nf study

Salman Chawla (schawla) forgot his password and needs access to the resources on his computer. You are logged on as wadams. The password for the root account is 1worm4b8. In this lab, your task is to: Change the password for the schawla user account to G20oly04 (0 is a zero). Make sure the password is encrypted in the shadow file. Do not use the usermod -p command to change the password, as this stores the unencrypted version of the password in the /etc/shadow file.

Complete the lab as follows: 1. Change Salman Chawla's password. a. From the Favorites bar, select Terminal. b. At the prompt, type su -c "passwd schawla", then press Enter. c. Type 1worm4b8, then press Enter. This is the password for the root user. d. At the New password prompt, type G20oly04, then press Enter. This is the new password for the schawla user account. e. At the Retype new password prompt, type G20oly04, then press Enter.

You have installed Hyper-V on the CorpServer server. You want to use the server to create virtual machines. Prior to creating the virtual machines, you are experimenting with virtual switches. In this lab, your task is to: Create an internal virtual switch named Switch 1. Create a private virtual switch named Switch 2. Launch Lab

Complete the lab as follows: 1. Open the Virtual Switch Manager. a. From Hyper-V Manager, right-click CORPSERVER. b. Select Virtual Switch Manager. 2. Create an internal switch named Switch 1. a. Select Create Virtual Switch. b. In the Name field, enter Switch 1. c. Under Connection type, select Internal network. d. Select Apply. 3. Create a private switch named Switch 2. a. From the left pane, select New virtual network switch. b. From the right pane, select Private. c. Select Create Virtual Switch. d. In the Name field, enter Switch 2. e. Select OK.

You work as the IT security administrator for a small corporate network. You need to secure access to your pfSense appliance, which is still configured with the default user settings. In this lab, your task is to: Change the password for the default pfSense account from P@ssw0rd to 1w0rm4b8. Create a new administrative user with the following parameters:Username: zolsenPassword: St@yout!Full Name: Zoey OlsenGroup Membership: admins Set a session timeout of 15 minutes for pfSense. Disable the webConfigurator anti-lockout rule for HTTP. Access the pfSense management console through Google Chrome using: http://198.28.56.22Default username: adminPassword: P@ssw0rd

1. Access the pfSense management console.a. From the taskbar, select Google Chrome.b. Maximize the window for better viewing.c. In the Google Chrome address bar, enter 198.28.56.22 and then press Enter.d. Enter the pfSense sign-in information as follows:• Username: admin• Password: P@sswOrde. Select SIGN IN.2. Change the password for the default (admin) account.a. From the pfSense menu bar, select System > User Manager.b. For the admin account, under Actions, select the Edit user icon (pencil).c. For the Password field, change to 1worm4b8.d. For the Confirm Password field, enter 1wOrm4b8.e. Scroll to the bottom and select Save3. Create and configure a new pfSense user.a. Select Add.b. For Username, enter zolsen.c. For the Password field, enter St@yout!d. For the Confirm Password field, enter St@yout!e. For Full Name, enter Zoey Olsen.f. For Group Membership, select admins and then select Move to Member of list.g. Scroll to the bottom and select Save.4. Set a session timeout for pfSense.a. Under the System breadcrumb, select Settings.b. For Session timeout, enter 15.c. Select Save.5. Disable the webConfigurator anti-lockout rule for HTTP.a. From the pfSense menu bar, select System > Advanced.b. Under webConfigurator, for Protocol, select HTTP.c. Select Anti-lockout to disable the webConfigurator anti-lockout rule.d. Scroll to the bottom and select Save.

A server is used to transfer company financial data to remote branches using the FTP protocol. Since the data is sensitive to the company, you have been asked to scan the host for vulnerabilities. In this lab, your task is to complete the following: Login to the CompTIA Vulnerability Scanner in Chrome.URL: http://192.168.0.52Username: securityadminPassword: P@ssw0rd Using the CompTIA Vulnerability Scanner, scan the server found at 192.168.0.46. Answer the questions presented about what the Vulnerability Scanner finds.

Complete the lab as follows: 1. Access the CompTIA Vulnerability Scanner. a. URL: http://192.168.0.52 b. Username: securityadmin c. Password: P@sswOrd (with a zero, not the letter o) d. Click Sign In. 2. Scan the host at 192.168.0.46. a. Click on the Targets tab. b. Click on Add Target. c. Name the target FTP or a name of your choice. d. In the Hosts field, enter 192.168.0.46, then select OK. e. Click on the Tasks tab. f. Click on Add Task. g. Enter FTP scan (or a name of your choice) for the Name. h. Select FTP (or the name you chose) from the Add Target list box. Click OK i. Click the Run button to the right to start the scan. 3. View the Vulnerability Scanner report. a. Click the Reports tab. b. Review the contents of the report under FTP (or the name you chose) and answer the questions by clicking the Answer Questions button at the top right. c. Click Score Lab.

You are the IT administrator for a corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. You have created an Active Directory structure based on the company's departmental structure. While creating the structure, you added a Workstations OU in each of the departmental OUs. After further thought, you decide to use one Workstations OU for the entire company. As a result, you need to delete the departmental Workstations OUs. In this lab, your task is to delete the following OUs on CorpDC: Within the Marketing OU, delete the Workstations OU. Within the Research-Dev OU, delete the Workstations OU. Within the Sales OU, delete the Workstations OU.

Complete the lab as follows: 1. Access the CorpDC server. a. From Hyper-V Manager, select CORPSERVER. b. From the Virtual Machines pane, double-click CorpDC. 2. Delete the applicable OUs. a. From Server Manager, select Tools > Active Directory Users and Computers. b. Select View > Advanced Features. This enables the Advanced feature, allowing you to disable the OU from accidental deletion. c. From the left pane, expand CorpNet.local > the_parent OU. d. Right-click the OU that needs to be deleted and then select Properties. e. Select the Object tab. f. Clear Protect object from accidental deletion and then select OK. g. Right-click the OU to be deleted and then select Delete. h. Select Yes to confirm the OU's deletion. i. Repeat steps 2c - 2h to delete the remaining OUs. 3. From the Active Directory Users and Computers menu bar, select View > Advanced Features to turn off the Advanced Features view.

You have recently installed a new Windows 10 computer. To protect valuable data, you need to implement file history backups on this computer. In this lab, your task is to configure automatic backups for the Exec computer as follows: Save the backup to the Backup (E:) volume. Back up files daily. Keep backup files for six months. Back up the entire Data (D:) volume. Make a backup now.

Complete the lab as follows: 1. Access the File History Backup options. a. Right-click Start and then select Settings. b. Select Update & Security. c. From the left pane, select Backup. 2. Configure and run a file history backup plan. a. From the right pane, select Add a drive. b. Select Backup (E:). c. Under Automatically back up my files, move the switch to On. d. Select More options. e. Under Back up my files, use the drop-down menu to select Daily. f. Under Keep my backups, use the drop-down menu to select 6 months. g. Under Back up these folders, select Add a folder. h. Double-click the Data (D:) volume and then select Choose this folder. i. Select Back up now. j. Wait for the backup to complete.

You are the IT security administrator for a small corporate network. You need to enable logging on the switch in the networking closet. In this lab, your task is to: Enable logging and the Syslog Aggregator. Configure RAM Memory Logging as follows:Emergency, Alert, and Critical: EnableError, Warning, Notice, Informational, and Debug: Disable Configure Flash Memory Logging as follows:Emergency and Alert: EnableCritical, Error, Warning, Notice, Informational, and Debug: Disable Copy the running configuration file to the startup configuration file using the following settings:Source File Name: Running configurationDestination File Name: Startup configuration

Complete the lab as follows: 1. Access the Log Settings for the switch. a. From the left menu, expand Administration > System Log. b. Select Log Settings. 2. Enable Logging and Syslog Aggregator. a. For Logging, select Enable. b. For Syslog Aggregator, select Enable. 3. Configure RAM and Flash memory logging: a. Under RAM Memory Logging: Select Emergency, Alert, and Critical. •Clear Error, Warning, Notice, Informational, and Debug. b. Under Flash Memory Logging: Select Emergency and Alert. • Clear Critical, Error, Warning, Notice, Informational, and Debug. c. Select Apply. 4. Save the changes. a. From the top menu bar, select Save. b. On the right, under Source File Name, make sure Running configuration is selected. c. Under Copy/Save Configuration, select Apply. d. Select OK. e. Select Done.

You are a network technician for a small corporate network. You need to increase the security of your wireless network. Your new wireless controller provides several security features that you want to implement. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case-sensitive. In this lab, your task is to: Change the admin username and password for the Zone Director controller to the following:Admin Name: WxAdminPassword: ZDAdminsOnly!$ (O is the capital letter O) Set up MAC address filtering (L2 Access Control) to create an allow list called Allowed Devices that includes the following wireless devices:00:18:DE:01:34:6700:18:DE:22:55:9900:02:2D:23:56:8900:02:2D:44:66:88 Implement a device access policy called NoGames that blocks gaming consoles from the wireless network.

Complete the lab as follows: 1. Access the Ruckus zone controller. a. From the taskbar, select Google Chrome. b. In the URL field, enter 192.168.0.6 and press Enter. c. Maximize the window for better viewing. 2. Log in to the wireless controller console. a. In the Admin field, enter admin (case sensitive). b. In the Password field, enter password as the password. c. Select Login. 3. Change the admin username and password for the Zone Director controller. a. From the top, select the Administer tab. b. Make sure Authenticate using the admin name and password is selected. c. In the Admin Name field, enter WxAdmin. d. In the Current Password field, enter password. e. In the New Password field, enter ZDAdminsOnly!$. f. In the Confirm New Password field, enter ZDAdminsOnly!$. g. On the right, select Apply. 4. Enable MAC address filtering. a. From the top, select the Configure tab. b. From the left menu, select Access Control. c. Expand L2-L7 Access Control. d. Under L2/MAC address Access Control, select Create New. e. In the Name field, enter Allowed Devices. f. Under Restriction, make sure Only allow all stations listed below is selected. g. Enter a MAC address. h. Select Create New. i. Repeat step 4g-4h for each MAC address you would like to add to the ACL. j. Select OK. 5. Configure access controls. a. Under Access Control, expand Device Access Policy. b. Select Create New. c. In the Name field, enter NoGames. d. Select Create New. e. In the Description field, enter Games. f. Using the OS/Type drop-down list, select Gaming. g. In the Type field, select Deny. h. Under Uplink, make sure Disabled is selected.

You are a network technician for a small corporate network. You just installed a Ruckus zone controller and wireless access points throughout your office buildings using wired connections. You now need to configure basic wireless network settings. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case-sensitive. In this lab, your task is to: Create a WLAN using the following settings:Name: CorpNet WirelessESSID: CorpNetType: Standard UsageAuthentication: OpenEncryption: WPA2Encryption algorithm: AESPassphrase: @CorpNetWeRSecure! Connect the Exec-Laptop in the Executive office to the new wireless network.

Complete the lab as follows: 1. Access the Ruckus zone controller. a. From the taskbar, select Google Chrome. b. In the URL field, enter 192.168.0.6 and press Enter. c. Maximize the window for better viewing. 2. Log into the Wireless Controller console. a. In the Admin field, enter admin (case-sensitive). b. In the Password field, enter password as the password. c. Select Login. 3. Create a new WLAN. a. Select the Configure tab. b. From the left menu, select WLANs. c. From the right, under WLANs, select Create New. d. In the New Name field, enter CorpNet Wireless. e. In the ESSID field, enter CorpNet. f. Under Type, make sure Standard Usage is selected. g. Under Authentication Options, make sure Open is selected. h. Under Encryption Options, select WPA2. i. For Algorithm, make sure AES is selected j. In the Passphrase field, enter @CorpNetWeRSecure!. k. Select OK. 4. Switch to the Exec-Laptop. a. From the top left, select Floor 1. b. Under Executive Office, select Exec-Laptop. 5. Connect to the new CorNet wireless network. a. In the notification area, select the wireless network icon to view the available networks. b. Select CorpNet. c. Select Connect. d. Enter @CorpNetWeRSecure! for the security key. e. Select Next. f. Select Yes to make the computer discoverable on the network. The CorNet network now shows as being connected and secured.

You are the IT security administrator for a small corporate network. Recently, some of your firm's proprietary data leaked online. You have been asked to use steganography to encrypt data into a file to be shared with a business partner. The data will allow you to track the source if the information is leaked again. In this lab, your task is to use OpenStego to hide data in photos as follows: Encrypt and password-protect the user data in the file to be shared.Message file: John.txtCover file: gear.pngOutput Sego file: send.png (saved in the Documents folder)Password: NoMor3L3@ks! Confirm the functionality of the steganography by:Extracting the data to C:\Users\Administrator\Documents\Export.Open the extracted file to confirm that the associated username has been embedded into the file.

Complete the lab as follows: 1. Encrypt the user data into the file to be shared. a. In the search field on the taskbar, type OpenStego. b. Under Best match, select OpenStego. 2. Select the Message, Cover, and Output Stego files. a. For the Message File field, select the ellipses [...] button at the end of the field. b. Double-click John.txt to select the file. c. For the Cover File field, select the ellipses [...] button at the end of the field. d. Double-click gear.png to select the file. e. For the Output Stego File field, select the ellipses [...] button at the end of the field. f. In the File name field, enter send.png and then select Open. 3. Password protect the file. a. In the Password field, enter NoMor3L3@ks! b. In the Confirm Password field, enter NoMor3L3@ks! c. Select Hide Data. d. Select OK. 4. Extract the data. a. Under Data Hiding, select Extract Data. b. For the Input Stego File field, select the ellipses [...] button. c. Double-click send.png to select the file with the encryption. d. For the Output Folder for Message File field, select the ellipses [...] button. e. Double-click Export to set it as the destination of the file output. f. Click Select Folder. g. In the Password field, enter NoMor3L3@ks! as the password. h. Select Extract Data. i. Select OK. 5. Verify that the decryption process was successful. a. From the taskbar, select File Explorer. b. Double-click Documents to navigate to the folder. c. Double-click Export to navigate to the folder. d. Double-click John.txt.

You are the IT security administrator for a small corporate network. You need to secure access to your switch, which is still configured with the default settings. Access the switch management console through Chrome on http://192.168.0.2 with the username cisco and password cisco. In this lab, your task is to: Create a new user account with the following settings:Username: ITSwitchAdminPassword: Admin$only1844User Level: Read/Write Management Access (15) Edit the default user account as follows:Username: ciscoPassword: CLI$only1958User Level: Read-Only CLI Access (1) Save the changes to the switch's startup configuration file.

Complete the lab as follows: 1. Log in to the CISCO switch. a. From the taskbar, select Google Chrome. b. In the URL field, enter 192.168.0.2 and press Enter. c. Maximize the window for better viewing. d. In the Username and Password fields, enter cisco (case sensitive). e. Select Log In. 2. Create a new user account. a. From Getting Started under Quick Access, select Change Device Password. b. Select Add. c. For the username, enter ITSwitchAdmin (case sensitive). d. For the password, enter Admin$only1844 (case sensitive). e. For Confirm Password, enter Admin$only1844. f. For the User Level, make sure Read/Write Management Access (15) is selected. g. Select Apply. h. Select Close. 3. Edit the default user account. a. Under User Account Table, select cisco (the default user) and then select Edit. b. For the password, enter CLISonly1958. c. For Confirm Password, enter CLISonly1958. d. For User Level, select Read-Only CLI Access (1). e. Select Apply. 4. Save the changes to the switch's startup configuration file. a. From the top of the switch window, select Save. b. On the left, select Copy/Save Configuration. c. On the right, under Source File Name, make sure Running configuration is selected. d. Under Destination File Name, make sure Startup configuration is selected. e. Select Apply. f. Select OK. g. Select Done.

You are the IT administrator for a small corporate network. One of your assignments is to manage several computers in the demilitarized zone (DMZ or screened subnet). However, your computer resides on the LAN network. To be able to manage these machines remotely, you have decided to configure your pfSense device to allow several remote control protocols to pass through the pfSense device using NAT port forwarding. In this lab, your task is to create NAT forwarding rules: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Allow the RDP/TCP Protocols from the LAN network to the PC1 computer located in the DMZ using the following:IP address for PC1: 172.16.1.100Description: RDP from LAN to PC1 Allow the SSH Protocol from the LAN network to the Kali Linux server located in the DMZ using the following:IP address for the Linux Kali server: 172.16.1.6Description: SSH from LAN to Kali Allow the RD

Complete the lab as follows: 1. Sign into the piSense management console. a. In the Username field, enter admin. b. In-the Password field, enter P@sswOrd (zero). c Select SIGN IN or press Enter. 2. Configure NAT port forwarding for the PC1 computer. a. From the piSense menu bar, select Firewall > NAT. b. Select Add (either one). c Configure or verify the following settings. * Interface: LAN * Protocol: TCP • Destination type: LAN address • Destination port range (From and To): MS RDP * Redirect target IP: 172.16.1.100 Redirect target port MS RDP • Description: RDP from LAN to PC1 d. Select Save. 3. Configure NAT port forwarding for the Kali Linux server. a. Select Add (either one). b. Configure or verify the following settings. * Interface: LAN * Protocol TCP • Destination type: LAN address • Destination port range (From and To): SSH • Redirect target IP. 172.16.1.6 Redirect target port SSH * Description: SSH from LAN to Kali c. Select Save. 4. Configure NAT port forwarding for the web server. a. Select Add (either one). b. Configure or verify the following settings: • Interface: LAN • Protocol: TCP • Destination type: LAN address *Destination port range (From and To): Other * Custom (From and To) 5151 • Redirect target IP: 172.16.1.5 Redirect target port: MS RDP • Description: RDP from LAN to web server using custom port c. Select Save. d. Select Apply Changes.

You are the CorpNet IT administrator. Your support team says that CorpNet's customers are unable to browse to the public-facing web server. You suspect it might be under a denial-of-service attack, possibly a TCP-SYN flood attack. Your www_stage computer is on the same network segment as your web server, so you should use this computer to investigate the problem. In this lab, your task is to: Capture packets from the network segment on www_stage using Wireshark.Use the enp2s0 interface. Analyze the attack using the following filters:tcp.flags.syn==1 and tcp.flags.ack==1tcp.flags.syn==1 and tcp.flags.ack==0 Answer the question.

Complete the lab as follows: 1. Using Wireshark, only capture packets containing both the SYN flag and ACK flags. a. From the Favorites bar, select Wireshark. b. Under Capture, select enp2s0. c. From the menu, select the blue fin to begin the capture. d. In the Apply a display filter field, type tp.flags.syn==1 and top.flags.ack==1 and press Enter to filter Wireshark to display only those packets with the SYN flag and ACK flag. You may have to wait up to a minute before any SYN-ACK packets are captured and displayed. e. Select the red square to stop the capture. 2. Change the filter to only display packets with the SYN flag. a. In the Apply a display filter field, change the tp.flags.ack ending from the number 1 to the number 0 and press Enter. Notice that there is a flood of SYN packets being sent to 128.28.1.1 (www.corpnet.local) that are not being acknowledged. b. From the top right, select Answer Questions. c. Answer the question. d. Select Score Lab.

There are two groups of users who access the CorpFiles server: Marketing and Research. Each group has a corresponding folder: D:\Marketing Data D:\Research Data In this lab, your task is to: Disable permissions inheritance for D:\Marketing Data and D:\Research Data and convert the existing permissions to explicit permissions. For each of the above folders, remove the Users group from the access control list (ACL). Add the Marketing group to the Marketing Data folder ACL. Add the Research group to the Research Data folder ACL. Assign the groups Full Control to their respective folders. Do not change any other permissions assigned to other users or groups.

Complete the lab as follows:1. Open the Data (D:) drive.a. From the Windows taskbar, select File Explorer.b. From the left pane, expand and select This PC > Data (D:).2. Disable inheritance and convert inherited permissions to explicit permissions.a. From the right pane, right-click the applicable folder and then select Properties.b. Select the Security tab.c. Select Advanced to modify inherited permissions.d. Select Disable inheritance to prevent inherited permissions.e. Select Convert inherited permissions into explicit permissions on this object.3. Remove the Users group from the access control list.a. Under Permission entries, select Users.b. Select Remove to remove the group from the access control list.c. Select OK.4. Add a new group to the access control list and allow Full Control.a. From the Properties dialog, select Edit to add a group to the access control list.b. Select Add.c. Enter the name of the group you want to add and then select Check Names.d. Select OK.e. With the newly added group selected, under the Allow column, select Full control and then selectf. Select OK to close the properties dialog.5. Repeat steps 2 - 4 to modify the permissions for the additional folder.

Every seven years, your company provides a six-week sabbatical for every employee. Vera Edwards (vedwards), Corey Flynn (cflynn), and Bhumika Kahn (bkahn) are leaving today. Maggie Brown (mbrown), Brenda Cassini (bcassini), and Arturo Espinoza (aespinoza) are just returning. The company security policy mandates that user accounts for employees gone for longer than two weeks be disabled. In this lab, your task is to: Lock the following user accounts:vedwardscflynnbkahn Unlock the following user accounts:mbrownbcassiniaespinoza When you're finished, view the /etc/shadow file to verify the changes.

Complete this lab as follows: 1. Lock the applicable accounts. a. From the Favorites bar, select Terminal. b. At the prompt, type usermod -L vedwards or passwd -I vedwards and press Enter. c. Type usermod -L cflynn or passwd -I cflynn and press Enter. d. Type usermod -L bkahn or passwd -I bkahn and press Enter. 2. Unlock the applicable accounts. a. Type usermod -U mbrown or passwd -u mbrown and press Enter. b. Type usermod -U bassini or passwd -u bassini and press Enter. c. Type usermod -U aespinoza or passwd -u aespinoza and press Enter. 3. Verify your changes by typing cat /etc/shadow and pressing Enter. The inclusion of the exclamation point (!) in the password field indicates whether the account is disabled.