Chapter 13 Lab Sims
You work in the IT department. You need to protect your company's computers from malware that uses exploits to spread and infect systems. As part of your protection strategy, you are using Microsoft's Windows Defender Exploit Guard protection. After doing extensive testing, you have determined that all of the exploit protection settings can be turned on without any adverse effects. In this lab, your task is to ensure that all exploit protection system setting will be turned on for all computers using a Group Policy.To complete this task, use the following information: On ITAdmin: Configure the required exploit protection settings. Export the settings to the shared GPO folder located on the CorpDC server. While exporting, use the default filename. On CorpDC: In the CorpNet.xyz domain, create a GPO named Exploit Protection. Enable and configure the Exploit Protection GPO to use the C:\GPO\Settings.xml file located on this machine.
Access the App & browser control settings.Right-click Start and then select Settings.Select Update & security.From the left pane, select Windows Security.From the right pane, select App & browser control. Configure and then export the exploit protection settings. Save the exported file in the GPO share located on the CorpDC computer.From the App & browser control dialog, scroll down to the Exploit protection options.Select Exploit protection settings.Configure each Exploit protection setting to On.Scroll to the bottom and select Export settings.From the left pane, expand and select Network > CorpDC > GPO.In the File name field, use Settings and then select Save.Close the Exploit protection dialog.Close the Windows Settings dialogs. Switch to CorpServer and connect to the CorpDC guest server.From the top navigation area, select Floor 1 Overview.Under Networking Closet, select CorpServer.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC. Create the Exploit Protection GPO in the CorpNet.xyz domain.From Server Manager's menu bar, select Tools > Group Policy Management.Expand Forest: CorpNet.xyz > Domains.Right-click CorpNet.xyz and then select Create a GPO in this domain, and link it here.In the Name field, use Exploit Protection and then select OK. Access the exploit protection settings.Expand CorpNet.xyz.Right-click Exploit Protection and then select Edit.Maximize the window and expand the left pane for better viewing.Expand and select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender Exploit Guard > Exploit Protection.From the right pane, double-click Use a common set of exploit protection settings. Enable and configure the exploit protection settings.Select Enabled.In the options pane, enter C:\GPO\Settings.xml and then select OK.
You recognize that the threat of malware is increasing. As such, you would like to use Windows Virus & Threat Protection to protect your computer from malware. In this lab, your task is to enable and configure Windows Virus & Threat Protection as follows: Add a file exclusion for D:\Graphics\cat.jpg. Add a process exclusion for welcome.scr. Locate the current threat definition version number. Answer Question 1. Check for updates. Answer Question 2. Perform a quick scan.
Access the Virus & threat protection options.Right-click Start and then select Settings.Select Update & Security.From the left pane, select Windows Security.Select Virus & threat protection. Add a file exclusion for D:\Graphics\cat.jpg.Under Virus & threat protection settings, select Manage settings.Scroll down to Exclusions and then select Add or remove exclusions.Select Add an exclusion and then select File.From the left pane, browse to and select Local Disk (D:) > Graphics > cat.jpg, and then select Open. Add a process exclusion for welcome.scr.From the Exclusions dialog, select Add an exclusion and then select Process.In the Enter process name field, type welcome.scr and then select Add. Check for protection updates.In the top left, select the back arrow twice to return to the Virus & threat protection page.Scroll down to Virus & threat protection updates and then select Check for updates to access the Protection updates page.In the top right, select Answer Questions.Answer Question 1.Select Check for updates.Answer Question 2. Perform a quick virus scan.In the top left, select the back arrow to return to the Virus & threat protection page.Select Quick scan.Wait for the scan to complete. From the Lab Questions dialog, select Score Lab.
You have a new laptop that is running Windows 10. You notice a security message indicating that Windows Firewall has been disabled. The laptop is currently connected to your organization's network, and the Domain network profile settings are in effect. You plan to travel this week and connect the laptop to various airport Wi-Fi hotspots. You need to enable Windows Firewall for any public network. In this lab, your task is to configure Windows Firewall as follows: Turn on the Windows Firewall for the Public network profile only. In addition to the programs and ports currently allowed, allow the following service and programs through the firewall for the Public network profile only:A service named Key Management Service An application named Arch98An application named Apconf
Access the Windows Firewall settings. Right-click Start and then select Settings .Select Network & Internet. From the right pane, scroll down and select Windows Firewall. From the Windows Security dialog, under Public network, select Turn on. Allows applications to communicate through the firewall for the Public network only. Select Allow an app through Windows Firewall. Select Change settings. For Key Management Service, clear Domain and Private and then select Public. Select Allow another app to configure an exception for an application not currently allowed through the firewall. Select the application from the list and then select Add. For the newly added application, clear Domain and Private and then select Public. Repeat steps 3d - 3f for the remaining application. Select OK.
You are a member of the IT team for your company. Part of your company's security strategy is to implement Microsoft's Windows Defender Application Control (WDAC) to restrict the applications that users are allowed to run on their systems. In this lab, your task is to use PowerShell to create a code integrity policy (CIP) on the Office2 computer (a golden system). Then you will create and implement a group policy object (GPO) to implement this policy company-wide. Use the following while completing this lab: Policy File Information: When running the command to create the code integrity policy, use the -Level Pca and -UserPEs flags. Scan the entire C:\ drive. Name file final binary policy MyCIP.bin Copy the MyCIP.bin policy to the CorpDC computer and save it in the WDAC file share.
From Office2 create an XML file that will be used to create the initial code integrity policy (CIPolicy). Right-click Start and then select Windows PowerShell (Admin). From PowerShell run: New-CIPolicy MyCIP.xml -Level Pca -ScanPath C:\ -UserPEs Wait for the scan to complete. Convert the XML file to a binary file and save it on CorpDC in the WDAC share. From PowerShell run: ConvertFrom-CIPolicy MyCIP.xml C:\MyCIP.bin From the Windows taskbar, select File Explorer. From the left pane, expand and select This PC > System (C:). Right-click MyCIP.bin and then select Copy. From the left pane, expand and select Network > CorpDC > WDACIn the right pane, right-click and select Paste. Switch to CorpServer and connect to the Hyper-V CorpDC server .From the top navigation area, select Floor 1 Overview. Under Networking Closet, select CorpServer. From the Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. Create the WDAC GPO in the CorpNet.xyz domain. From Server Manager's menu bar, select Tools > Group Policy Management. Maximize the window for better viewing. Expand Forest: CorpNet.xyz > Domains. Right-click CorpNet.xyz and select Create a GPO in this domain, and link it here. In the Name field, use WDAC and then select OK. Enable and configure the Deploy Windows Defender Application Control policy to distribute the MyCIPolicy initial code integrity policy. CorpNet.xyz and then right-click WDAC and select Edit.Maximize the window for better viewing. From the left pane, expand and select Computer Configuration > Policies > Administrative Templates > System > Device Guard. From the right pane, double-click Deploy Windows Defender Application Control. Select Enabled. In the Code Integrity Policy file path field, enter C:\WDAC\MyCIP.bin.The WDAC network share on CorpDC is the local folder C:\WDAC.Select OK.
You are the network system administrator for your company. You are concerned about protecting the domain credentials used in your Windows 10 Enterprise environment. You know that, by default, Windows stores credentials in the Local Security Authority (LSA), which is a process in memory. If attackers are able to gain privileged access to an endpoint, they can query the LSA for the secrets in memory and compromise a hash or ticket. The compromised item could be used in a Pass-The-Hash or Pass-The-Ticket attack to elevate privileges further and move laterally within your organization. To help protect these credentials, you have decided to use Windows Credential Guard's virtualization-based security. In this lab, your task is to complete the following on the CorpDC server: For the CorpNet.xyz/Default Domain Policy, enable Device Guard's Virtualization Based Security. Configure Virtualization Based Security using the following specifications:Use a platform security level that only supports computers that do not have DMA hardware.Enforce kernel mode memory protections and ensure that the Code Integrity path is protected. Make sure this setting cannot be disabled remotely.Make sure that Credential Guard cannot be disabled remotely.Enable Secure Launch Configuration.
On CorpDC, access the Group Policy Management Editor.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC.From Server Manager's menu bar, select Tools > Group Policy Management.Expand and select Forest: CorpNet.xyz > Domains > CorpNet.xyz > Default Domain Policy.Right-click Default Domain Policy and then select Edit.Maximize the window for better viewing. Enable Virtualization Based Security.From the left pane, expand and select Computer Configuration > Policies > Administrative Templates > System > Device Guard.From the right pane, double-click Turn On Virtualization Based Security.Select Enabled. Configure Virtualization Based Security.Configure the options as follows:Select Platform Security Level: Secure BootVirtualization Based Protection of Code Integrity: Enabled with UEFI lockRequire UEFI Memory Attributes Table: ClearedCredential Guard Configuration: Enabled with UEFI lockSecure Launch Configuration: EnabledSelect OK.
