator anti-lockout rule for HTTP.From the pfSense menu bar, select System > Advanced.Under webConfigurator, for Protocol, select HTTP.Select Anti-lockout to disable the webConfigurator anti-lockout rule.Scroll to the bottom and select Save.

5.1.7 Configure a Security Appliance You are an IT security administrator for a small corporate network. To increase security for the corporate network, you have installed the pfSense network security appliance in your network. Now you need to configure the device. In this lab, your task is to configure pfSense as follows: Sign in to pfSense using the following case-sensitive information:URL: 198.28.56.18Username: adminPassword: pfsense Configure the DNS servers as follows:Primary DNS server: 163.128.78.93 - Hostname: DNS1Secondary DNS server: 163.128.80.93 - Hostname: DNS2 Configure the WAN IPv4 information as follows:Enable the interface.Use a static IPv4 address of 65.86.24.136/8Add a new gateway using the following information:Type: Default gatewayName: WANGatewayIP address: 65.86.1.1

Complete this lab as follows: Access the pfSense management console.From the taskbar, select Google Chrome.Maximize the window for better viewing.In the address bar, type 198.28.56.18 and then press Enter.Sign in using the following case-sensitive information:Username: adminPassword: pfsenseSelect SIGN IN or press Enter. Configure the DNS Servers.From the pfSense menu bar, select System > General Setup.Under DNS Server Settings, configure the primary DNS Server as follows:Address: 163.128.78.93Hostname: DNS1Gateway: NoneSelect Add DNS Server to add a secondary DNS Server and then configure it as follows:Address: 163.128.80.93Hostname: DNS2Gateway: NoneScroll to the bottom and select Save. Configure the WAN settings.From pfSense menu bar, select Interfaces > WAN.Under General Configuration, select Enable interface.Use the IPv4 Configuration Type drop-down to select Static IPv4.Under Static IPv4 Configuration, in the IPv4 Address field, enter 65.86.24.136.Use the IPv4 Address subnet drop-down to select 8.Under Static IPv4 Configuration, select Add a new gateway.Configure the gateway settings as follows:Default: Select Default gatewayGateway name: Enter WANGatewayGateway IPv4: 65.86.1.1Select Add.Scroll to the bottom and select Save.Select Apply Changes.

6.7.8 Change a User's Password Salman Chawla (schawla) forgot his password and needs access to the resources on his computer. You are logged on as wadams. The password for the root account is 1worm4b8. In this lab, your task is to: Change the password for the schawla user account to G20oly04 (0 is a zero). Make sure the password is encrypted in the shadow file.

Complete this lab as follows: Change Salman Chawla's password.At the prompt, type su -c "passwd schawla", then press Enter.Type 1worm4b8, then press Enter. This is the password for the root user.At the New password prompt, type G20oly04, then press Enter. This is the new password for the schawla user account.At the Retype new password prompt, type G20oly04, then press Enter.

13.3.7 Secure Email on iPad You work as the IT security administrator for a small corporate network. The receptionist, Maggie Brown, uses an iPad to manage employee schedules and messages. You need to help her secure her email and browser on her iPad. In this lab, your task is to complete the following: Configure Maggie's email account to use SSL for incoming mail. Secure the internet browser as follows:Turn off AutoFillTurn on Block Pop-upsBlock all cookiesTurn on Fraudulent Website WarningTurn off JavaScript

Complete this lab as follows: Configure email for SSL.Select Settings.Scroll down and select Accounts & Passwords.From the right pane, select Gmail.Select Account [email protected] Advanced.Under Incoming Settings, set Use SSL to ON.From the top, select Account to return to the Account menu.Select Done. Turn off AutoFill.From the Settings menu, select Safari.From the right pane, select AutoFill.Set Use Contact Info to OFF.Set Names and Passwords to OFF.From the top, select Safari to return to the Safari menu Block all pop-up and cookies.From the right pane, set Block Pop-ups to ON.Set Block All Cookies to On. Turn on the fraudulent website Warning and turn off JavaScript.From the right pane, set Fraudulent Website Warning to ON.Select Advanced.Set JavaScript to OFF.

8.2.6 Configure Rogue Host Protection You are a network technician for a small corporate network. You want to take advantage of the self-healing features provided by the small enterprise wireless solution you've implemented. You're already logged in as WxAdmin on the Wireless Controller console from ITAdmin. In this lab, your task is to: Configure self-healing on the wireless network.Automatically adjust AP radio power to optimize coverage when interference is present.Set 2.4 GHz and 5 GHz radio channels to use the Background Scanning method to adjust for interference. Configure the background scanning needed for rogue device detection, AP locationing, and self-healing. Background scans should be performed on all radios every 30 seconds. Configure load balancing for all radios by adjusting the threshold to 40 dB. Configure band balancing to allow no more than 30% of clients to use the 2.4 GHz radios. Reduce the power levels to -3 dB for three access points in Building A to reduce RF emanations. Use the wireless survey results in the exhibit to identify the access points.The amount you reduce TX Power by requires a judgment call based on the wir

Complete this lab as follows: Configure self-healing.From the top, select the Configure tab.From the left menu, select Services.Under Self-Healing, select Automatically adjust AP radio power to optimize coverage when interference is present.Using the Automatically adjust 2.4GHz channels using drop-down menu, select Background Scanning from the drop-down menu.Using the Automatically adjust 5GHz channels using drop-down menu, select Background Scanning from the drop-down menu.On the right, select Apply. Configure background scanning.Select Run a background scan on 2.4GHz radio.Enter 30 seconds.Select Run a background scan on 5GHz radio.Enter 30 seconds.On the right, select Apply. Configure load balancing.Select Run load balancing on 2.4GHz radio.In the Adjacent radio threshold(dB) field, enter 40.Select Run load balancing on 5GHz radio.In the Adjacent radio threshold(dB) field, enter 40.On the right, select Apply. Configure band balancing.Select Percent of clients on 2.4GHz radio.Enter the 30.On the right, select Apply. Adjust the AP power level.From the left menu, select Access Points.From the top right, select Exhibit to determine which access points to adjust.Select Edit next to the access point to be modified.Under Radio B/G/N(2.4G) next to TX Power, make sure Override Group Config is selected.From the TX Power drop-down list, select -3dB (1/2).Under Radio A/N/AC(5G) next to TX Power, make sure Override Group Config is selected.From the TX Power drop-down list, select -3dB (1/2).Select OK.Repeat steps 5b - 5h for additional access poin

5.11.10 Secure Access to a Switch You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet by restricting access management and by updating the switch's firmware. In this lab, your task is to: Create an access profile named MgtAccess and configure it with the following settings:SettingValueAccess Profile NameMgtAccessRule Priority1Management MethodAllActionDenyApplies to InterfaceAllApplies to Source IP addressAll Add a profile rule to the MgtAccess profile with the following settings:SettingValueRule Priority2Management MethodHTTPActionPermitApplies to interfaceAllApplies to Source IP addressUser definedIP Version: Version 4IP Address: 192.168.0.10Network Mask: 255.255.255.0 Set the MgtAccess profile as the active access profile. Save the changes to the switch's startup configuration file using the default settings. Update the firmware image to the latest version by downloading the firmware files found in C:\Sx300_Firmware\Sx300_FW-1.2.7.76.ros.

Complete this lab as follows: Create and configure an Access Profile named MgtAccess.From the left pane, expand and select Security > Mgmt Access Method > Access Profiles.Select Add.Enter the Access Profile Name of MgtAccess.Enter the Rule Priority of 1.For Action, select Deny.Select Apply and then select Close. Add a profile rule to the MgtAccess profile.From the left pane, under Security > Mgmt Access Method, select Profile Rules.Select the MgtAccess profile and then select Add.Enter a Rule Priority of 2.For Management Method, select HTTP.For Applies to Source IP Address, select User Defined.For IP Address, enter 192.168.0.10.Enter the 255.255.255.0.Select Apply and then select Close. Set the MgtAccess profile as the active access profile.From the left pane, under Security > Mgmt Access Method, select Access Profiles.Use the Active Access Profile drop-down list to select MgtAccess.Select Apply.Select OK. Save the changes to the switch's startup configuration file.At the top, select Save.For Source File Name, make sure Running configuration is selected.For Destination File Name, make sure Startup configuration is selected.Select Apply.Select OK. Upgrade the firmware image to the latest version.From the left pane, select Getting Started.Under Quick Access, select Upgrade Device Software.For File Name, select Choose File.Browse to and select C:\Sx300_Firmware\Sx300_FW-1.2.7.76.ros.Select Open.Select Apply.Select OK.From the left pane, under File Management, select Active Image.For Active Image After Reboot, use the drop-down menu to select Image 2.Select Apply.From the left pane under Administration, select Reboot.From the right pane, select Reboot.Select OK.

11.7.4 Crack Password with Rainbow Tables A recent breach of a popular 3rd party service has exposed a password database. The security team is evaluating the risk of the exposed passwords for the company. The password hashes are saved in the root user's home directory, /root/captured_hashes.txt. You want to attempt to hack these passwords using a rainbow table. The password requirements for your company are as follows: The password must be 12 or more characters in length. The password must include at least one uppercase and one lowercase letter. The password must have at least one of these special characters: !, ", #, $, %, &, _, ', *, or @. All passwords are encrypted using a hash algorithm of either md5 or sha1. In this lab, your task is to: Create md5 and sha1 rainbow tables using rtgen. Sort the rainbow tables using rtsort. Crack the hashes using rcrack. You must run rcrack on an individual hash and run it on the hash file. Answer the question. The type of charset that can be used to create a rainbow table is stored in the /usr/share/rainbowcrack/charset.txt file. This file can be viewed using the cat command. Start Lab

Complete this lab as follows: Create and sort an md5 and sha1 rainbow crack table.From the Favorites bar, select Terminal.At the prompt, type rtgen md5 ascii-32-95 1 20 0 1000 1000 0 and press Enter to create a md5 rainbow crack table.Type rtgen sha1 ascii-32-95 1 20 0 1000 1000 0 and press Enter to create a sha1 rainbow crack table.Type rtsort . and press Enter to sort the rainbow table. Crack the password hashes.To crack the password contained in a hash file, type rcrack . -l /root/captured_hashes.txt and press Enter.To crack the password contained in a hash, type rcrack . -h hash_value and press Enter.Repeat step 2b for the remaining hashes. Answer the questions.In the top right, select Answer Questions.Answer the questions.Select Score Lab.

7.1.11 Hide Files with OpenStego You are the IT security administrator for a small corporate network. Recently, some of your firm's proprietary data leaked online. You have been asked to use steganography to encrypt data into a file that is to be shared with a business partner. The data will allow you to track the source if the information is leaked again. In this lab, your task is to use OpenStego to hide data in photos as follows: Encrypt the user data into the file to be shared. Name the file send.png and save it in the Documents folder. Password-protect the file with NoMor3L3@ks! as the password. Confirm the functionality of the steganography by extracting the data and opening the file to confirm that the associated username has been embedded into the file.

Complete this lab as follows: Encrypt the user data into the file to be shared.In the search field on the taskbar, type OpenStego.Under Best match, select OpenStego. Select the Message, Cover, and Output Stego files.For Message File, select the ellipses [...] button at the end of the field.Double-click John.txt to select the file.For Cover File, select the ellipses [...] button at the end of the field.Double-click gear.png to select the file.For Output Stego File, select the ellipses [...] button at the end of the field.In the File name field, enter send.png and then select Open. Password protect the file.In the Password field, enter NoMor3L3@ks!In the Confirm Password field, enter NoMor3L3@ks!Select Hide Data.Select OK. Extract the data and open the file.Under Data Hiding, select Extract Data.For the Input Stego File field, select the ellipses [...] button.Double-click send.png to select the file with the encryption.For the Output Folder for Message File, select the ellipses [...] button.Double-click Export to set it as the destination of the file output.Click Select Folder.In the Password field, enter NoMor3L3@ks! as the password.Select Extract Data.Select OK. Verify that the decryption process was successful.From the taskbar, select File Explorer.Double-click Documents to navigate to the folder.Double-click Export to navigate to the folder.Double-click John.txt.

5.13.6 Permit Traffic The Fiji router has been configured with Standard IP Access List 11. The access list is applied to the Fa0/0 interface. The access list must allow all traffic except traffic coming from hosts 192.168.1.10 and 192.168.1.12. However, you've noticed that it's preventing all traffic from being sent on Fa0/0. You remember that access lists contain an implied deny any statement. This means that any traffic not permitted by the list is denied. For this reason, access lists should contain at least one permit statement or all traffic is blocked. In this lab, your task is to: Add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic. Save your changes in the startup-config file.

Complete this lab as follows: Enter the configuration mode for the Fiji router:From the exhibit, select the Fiji router.From the terminal, press Enter.Type enable and then press Enter.Type config term and then press Enter. From the terminal, add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic.Type access-list 11 permit any and press Enter.Press Ctrl + Z. Save your changes in the startup-config file.Type copy run start and then press Enter.Press Enter to begin building the configuration.Press Enter.

5.13.7 Block Source Hosts You have a small business network connected to the internet through a single router as shown in the network diagram. You have noticed that three hosts on the internet have been flooding your router with unwanted traffic. As a temporary measure, you want to prevent all communication from these three hosts until the issue is resolved. In this lab, your task is to: Create a Standard Access List 25. Add statements to the access list to block traffic from the following hosts:199.68.111.199202.177.9.1211.55.67.11 Add a statement to allow all other traffic from all other hosts. Apply Access List 25 to the Serial0/0/0 interface to filter incoming traffic.

Complete this lab as follows: Enter the configuration mode for the router:From the exhibit, select the router.From the terminal, press Enter.Type enable and then press Enter.Type config term and then press Enter. From the terminal, create a standard numbered access list using number 25. Add statements to the access list to block traffic to the required hosts.Type access-list 25 deny host 199.68.111.199 and press Enter.Type access-list 25 deny host 202.177.9.1 and press Enter.Type access-list 25 deny host 211.55.67.11 and press Enter. From the terminal, add a statement to allow all other traffic from all other hosts, by typing access-list 25 permit any and pressing Enter. From the terminal, apply Access List 25 to the Serial0/0/0 interface to filter incoming traffic.Type int s0/0/0 and press Enter.Type ip access-group 25 in and press Enter.Type Ctrl + Z.

5.12.4 Explore VLANs You are the IT security administrator for a small corporate network. You need to increase the networking closet's security by implementing a CCTV system with IP cameras. As part of this task, you need to separate the CCTV data traffic on the network using a separate VLAN on the switch. The patch panel connections for the networking closet, lobby, and IT administration office are installed and ready for use (ports 18-20). A DHCP server is already configured to provide the IP cameras and the laptop in the IT administration office with the correct TCP/IP settings (port 21). For an easier implementation, create the logical VLAN first and then establish the physical connections of the IP cameras and the laptop. In this lab, your task is to perform the following: Access the switch management console from ITAdmin using the following credentials:Address: http://192.168.0.2Username: ITSwitchAdminPassword: Admin$only (the password is case-sensitive) Create and configure a VLAN on the switch as follows:VLAN ID: 2VLAN Name: IPCamerasConfigure ports GE18, GE19, GE20, GE21 as untagged.Port 18 is connected to the network jack next to the laptop in the IT administration office.Port 19 is connected to the camera mount in the lobby.Port 20 is connected to the camera mount in the networking closet.Port 21 is connected to a DHCP server that provides IP addresses to the camera and the laptop. In the lobby and networking closet, perform the following:Connect a Cat5e cable to the RJ-45 ports on the IP camera and the IP camera wall plate.Mount the IP camera on the wall plate. In the networking closet, connect the DHCP server to the VLAN using a Cat5e cable from switch port 21 to patch panel port 21 in the rack. In the IT administration office, connect a Cat5e cable to the laptop's network port and the open port on the wall plate. On ITAdmin-Lap, verify the VLAN configuration and IP camera installation as follows:Select Start > IP Cameras.Verify that the program detects the IP cameras on the VLAN 2 network.

Complete this lab as follows: From the ITAdmin computer, log into the CISCO switch.From the taskbar, open Google Chrome.Maximize the window for easier viewing.In the URL field, enter 192.168.0.2 and press Enter.For Username, enter ITSwitchAdmin.For Password, enter Admin$only (password is case-sensitive).Select Log In. Create a VLAN.From the Getting Started pane, under Initial Setup, select Create VLAN.Select Add.For VLAN ID, enter 2.For VLAN Name, enter IPCameras.Select Apply.Select Close. Configure a VLAN.From the left pane, under VLAN Management, select Port to VLAN.From the the VLAN ID equals to drop-down menu, select 2.Select Go.For ports GE18, GE19, GE20, and GE21, select Untagged.Select Apply. Connect the IP camera in the lobby to the VLAN and mount the IP cameras.From the top navigation area, select Floor 1.Under Lobby, select Hardware.Under Shelf, expand CCTV Cameras.Drag the IP Camera (Lobby) to the workspace.Under Workspace for the IP camera, select Back to switch to the back view of the IP camera.Under Shelf, expand Cables and then select a Cat5e Cable, RJ45.Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the IP Camera wall mount plate.From the wall plate's Partial Connections list, drag the other connector to the RJ-45 port on the back of the IP camera.Drag the IP camera to the IP camera wall plate. Connect the IP camera in the networking closet to the VLAN and mount the IP cameras.From the top navigation area, select Floor 1.Under Networking Closet, select Hardware.Under Shelf, expand CCTV Cameras.Drag the IP Camera (Networking Closet) to the workspace.Under Workspace for the IP camera, select Back to switch to the back view of the IP camera.Under Shelf, expand Cables and then select Cat5e Cable, RJ45.Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the IP Camera mount wall plate.Under Selected Component, drag the unconnected RJ45 cable to the RJ-45 port on the back of the IP camera.To mount the IP camera, drag the IP camera to the IP camera wall plate. Connect the DHCP server and laptop to the VLAN.In the networking closet, under Shelf, select a Cat5e Cable, RJ45.Under Selected Component, drag a RJ45 Connector to port 21 on the switch.Under Selected Component, drag the unconnected RJ45 Connector to port 21 on the patch panel. Connect the laptop to the VLAN.From the top menu, select Floor 1.Under IT Administration, select Hardware.Above the laptop, select Back to switch to the back view of the laptop.Under Shelf, select Cat5e Cable, RJ45.Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the laptop.Under Selected Component, drag the unconnected RJ45 Connector to the open RJ-45 port on the wall plate.To verify that all components are connected, you can change location to the network closet hardware view. You should see green link/activity lights on ports 18 - 21 of the switch. You should also see amber Power Over Ethernet (POE) lights on ports 19 and 20, which are connected to the IP cameras. Launch the IP camera monitoring software.Under the laptop's workspace, select Front.On the IT-Laptop2, select Click to view Windows 10.From the taskbar, select Start.Select IP Cameras.Verify that both cameras are detected on the network.

11.6.6 Poison DNS You are the IT security administrator for a small corporate network. You want to spoof the DNS to redirect traffic as part of a man-in-the-middle attack. In this lab, your task is to: (Optional) From the Exec computer, access rmksupplies.com and verify that site can be accessed. From the Linux Support computer, use Ettercap to begin sniffing and scanning for hosts. Configure the Exec computer (192.168.0.30) as the target 1 machine. Initiate DNS spoofing. From the Exec computer, access rmksupplies.com and verify that it has been redirected to a different site.

Complete this lab as follows: From the Support computer, use Ettercap to begin sniffing and scanning for hosts.From the Favorites bar, select Ettercap.Select Sniff > Unified sniffing.From the Network Interface drop-down menu, select enp2s0.Select OK.Select Hosts >Scan for hosts. Configure the Exec computer (192.168.0.30) as the target 1 machine.Select Hosts > Host list.Under IP Address, select 192.168.0.30.Select Add to Target 1 to assign it as the target. Initiate DNS spoofing.Select Plugins > Manage the plugins.Select the Plugins tab.Double-click dns_spoof to activate it.Select Mitm > ARP poisoning.Select Sniff remote connections and then select OK. From the Exec computer, access rmksupplies.com.From the top navigation tabs, select Floor 1 Overview.Under Executive Office, select Exec.From the taskbar, select Google Chrome.In the URL field, type rmksupplies.com and then press Enter.Notice that the page was redirected to RUS Office Supplies despite the web address staying the same.

13.3.5 Configure Email Filters You are the IT security administrator for a small corporate network. You helped your boss remove a lot of junk email, and now he would like you to only allow emails and attachments from senders on his safe sender list. In this lab, your task is to configure email filtering as follows: Only allow emails from the safe senders list. Report junk email messages to your email provider. Only allow attachments from the safe senders list.

Complete this lab as follows: In the upper right corner of the WebEmail interface, select Options > More Options. Under Preventing junk email, select Filters and reporting. Under Choose a junk email filter, select Exclusive. Under Report junk messages, select Report junk. Under Block content from unknown senders, select Block attachments, pictures, and links for anyone not in my safe senders list. Select Save.

3.1.3 Implement Physical Security Based on a review of physical security at your office, you have recommended several improvements. Your plan includes installing smart card readers, IP cameras, signs, and an access log book. In this lab, your task is to: Implement your physical security plan by dragging the correct items from the shelf onto the various locations in the building. As you drag the items from the shelf, the possible drop locations are highlighted. To implement your plan, you must: Install two IP security cameras in the appropriate location to record which employees access the key infrastructure. The security cameras should operate over the TCP/IP network. Install the smart card key readers in the appropriate location to control access to key infrastructure. The key card readers should be contactless and record more information than the card's ID. Install a Restricted Access sign on the networking closet door to control access to the infrastructure. Install the visitor log on the lobby desk.

Complete this lab as follows: Install the IP security cameras:From the Shelf, expand CCTV Cameras.Drag the IP Security Camera from the shelf to the highlighted circle inside the networking closet.Drag the IP Security Camera from the shelf to the highlighted circle just outside the networking closet. Install the smart card key readers:From the Shelf, expand Door Locks.Drag a smart card reader from the shelf to the highlighted location outside the building's front door.Drag a smart card reader from the shelf to the highlighted location outside the networking closet's door. Install the Restricted Access sign:From the Shelf, expand Restricted Access Signs.Drag the Restricted Access sign from the shelf to the networking closet door. Install the visitor log:From the Shelf, expand Visitor Logs.Drag the visitor log from the shelf to the lobby desk.

5.9.6 Secure a Switch You are the IT security administrator for a small corporate network. You need to secure access to your switch, which is still configured with the default settings. Access the switch management console through Chrome on http://192.168.0.2 with the username cisco and password cisco. In this lab, your task is to: Create a new user account with the following settings:Username: ITSwitchAdminPassword: Admin$only1844User Level: Read/Write Management Access (15) Edit the default user account as follows:Username: ciscoPassword: CLI$only1958User Level: Read-Only CLI Access (1) Save the changes to the switch's startup configuration file.

Complete this lab as follows: Log in to the CISCO switch.From the taskbar, select Google Chrome.In the URL field, enter 192.168.0.2 and press Enter.Maximize the window for easier viewing.In the Username and Password fields, enter cisco (case sensitive).Select Log In. Create a new user account.From Getting Started under Quick Access, select Change Device Password.Select Add.For the username, enter ITSwitchAdmin (case sensitive).For the password, enter Admin$only1844 (case sensitive).For Confirm Password, enter Admin$only1844.For User Level, make sure Read/Write Management Access (15) is selected.Select Apply.Select Close. Edit the default user account.Under User Account Table, select cisco (the default user) and then select Edit.For the password, enter CLI$only1958.For Confirm Password, enter CLI$only1958.For User Level, select Read-Only CLI Access (1).Select Apply. Save the changes to the switch's startup configuration file.From the top of the switch window, select Save.Under Source File Name, make sure Running configuration is selected.Under Destination File Name, make sure Startup configuration is selected.Select Apply.Select OK.Select Done.

12.7.6 Configure Fault-Tolerant Volumes You are the IT administrator for a small corporate network. You have installed the Windows Server 2019 operating system on a server named CorpServer2. During this installation, you created a single partition that took up the entire first disk. You would like to add fault tolerance to the system volume and create an additional fault tolerant volume for storing data. Four additional, uninitialized hard disks have been installed in the server for this purpose. In this lab, your task is to complete the following: To add fault tolerance for the System (C:) volume, create a mirrored volume using Disk 1. Create a new volume that provides both fault tolerance and improved performance using the following settings:Disks: Disk 2, Disk 3, and Disk 4Volume size: 2048000 MB (2 TB)Drive letter: RFormat: NTFSVolume label: Data You cannot create a RAID 5 volume from an ex

Complete this lab as follows: Mirror an existing volume as follows:Right-click Start and then select Disk Management.Select OK to initialize new disks.Maximize the Disk Management window to better view the volumes.Right-click the System (C:) volume and select Add Mirror.Select Disk 1. This is the disk that will be used for the mirrored copy.Select Add Mirror.Select Yes to convert the basic disk to a dynamic disk. Create a RAID 5 volume as follows:From Disk Management, right-click a Disk 2 with free space and select New RAID 5 Volume.Select Next.Under Available, hold down the Ctrl key and then select Disk 3 and Disk 4 to be part of the new volume with Disk 2.Select Add.Select Next.Using the Assign the following drive letter drop-down, select R and then click Next.Make sure that NTFS is selected as the file system.Change the Volume label field to Data and then select Next.Select Finish to create the volume.Select Yes to convert the basic disk to a dynamic disk.

4.3.5 Configure NTFS Permissions There are two groups of users who access the Office1 computer, Marketing and Research. Each group has a corresponding folder: E:\Marketing Data E:\Research Data In this lab, your task is to: Disable permissions inheritance for E:\Marketing Data and E:\Research Data and convert the existing permissions to explicit permissions. For each of the above folders, remove the Users group from the access control list (ACL). Add the Marketing group to the Marketing Data folder ACL. Add the Research group to the Research Data folder ACL. Assign the groups Full Control to their respective folders. Do not change any other permissions assigned to other users or groups.

Complete this lab as follows: Open the Data (E:) drive.From the Windows taskbar, select File Explorer.From the left pane, expand and select This PC > Data (E:). Disable inheritance and convert inherited permissions to explicit permissions.From the right pane, right-click the applicable folder and then select Properties.Select the Security tab.Select Advanced to modify inherited permissions.Select Disable inheritance to prevent inherited permissions.Select Convert inherited permissions into explicit permissions on this object. Remove the Users group from the access control list.In Permission entries, select Users.Select Remove to remove the group from the access control list.Select OK. Add a new group to the access control list and allow Full Control.Select Edit to add a group to the access control list.Select Add.Enter the name of the group you want to add and then select Check Names.Select OK.With the newly added group selected, under the Allow column, select Full control and then select OK.Select OK to close the properties dialog. Repeat steps 2 - 4 to modify the permissions for the additional folder.

9.2.6 Create Virtual Switches You have installed Hyper-V on the CorpServer server. You want to use the server to create virtual machines. Prior to creating the virtual machines, you are experimenting with virtual switches. In this lab, your task is to: Create an internal virtual switch named Switch 1. Create a private virtual switch named Switch 2.

Complete this lab as follows: Open the Virtual Switch Manager.From Hyper-V Manager, right-click CORPSERVER.Select Virtual Switch Manager. Create an internal switch named Switch 1.Select Create Virtual Switch.In the Name field, enter Switch 1.Under Connection type, select Internal network.Select Apply. Create a private switch named Switch 2.From the left pane, select New virtual network switch.From the right pane, select Private.Select Create Virtual Switch.In the Name field, enter Switch 2.Select OK.

6.7.5 Rename a User Account Brenda Cassini (bcassini) was recently married. You need to update her Linux user account to reflect her new last name of Palmer. In this lab, your task is to use the usermod command to: Rename Brenda's user account bpalmer. Change Brenda's comment field to read Brenda Palmer. Change and move Brenda's home directory to /home/bpalmer. When you're finished, view the /etc/passwd file and /home directory to verify the modification.

Complete this lab as follows: Rename the bpalmer account and move her home directory.From the Linux prompt, type usermod -l bpalmer bcassini -m -c "Brenda Palmer" -d /home/bpalmer and press Enter. Verify account modification.Type cat /etc/passwd and press Enter.Type ls /home and press Enter to verify that the account was modified.

11.4.10 Scan for IoT Vulnerabilities You are the IT security administrator for a small corporate network. You have some security issues on a few Internet of Things (IoT) devices. You have decided to use the Security Evaluator to find these problems. In this lab, your task is to use the Security Evaluator to: Find a device using the IP address of 192.168.0.54. Find all devices using an IP address in the range of 192.168.0.60 through 192.168.0.69. Answer the questions.

Complete this lab as follows: Run a Security Evaluator report for 192.168.0.54.From the taskbar, open Security Evaluator.Next to Target Local Machine, select the Target icon.Select IPv4 Address.Enter 192.168.0.54 as the IP address.Select OK.Next to Status No Results, select the Run/Rerun Security Evaluation icon to run a security evaluation.In the top right, select Answer Questions.Answer Questions 1 and 2. Run a Security Evaluator report for an IP range of 192.168.0.60 through 192.168.0.69.From the Security Evaluator, select the Target icon to select a new target.Select IPv4 Range.In the left field, type 192.168.0.60 as the beginning IP address.In the right field, type 192.168.0.69 as the ending IP address.Select OK.Next to Status No Results, select the Run/Rerun Security Evaluation icon to run a security evaluation.Answer Question 3.Select Score Lab.

11.4.11 Scan for WAP Vulnerabilities You are the IT security administrator for a small corporate network. You perform vulnerability scans on your network. You need to verify the security of your wireless network and your Ruckus wireless access controller. In this lab, your task is to: Run a vulnerability scan for the wireless access controller 192.168.0.6 using Security Evaluator, which is accessible from the taskbar. Remediate the vulnerabilities found in the vulnerability report for the wireless access controller.New admin name: your choiceNew password: your choiceEnable reporting of rogue devices for intrusion prevention. Rerun a vulnerability scan to make sure all of the issues are resolved. Access the wireless controller console through Google Chrome on http://192.168.0.6 with the admin name admin and the password password. The username and password are case-sensitive.

Complete this lab as follows: Run a Security Evaluator report.From the taskbar, select Security Evaluator.Next to Target: Local Machine, select the Target icon to select a new target.Select IPv4 Address.Enter 192.168.0.6 for the wireless access controller.Select OK.Next to Status No Results, select the Status Run/Rerun Security Evaluation icon to run the security evaluation.Review the results to determine which issues you need to resolve on the wireless access controller. Use Google Chrome to go into the Ruckus wireless access controller.From the taskbar, open Google Chrome.Maximize Google Chrome for easier viewing.In the address bar, type 192.168.0.6 and press Enter.For Admin name, enter admin (case-sensitive).For Password, enter password.Select Login. Change the admin username and password for the Ruckus wireless access controller.Select the Administer tab.Make sure Authenticate using the admin name and password is selected.In the Admin Name field, replace admin with a username of your choice.In the Current Password field, enter password.In the New Password field, enter a password of you choice.In the Confirm New Password field, enter the new password.On the right, select Apply. Enable intrusion detection and prevention.Select the Configure tab.On the left, select WIPS.Under Intrusion Detection and Prevention, select Enable report rogue devices.On the right, select Apply. Verify that all the issues were resolved using the Security Evaluator.From the taskbar, select Security Evaluator.Next to Status Needs Attention, select the Status Run/Rerun Security Evaluation icon to re-run the security evaluation.Remediate any remaining issues.

5.3.5 Configure a Perimeter Firewall You work as the IT security administrator for a small corporate network. You recently placed a web server in the demilitarized zone (DMZ). You need to configure the perimeter firewall on the network security appliance (pfSense) to allow access to the web server from the LAN and from the WAN. You also want to allow all traffic from the LAN network to the DMZ network. In this lab, your task is to perform the following: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Add an HTTP firewall rule that allows traffic from the WAN to the web server in the DMZ. Add an HTTPS firewall rule that allows traffic from the WAN to the web server in the DMZ.Use the following table for the HTTP and HTTPS rules:ParameterSettingSourceWANSource and destination port/serviceHTTP (80), HTTPS (443)DestinationA single hostIP address for host172.16.1.5DescriptionsFor HTTP: HTTP to DMZ from WANFor HTTPS: HTTPS to DMZ from WAN Add a firewall rule that allows all traffic from the LAN network to the DMZ network. Use the description LAN to DMZ Any.

Complete this lab as follows: Sign in to the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Create and configure a firewall rule to pass HTTP traffic from the internet to the Web server.From the pfSense menu bar, select Firewall > Rules.Under the Firewall breadcrumb, select DMZ.Select Add (either one).Make sure Action is set to Pass.Under Source, use the drop-down to select WAN net.Select Display Advanced.For Source Port Range, use the From drop-down to select HTTP (80).Under Destination, use the Destination drop-down to select Single host or alias.In the Destination Address field, enter 172.16.1.5.Using the Destination Port Range drop-down, select HTTP (80).Under Extra Options, in the Description field, enter HTTP to DMZ from WAN.Select Save.Select Apply Changes. Create and configure a firewall rule to pass HTTPS traffic from the internet to the Web server.For the rule just created, select the Copy icon (two files).Under Source, select Display Advanced.Change the Source Port Range to HTTPS (443).Under Destination, change the Destination Port Range to HTTPS (443).Under Extra Options, change the Description filed to HTTPS to DMZ from WAN.Select Save.Select Apply Changes. Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network.Select Add (either one).Make sure Action is set to Pass.For Protocol, use the drop-down to select Any.Under Source, use the drop-down to select LAN net.Under Destination, use the drop-down to select DMZ net.Under Extra Options, change the Description filed to LAN to DMZ Any.Select Save.Select Apply Changes.

8.3.9 Configuring a Captive Portal You have been hired by a small hotel to configure how their guests access the internet. You have chosen to use pfSense's captive portal feature. Guests must pass through this portal to access the internet. In this lab, your task is to: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Add a captive portal zone named Guest_WiFiUse the description Zone used for the guest Wi-Fi Using the GuestWi-Fi interface, configure your portal as follows:Allow a maximum of 100 concurrent connections.Disconnect user from the internet if their connection is inactive for 30 minutes.Disconnect user from the internet after two hours regardless of their activity.Limit user's download and upload to 8000 and 2500 Kbit/s, respectively.Force to pass through your portal prior to authentication. Allow the following MAC and IP address to pass through the portal:MAC: 00:00:1B:12:34:56IP: 198.28.1.100/16Give the IP address the description Admin's Laptop

Complete this lab as follows: Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Add a captive portal zone.From the pfSense menu bar, select Services > Captive Portal.Select Add.For Zone name, enter Guest_WiFi.For Zone description, enter Zone used for the guest Wi-Fi.Select Save & Continue. Enable and configure the captive portal.Under Captive Portal Configuration, select Enable.For Interfaces, select GuestWi-Fi.For Maximum concurrent connections, select 100.For Idle timeout, enter 30.For Hard timeout, enter 120.Scroll down and select Per-user bandwidth restriction.For Default download (Kbit/s), enter 8000.For Default upload (Kbit/s), enter 2500.Under Authentication, use the drop-down menu to select None, don't authenticate users.Scroll to the bottom and select Save. Allow a MAC address to pass through the portal.From the Captive Portal page, select the Edit Zone icon (pencil).Under the Services breadcrumb, select MACs.Select Add.Make sure the Action field is set to Pass.For Mac Address, enter 00:00:1B:12:34:56.Select Save. Allow an IP address to pass through the portal.Under the Services breadcrumb, select Allowed IP Addresses.Select Add.For IP Address, enter 198.28.1.100.Use the IP address drop-down menu to select 16. This sets the subnet mask to 255.255.0.0.For the Description field, enter Admin's Laptop.Make sure Direction is set to Both.Select Save.

5.4.3 Configure NAT You are the IT administrator for a small corporate network. One of your assignments is to manage several computers in the demilitarized zone (DMZ). However, your computer resides on the LAN network. To be able to manage these machines remotely, you have decided to configure your pfSense device to allow several remote control protocols to pass through the pfSense device using NAT port forwarding. In this lab, your task is to create NAT forwarding rules to: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Allow the RDP/TCP Protocols from the LAN network to the administrator's PC located in the DMZ using the following guidelines:IP address for the administrator's PC: 172.16.1.100Description: RDP from LAN to Admin Allow the SSH Protocol through the pfSense device to the Kali Linux server using the following guidelines:IP address for the Linux Kali server: 172.16.1.6Description: SSH from LAN to Kali Allow the RDP/TCP Protocols from the LAN network to the web server located in the DMZ using the following guidelines:Destination and redirect port: Port 5151IP address for the web server: 172.16.1.5Description: RDP from LAN to web server using custom port

Complete this lab as follows: Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Configure NAT port forwarding for the administrator's PC.From the pfSense menu bar, select Firewall > NAT.Select Add (either one).Configure or verify the following settings:Interface: LANProtocol: TCPDestination type: LAN addressDestination port range (From and To): MS RDPRedirect target IP: 172.16.1.100Redirect target port: MS RDPDescription: RDP from LAN to AdminSelect Save. Configure NAT port forwarding for the Kali Linux server.Select Add (either one).Configure or verify the following settings:Interface: LANProtocol: TCPDestination type: LAN addressDestination port range (From and To): SSHRedirect target IP: 172.16.1.6Redirect target port: SSHDescription: SSH from LAN to KaliSelect Save. Configure NAT port forwarding for the web server.Select Add (either one).Configure or verify the following settings:Interface: LANProtocol: TCPDestination type: LAN addressDestination port range (From and To): OtherCustom (From and To) 5151Redirect target IP: 172.16.1.5Redirect target port: MS RDPDescription: RDP from LAN to web server using custom portSelect Save.Select Apply Changes.

5.2.3 Configure a DMZ You are the IT administrator for a small corporate network. You want to make a web server that runs services accessible from the internet. To help protect your company, you want to place this server and other devices in a demilitarized zone (DMZ). This DMZ and server need to be protected by the pfSense Security Gateway Appliance (pfSense). Since a few of the other devices in the DMZ require an IP address, you have also decided to enable DHCP on the DMZ network. In this lab, your task is to perform the following: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Add a new pfSense interface that can be used for the DMZ.Name the interface DMZ.Use a static IPv4 address of 172.16.1.1/16 Add a firewall rule for the DMZ interface that allows all traffic from the DMZ.Use a description of Allow DMZ to any rule Configure and enable the DHCP server for the DMZ interface.Use a range of 172.16.1.100 to 172.16.1.200

Complete this lab as follows: Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Configure an interface for the DMZ.From the pfSense menu bar, select Interfaces > Assignments.Select Add.Select OPT1.Select Enable interface.Change the Description field to DMZ.Under General Configuration, use the IPv4 Configuration Type drop-down menu to select Static IPv4.Under Static IPv4 Configuration, in the IPv4 Address field, enter 172.16.1.1.Use the subnet mask drop-down menu to select 16.Select Save.Select Apply Changes.(Optional) Verify the change as follows:From the menu bar, select pfsense COMMUNITY EDITION.Under Interfaces, verify that the DMZ is shown with the correct IP address. Add a firewall rule to the DMZ interface.From the pfSense menu bar, select Firewall > Rules.Under the Firewall breadcrumb, select DMZ. (Notice that no rules have been created.)Under the Firewall breadcrumb, select LAN.Under the Actions column, select the copy icon (two files) for the rule with a source of LAN net.For the Action field, make sure Pass is selected.Using the drop-down menu for the Interface field, select DMZ.Under Source, use the drop-down menu to select DMZ net.Under Destination, make sure it is configured for any.Under Extra Options, change the description to Allow DMZ to any rule.Scroll to the bottom and select Save.Select Apply Changes. Configure pfSense's DHCP server for the DMZ interface.From the menu bar, select Services > DHCP Server.Under the Services breadcrumb, select DMZ.Select Enable.Configure the Range field as follows:From: 172.16.1.100To: 172.16.1.200Scroll to the bottom and select Save.

9.8.4 Secure an iPad You work as the IT security administrator for a small corporate network. The receptionist uses an iPad to manage employees' schedules and messages. You need to help her secure the iPad because it contains all of the employees' personal information. In this lab, your task is to: View the current iOS version and then answer the applicable question. Apply the latest software update and then answer the applicable question. Configure Auto-Lock with a five-minute delay. Configure Passcode Lock using a passcode of C@sp3r Require the passcode after five minutes. Configure Data Erase to wipe all data after 10 failed passcode attempts. Require unknown networks to be added manually. Turn off Bluetooth.

Complete this lab as follows: Verify the current version of iOS installed on your iPad.Select Settings.From the Settings pane, select General.From the General pane, select About.In the top right, select Answer Questions.Answer Question 1. Leave the question dialog open. Apply the latest software update.From the About pane's heading, select General. This returns you to the General settings.From the General pane, select Software Update.Select Download and Install.Select Agree.Select OK. The software is downloaded.Select Install.The installation automatically starts after 10 seconds.Slide the arrow to the right to unlock the iPad.Answer Question 2 and then minimize the question dialog. Configure Auto-Lock.From the Settings pane, select Display & Brightness.From the right pane, select Auto-Lock and then select 5 minutes. Configure Complex Passcode Lock and Data Erase.From the left menu, select Touch ID & Passcode.From the right pane, select Turn Passcode On.Enter the new passcode of C@sp3rSelect Next.Re-enter [email protected] Done.Scroll down and then slide Erase Data to ON.Select Enable.Select Require Passcode.Select After 5 minutes. Require unknown networks to be manually added.From the left menu, select Wi-Fi.Slide Ask to Join Networks to OFF. Turn off Bluetooth as follows:From the left pane, select Bluetooth.Slide Bluetooth to OFF.In the top right, select Answer Questions.Select Score Lab.

5.5.5 Configure a VPN Connection iPad You work as the IT security administrator for a small corporate network. You recently set up the Remote Access VPN feature on your network security appliance to provide you and your fellow administrators with secure access to your network. You are currently at home and would like to connect your iPad to the VPN. Your iPad is connected to your home wireless network. In this lab, your task is to: Add an IPSec VPN connection using the following values:ParameterValueDescriptionCorpNetVPNServer198.28.56.34AccountmbrownSecretasdf1234$ Turn on the VPN. Verify that a connection is established. The password for mbrown is L3tM31nN0w (0 = zero).

Complete this lab as follows: Verify your connection to the Home-Wireless network.Select Settings.Select Wi-Fi. Add and configure a VPN.From the left menu, select General.From the right menu, select VPN.Select Add VPN Configuration.Select IPSec.In the Description field, enter CorpNetVPN.In the Server field, enter 198.28.56.34.In the Account field, enter mbrown.In the Secret field, enter asdf1234$.In the upper right, select Save. Connect to the VPN just created.Under VPN Configuration, slide Not Connected to ON.When prompted, enter L3tM31nN0w (0 = zero) as the password.Select OK.

6.8.5 Remove a User from a Group Corey Flynn (cflynn) currently belongs to several groups. Due to some recent restructuring, he no longer needs to be a member of the hr group. To preserve existing group membership, use the usermod -G command to list all groups to which the user must belong. Do not include the primary group name in the list of groups. In this lab, your task is to: Remove cflynn from the hr group. Preserve all other group memberships. View the /etc/group file or use the groups command to verify the changes. Start Lab

Complete this lab as follows: View a list of all groups to which Cory Flynn belongs.At the prompt, type groups cflynn and press Enter.Notice that cflynn currently belongs to the mgmt1, hr, and it secondary groups. The cflynn group is the user's primary group. Change and verify Cory Flynn's group membership.Type usermod -G mgmt1,it cflynn and press Enter.Type groups cflynn and press Enter.Cory now only belongs to the mgmt1 and it groups.

6.10.6 Configure Kerberos Policy Settings You are the IT security administrator for a small corporate network that has a single Active Directory domain named CorpNet.local. You are working on increasing the authentication security of the domain. In this lab, your task is to configure the Kerberos policy settings in the Default Domain Policy using Group Policy Management with the following settings: Security SettingValueMaximum lifetime for service ticket180 minutesMaximum lifetime for user ticket3 hoursMaximum lifetime for user ticket renewal3 daysMaximum tolerance for computer clock synchronization1 minute Start Lab

When completing this lab, use the following Kerberos policy settings: Security SettingValueMaximum lifetime for service ticket180 minutesMaximum lifetime for user ticket3 hoursMaximum lifetime for user ticket renewal3 daysMaximum tolerance for computer clock synchronization1 minute Complete this lab as follows: Access the CorpNet.local Default Domain Policy.From Server Manager, select Tools > Group Policy Management.Maximize the window for better viewing.Expand Forest: CorpNet.local > Domains > CorpNet.local. Edit the Default Domain Policy to configure the Kerberos policy for computer configurations.Right-click Default Domain Policy and then select Edit.Maximize the window for better viewing.Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Account Policies.Select Kerberos Policy.From the right pane, double-click the policy you want to edit.Configure the policy setting and then select OK.Repeat steps 2e - 2f for each policy setting.

14.1.4 Configure Advanced Audit Policy You work as the IT security administrator for a small corporate network. As part of an ongoing program to improve security, you want to implement an audit policy for all workstations. You plan to audit user logon attempts and other critical events. In this lab, your task is to configure the following audit policy settings in WorkstationGPO: Local PoliciesSettingAudit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settingsEnabledAudit: Shut down system immediately if unable to log security auditsEnabled Event LogSettingRetention method for security logDefine: Do not overwrite events (clear log manually) Advanced Audit Policy ConfigurationSettingAccount Logon: Audit Credential ValidationSuccess and FailureAccount Management: Audit User Account ManagementSuccess and FailureAccount Management: Audit Security Group ManagementSuccess and FailureAccount Management: Audit Other Account Management EventsSuccess and FailureAccount Management: Audit Computer Account ManagementSuccessDetailed Tracking: Audit Process CreationSuccessLogon/Logoff: Audit LogonSuccess and FailureLogon/Logoff: Audit LogoffSuccessPolicy Change: Audit Authentication Policy ChangeSuccessPolicy Change: Audit Audit Policy ChangeSuccess and FailurePrivilege Use: Audit Sensitive Privilege UseSuccess and FailureSystem: Audit System IntegritySuccess and FailureSystem: Audit Security System ExtensionSuccess and FailureSystem: Audit Security State ChangeSuccess and FailureSystem: Audit IPsec DriverSuccess and Failure Do not use the old audit policies located in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policies.

While completing this lab, use the following WorkstationGPO settings: Local PoliciesSettingAudit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settingsEnabledAudit: Shut down system immediately if unable to log security auditsEnabled Event LogSettingRetention method for security logDefine: Do not overwrite events (clear log manually) Advanced Audit Policy ConfigurationSettingAccount Logon: Audit Credential ValidationSuccess and FailureAccount Management: Audit User Account ManagementSuccess and FailureAccount Management: Audit Security Group ManagementSuccess and FailureAccount Management: Audit Other Account Management EventsSuccess and FailureAccount Management: Audit Computer Account ManagementSuccessDetailed Tracking: Audit Process CreationSuccessLogon/Logoff: Audit LogonSuccess and FailureLogon/Logoff: Audit LogoffSuccessPolicy Change: Audit Authentication Policy ChangeSuccessPolicy Change: Audit Audit Policy ChangeSuccess and FailurePrivilege Use: Audit Sensitive Privilege UseSuccess and FailureSystem: Audit System IntegritySuccess and FailureSystem: Audit Security System ExtensionSuccess and FailureSystem: Audit Security State ChangeSuccess and FailureSystem: Audit IPsec DriverSuccess and Failure Edit Audit Policies as follows: Using Group Policy Management, access CorpNet.local's Group Policy Objects > WorkgroupGPO.From Server Manager's menu bar, select Tools > Group Policy Management.Expand Forest: CorpNet.local > Domains > CorpNet.local > Group Policy Objects.Maximize the windows for better viewing. Access the WorkstationGPO's Security Settings Local Policies.Right-click WorkstationGPO and select Edit.Maximize the windows for better viewing.Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies. Modify Local Policies.Select Security Options.From the right pane, double-click the policy you want to edit.Select Define this policy setting.Select the policy settings as required.Select OK.Select Yes to confirm changes as necessary.Repeat steps 3b - 3f for additional policy settings. Modify the Event Log.From the left pane, select Event Log.From the right pane, double-click the policy you want to edit.Select Define this policy setting.Select the policy settings as required.Select OK. Modify Advanced Audit Policy Configuration.From the left pane, expand Advanced Audit Policy Configuration > Audit Policies.Select the audit policy category.From the right pane, double-click the policy you want to edit.Select Configure the following audit events.Select the policy settings as required.Select OK.Repeat steps 5b-5f for additional policy settings.

6.6.11 Configure Smart Card Authentication You work as the IT administrator for a growing corporate network. The Research and Development Department is working on product enhancements. Last year, some secret product plans were compromised. As a result, the company decided to implement smart cards for logon to every computer in the Research and Development Department. No user should be able to log onto the workstation without using a smart card. In this lab, your task is to perform the following on CorpDC: Enforce the existing Research-DevGPO linked to the Research-Dev OU. Edit the Research-DevGPO and configure the following local security setting policies located in the Computer Configuration section:PolicySettingInteractive logon: Require smart cardEnableInteractive logon: Smart card removal behaviorForce logoff

While completing this lab, use the following information to configure the following Security Options policies: PolicySettingInteractive logon: Require smart cardEnableInteractive logon: Smart card removal behaviorForce logoff Complete this lab as follows: Access the CorpDC server.In Hyper-V Manager, select CORPSERVER.Double-click CorpDC. Enforce the existing Research-DevGPO.From Server Manager, select Tools > Group Policy Management.Maximize the window for better viewing.From the left pane, expand Forest: CorpNet.local > Domains > CorpNet.local > Group Policy Objects.From the left pane, select the Research-DevGPO.From the Scope tab under Links, right-click Research-Dev and then select Enforced. Edit Research-DevGPO polices.From the left pane, right-click Research-DevGPO and then select Edit.Maximize the window for better viewing.Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies.Select Security Options.From the right pane, double-click the policy and select Properties.Select Define this policy setting.Select additional parameters to configure the policy setting.Select OK.Repeat steps 3e-3h to configure the additional policy setting.

6.6.8 Enforce User Account Control You are the IT administrator for a small corporate network. The company has a single Active Directory domain named CorpNet.xyz. You need to increase the domain's authentication security. You need to make sure that User Account Control (UAC) settings are consistent throughout the domain and in accordance with industry recommendations. In this lab, your task is to configure the following UAC settings in the Default Domain Policy on CorpDC as follows: User Account ControlSettingAdmin Approval mode for the built-in Administrator accountEnabledAllow UIAccess applications to prompt for elevation without using the secure desktopDisabledBehavior of the elevation prompt for administrators in Admin Approval modePrompt for credentialsBehavior of the elevation prompt for standard usersAutomatically deny elevation requestsDetect application installations and prompt for elevationEnabledOnly elevate UIAccess applications that are installed in secure locationsEnabledOnly elevate executables that are signed and validatedDisabledRun all administrators in Admin Approval modeEnabledSwitch to the secure desktop when prompting for elevationEnabledVirtualize file and registry write failures to per-user locationsEnabled User Account Control policies are set in a GPO linked to the domain. In this scenario, edit the Default Domain Policy and configure settings in the following path:Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.

While completing this lab, use the following information when configuring the UAC settings. User Account ControlSettingAdmin Approval mode for the built-in Administrator accountEnabledAllow UIAccess applications to prompt for elevation without using the secure desktopDisabledBehavior of the elevation prompt for administrators in Admin Approval modePrompt for credentialsBehavior of the elevation prompt for standard usersAutomatically deny elevation requestsDetect application installations and prompt for elevationEnabledOnly elevate executables that are signed and validatedDisabledOnly elevate UIAccess applications that are installed in secure locationsEnabledRun all administrators in Admin Approval modeEnabledSwitch to the secure desktop when prompting for elevationEnabledVirtualize file and registry write failures to per-user locationsEnabled Complete this lab as follows: On CorpDC, access the CorpNet.local domain for Group Policy Management.From Hyper-V Manager, select CORPSERVER.Double-click CorpDC.From Server Manager, select Tools > Group Policy Management.Maximize the window for easy viewing.Expand Forest: CorpNet.local > Domains > CorpNet.local. Configure the UAC settings.Right-click Default Domain Policy and select Edit.Maximize the window for easier viewing.Under Computer Configuration, expand and select Policies > Windows Settings > Security Settings > Local Policies > Security Options.From the right pane, double-click the policy you want to edit.Select Define this policy setting.Select Enable or Disable as necessary.Edit the value for the policy as needed and then click OK.Repeat steps 2d-2g for each policy setting.

11.4.9 Scan for Domain Controller Vulnerabilities You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Use the Security Evaluator tool to run a vulnerability scan on the CorpDC domain controller. In this lab, your task is to: Run a vulnerability scan for the CorpDC domain controller using the Security Evaluator on the taskbar. Remediate the vulnerabilities in the Default Domain Policy using Group Policy Management on CorpDC. Re-run a vulnerability scan to make sure all of the issues are resolved.

While completing this lab, use the following information: AreaPolicySettingPassword PolicyEnforce password history24 Passwords Minimum password age1 DayMinimum password length14 CharactersAccount Lockout PolicyReset account lockout counter after60 MinutesEvent LogRetention method for application logDo not overwrite events (clear log manually)Retention method for security logDo not overwrite events (clear log manually)Retention method for system logDo not overwrite events (clear log manually)System ServicesDCOM Server Process LauncherDisabledTask SchedulerDisabled Complete this lab as follows: Run a Security Evaluator report.From the taskbar, open Security Evaluator.Next to Target: Local Machine, select the Target icon to select a target.Select Domain Controller.Using the Domain Controller drop-down list, select CorpDC as the target.Select OK.Next to Status: No Results, select the Status Run/Rerun Security Evaluation icon.Review the results to determine which issues you need to resolve on CorpDC. Access the CorpDC server.From the top navigation tabs, select Floor 1.Under Networking Closet, select CorpDC.If you need to return to the ITAdmin computer to review the Security Evaluator results:From the top navigation tabs, select Floor 1.Under IT Administration, select ITAdmin. Access and edit the CorpNet.local Default Domain Policy.From Server Manager, select Tools > Group Policy Management.Maximize the window for easier viewing.Expand Forest: CorpNet.local > Domains >CorpNet.local.Right-click Default Domain Policy and then select Edit.Maximize the window for easier viewing. Remediate the password policy issues in Account Policies.Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Account Policies.From the left pane, select Password Policy.From the right pane, double-click the policy.Select Define this policy setting.Enter the password setting and then select OK.Repeat steps 4c-4e for each additional password policy. Remediate the reset account lockout counter issue in Account Policies.From the left pane, select Account Lockout Policy.From the right pane, double-click Reset account lockout counter after.Select Define this policy setting.Enter 60 minutes and then select OK. Remediate the Event Log issues.From the left pane, select Event Log.From the right pane, double-click the policy.Select Define this policy setting.Select Do not overwrite events (clear log manually) and then select OK.Repeat steps 6b-6d for each additional Event Log policy. Remediate System Services issues.From the left pane, select System Services.From the right pane, double-click the policy.Select Define this policy setting.Make sure Disabled is selected and then select OK.Repeat steps 7b-7d for the remaining System Services policy. Verify that all the issues were resolved using the Security Evaluator feature on the ITAdmin computer.From the top navigation tabs, select Floor 1.Under IT Administration, select ITAdmin.From Security Evaluator, select the Status Run/Rerun Security Evaluation icon to rerun the security evaluation.If you still see unresolved issues, select Floor 1, navigate to CorpDC, and remediate any remaining issues.

5.11.11 Secure Access to a Switch 2 You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet by creating an access control list. You have been asked to prevent video game consoles from connecting to the switch. In this lab, your task is to: Create a MAC-based ACL named GameConsoles. Configure the GameConsoles MAC-based access control entry (ACE) settings as follows:PriorityActionDestinationMAC AddressSource MAC Address1DenyAnyValue: 00041F111111Mask: 0000001111112DenyAnyValue: 005042111111Mask: 0000001111113DenyAnyValue: 000D3A111111Mask: 0000001111114DenyAnyValue: 001315111111Mask: 0000001111115DenyAnyValue: 0009BF111111Mask: 0000001111116DenyAnyValue: 00125A111111Mask: 000000111111 Bind the GameConsoles ACL to all of the GE1-GE30 interfaces.Use Copy Settings to apply the binding to multiple interfaces Save the changes to the switch's startup configuration file. Use the default settings.

While completing this lab, use the following information: Configure the GameConsoles MAC-based access control entry (ACE) settings as follows: PriorityActionDestinationMAC AddressSource MAC Address1DenyAnyValue: 00041F111111Mask: 0000001111112DenyAnyValue: 005042111111Mask: 0000001111113DenyAnyValue: 000D3A111111Mask: 0000001111114DenyAnyValue: 001315111111Mask: 0000001111115DenyAnyValue: 0009BF111111Mask: 0000001111116DenyAnyValue: 00125A111111Mask: 000000111111 Complete this lab as follows: Create the GameConsoles ACL.From the Getting Started page, under Quick Access, select Create MAC-Based ACL.Select Add.In the ACL Name field, enter GameConsolesClick Apply and then click Close. Create MAC-based access control.Select MAC-Based ACE Table.Select Add.Enter the priority.Select the action.For Destination MAC Address, make sure Any is selected.For Source MAC Address, select User Defined.Enter the source MAC address value.Enter the source MAC address mask.Click Apply.Repeat steps 2c-2i for additional ACE entries.Click Close. Bind the GameConsoles ACL to all of the interfaces.From the left pane, under Access Control, select ACL Binding (Port).Select GE1.At the bottom of the window, select Edit.Click Select MAC-Based ACL.Select Apply and then select Close.Select Copy Settings.In the Copy configuration's to field, enter 2-30.Click Apply. Save the Configuration.From the top of the window, select Save.Under Source File Name, make sure Running configuration is selected.Under Destination File Name, make sure Startup configuration is selected.Click Apply.Click OK.

Tingnan ang lahat ng mga set ng pag-aaral

Kaugnay na mga set ng pag-aaral

Building and Using Queries- Access B

View Set

Chapter 6: Employer payroll Taxes

View Set

Capitales union européenne + pays

View Set

Ch. 2 Using Financial Statements and Budgets

View Set

Religion IV - Quarter One Exam - Study Guide

View Set