Security Pro Labs

The VP of marketing has told you that Paul Denunzio will join the company as a market analyst in two weeks. You need to create a new user account for him. In this lab, your task is to: Create the pdenunzio user account. Include the full name, Paul Denunzio, as a comment for the user account. Set eye8cereal as the password for the user account. When you're finished, view the /etc/passwd file to verify the creation of the account. Answer the question.

Create the Paul Denunzio account and comment.From the Linux prompt, type useradd -c "Paul Denunzio" pdenunzio and press Enter. Create a password for Paul. Type passwd pdenunzio and press Enter. Type eye8cereal as the password and press Enter. Retype eye8cereal as the password and press Enter. Verify that the account was created. Type cat /etc/passwd and press Enter. Answer the question.In the top right, select Answer Questions. Select the correct answer. Select Score Lab.

Currently, all the salespeople in your company belong to a group called sales. The VP of sales wants two sales groups, a western sales division and an eastern sales division. In this lab, your task is to: Rename the sales group to western_sales_division. Create the eastern_sales_division group. Remove aespinoza as a member of the western_sales_division group. Assign aespinoza as a member of the eastern_sales_division group. When you're finished, view the /etc/group file or use the groups command to verify the changes.

Rename the sales group western_sales_division and create the eastern_sales_division group. At the prompt, type groupmod -n western_sales_division sales and press Enter.T ype groupadd eastern_sales_division and press Enter. Modify the group membership as needed. Type usermod -G eastern_sales_division aespinoza and press Enter. When you assign aespinoza to the eastern_sales_division group using the usermod -G option, the user account is removed from the western_sales_division group. Use cat /etc/group or groups aespinoza to verify aespinoza's group membership.

You are the IT security administrator for a small corporate network. Recently, some of your firm's proprietary data leaked online. You have been asked to use steganography to encrypt data into a file that is to be shared with a business partner. The data will allow you to track the source if the information is leaked again. In this lab, your task is to use OpenStego to hide data in photos as follows: Encrypt the user data into the file to be shared. Name the file send.png and save it in the Documents folder. Password-protect the file with NoMor3L3@ks! as the password. Confirm the functionality of the steganography by extracting the data and opening the file to confirm that the associated username has been embedded into the file.

Encrypt the user data into the file to be shared. In the search field on the taskbar, type OpenStego. Under Best match, select OpenStego. Select the Message, Cover, and Output Stego files. For Message File, select the ellipses [...] button at the end of the field. Double-click John.txt to select the file. For Cover File, select the ellipses [...] button at the end of the field. Double-click gear.png to select the file. For Output Stego File, select the ellipses [...] button at the end of the field. In the File name field, enter send.png and then select Open. Password protect the file. In the Password field, enter NoMor3L3@ks!In the Confirm Password field, enter NoMor3L3@ks!Select Hide Data. Select OK. Extract the data and open the file. Under Data Hiding, select Extract Data. For the Input Stego File field, select the ellipses [...] button. Double-click send.png to select the file with the encryption. For the Output Folder for Message File, select the ellipses [...] button. Double-click Export to set it as the destination of the file output. Click Select Folder. In the Password field, enter NoMor3L3@ks! as the password. Select Extract Data. Select OK. Verify that the decryption process was successful. From the taskbar, select File Explorer. Double-click Documents to navigate to the folder. Double-click Export to navigate to the folder. Double-click John.txt.

Salman Chawla (schawla) forgot his password and needs access to the resources on his computer. You are logged on as wadams. The password for the root account is 1worm4b8. In this lab, your task is to: Change the password for the schawla user account to G20oly04 (0 is a zero). Make sure the password is encrypted in the shadow file.

Change Salman Chawla's password. At the prompt, type su -c "passwd schawla", then press Enter. Type 1worm4b8, then press Enter. This is the password for the root user. At the New password prompt, type G20oly04, then press Enter. This is the new password for the schawla user account. At the Retype new password prompt, type G20oly04, then press Enter.

You work as the IT security administrator for a small corporate network. The receptionist uses an iPad to manage employees' schedules and messages. You need to help her secure the iPad because it contains all of the employees' personal information. In this lab, your task is to: View the current iOS version and then answer the applicable question. Apply the latest software update and then answer the applicable question. Configure Auto-Lock with a five-minute delay. Configure Passcode Lock using a passcode of C@sp3r Require the passcode after five minutes. Configure Data Erase to wipe all data after 10 failed passcode attempts. Require unknown networks to be added manually. Turn off Bluetooth.

Verify the current version of iOS installed on your iPad. Select Settings. From the Settings pane, select General. From the General pane, select About .In the top right, select Answer Questions. Answer Question 1. Leave the question dialog open. Apply the latest software update. From the About pane's heading, select General. This returns you to the General settings. From the General pane, select Software Update. Select Download and Install. Select Agree. Select OK. The software is downloaded. Select Install. The installation automatically starts after 10 seconds. Slide the arrow to the right to unlock the iPad. Answer Question 2 and then minimize the question dialog. Configure Auto-Lock. From the Settings pane, select Display & Brightness. From the right pane, select Auto-Lock and then select 5 minutes. Configure Complex Passcode Lock and Data Erase. From the left menu, select Touch ID & Passcode. From the right pane, select Turn Passcode On. Enter the new passcode of C@sp3rSelect Next. Re-enter [email protected] Done. Scroll down and then slide Erase Data to ON. Select Enable. Select Require Passcode. Select After 5 minutes. Require unknown networks to be manually added. From the left menu, select Wi-Fi. Slide Ask to Join Networks to OFF. Turn off Bluetooth as follows: From the left pane, select Bluetooth. Slide Bluetooth to OFF. In the top right, select Answer Questions. Select Score Lab.

You are the IT security administrator for a small corporate network. You've received a zip file that contains sensitive password-protected files. You need to access these files. The zip file is located in the home directory. In this lab, your task is to use John the Ripper to: Crack the root password on the Linux computer named Support. Crack the password of the protected.zip file located in the home directory on IT-Laptop. After John the Ripper cracks the password, it won't crack it again. The results are stored in the john.pot file.

View the current John the Ripper password file. From the Favorites bar, select Terminal. At the prompt, type cd /usr/share/john and press Enter. Type ls and press Enter. Type cat password.lst and press Enter to view the password list. Type cd and press Enter to go back to the root. Crack the root password on the Support computer. Type john /etc/shadow and press Enter. The password is shown. Can you find it? Type john /etc/shadow and press Enter to attempt to crack the Linux passwords again. Notice that it does not attempt to crack the password again. The cracked password is already stored in the john.pot file. Use alternate methods of viewing the previously cracked password. Type john /etc/shadow --show and press Enter. Type cat ./.john/john.pot and press Enter to view the contents of the john.pot file. In the top right, select Answer Questions and then answer question 1. Open a terminal on the IT-Laptop. From the top navigation tabs, select Floor 1 Overview. Under IT Administration, select IT-Laptop. From the Favorites bar, select Terminal. Export the contents of the protected.zip file to a text file. At the prompt, type ls and press Enter. Notice the protected.zip file you wish to crack. Type zip2john protected.zip > ziphash.txt and press Enter. Type cat ziphash.txt and press Enter to confirm that the hashes have been copied. Using the text file, crack the password of the protected.zip file. Type john --format=pkzip ziphash.txt and press Enter to crack the password. The password is shown. Can you find it? Type john ziphash.txt --show and press Enter to show the previously cracked password. In the top right, select Answer Questions. In the top right, select Answer Questions and then answer Question 2.Select Score Lab.

You are the IT administrator for the CorpNet domain. You have decided to use groups to simplify the administration of access control lists. Specifically, you want to create a group containing the department managers. In this lab, your task is to use Active Directory Users and Computers to complete the following actions on the CorpDC server: In the Users container, create a group named Managers. Configure the group as follows: Group scope: Global Group type: Security Make the following users members of the Managers group: Accounting Mark Woods Research-Dev Pat Benton Marketing\Marketing Managers Juan Suarez Research-Dev\Research Managers Arlene Kimbly Sales\Sales Managers Mark Burnes Support\Support Managers Shelly Emery

Access Active Directory Users and Computers on the CorpDC server. From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC. From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing. In the Users container, create a group named Managers. From the left pane, expand and select CorpNet.local > Users. Right-click the Users container and select New > Group. You can also create a new group by selecting the Create a new group in the current container icon found in the ribbon. In the Group name field, enter Managers.A pre-Windows 2000 group name is created automatically, but it can be changed. Under Group scope, make sure Global is selected. Under Group type, make sure Security is selected and select OK. Add user accounts to the Managers group.From the left pane, ensure that the Users container is still selected. From the right pane, right-click Managers and select Properties. Select the Members tab.Select Add.In the Enter the object names to select field, enter all the usernames. Use a semicolon to separate each name. Example: Steve Hoffer; Peter Williams; Princess Diana Select Check Names. Select OK to add the users and close the dialog. Select OK to close the Managers Properties dialog.

You are the IT administrator for a small corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. Now you need to create an Active Directory organizational unit (OU) structure based on the company's departmental structure. In this lab, your task is to create the following organizational units (OUs) on the CorpDC server and ensure that each is protected from accidental deletion as follows: Beneath the CorpNet.local domain, create the following OUs:AccountingAdminsMarketingResearch-DevServersSupportWorkstationsSales Within the Sales OU, create the following OUs:SalesManagersTempSales

Access the CorpDC server. From the left pane of Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. Create the Active Directory organizational units (OUs) beneath the CorpNet.local domain. From Server Manager's menu bar, select Tools > Active Directory Users and Computers. From the left pane, right-click CorpNet.local and then select New > Organizational Unit. You can also create OUs by selecting the Create a new organizational unit in the current container icon () located in the Active Directory Users and Computers ribbon. Enter the name of the OU to be created. Ensure that Protect container from accidental deletion is selected and then select OK. Repeat steps 2b - 2d until all the required domain OUs are created. Create the OUs within the Sales OU. From the left pane, select CorpNet.local > Sales. From the menu bar, select the Create a new organizational unit in the current container icon. Enter the name of the OU to be created. Ensure that Protect container from accidental deletion is selected and then select OK. Repeat steps 3a - 3d to create the remaining OU.

You have recently installed a new Windows 10 computer. To protect valuable data, you need to implement file history backups on this computer. In this lab, your task is to configure automatic backups for the Exec computer as follows: Save the backup to the Backup (E:) volume. Back up files daily. Keep backup files for six months. Back up the entire Data (D:) volume. Make a backup now.

Access the File History Backup options.Right-click Start and then select Settings.Select Update & Security. From the left pane, select Backup. Configure and run a file history backup plan. From the right pane, select Add a drive. Select Backup (E:). Under Automatically back up my files, slide the switch to On.S elect More options. Under Back up my files, use the drop-down menu to select Daily. Under Keep my backups, use the drop-down menu to select 6 months. Under Back up these folders, select Add a folder. Double-click the Data (D:) volume and then select Choose this folder. Select Back up now.Wait for the backup to complete.

Susan produces your organization's monthly magazine. While working on an upcoming issue, Susan accidentally deleted significant portions of the layout image. She also made extensive changes to the cover artwork, but has now been asked to discard the changes and use the original artwork. Susan has asked you to help her recover older versions of her files in the Pictures library so she can still meet her publishing deadline. In this lab, your task is to complete the following: Using the Settings app, access the program needed to restore files from a current backup. From the File History dialog, restore the following files: Pictures\Layouts\June2020_Issue.jpg: Wednesday, March 16, 2020 11:15 AM Pictures\Images\coverart.jpg: Wednesday, March 16, 2020 12:15 PM

Access the File History options using the Settings app. Right-click Start and then select Settings .Select Update & Security. From the left pane, select Backup. Make sure Automatically back up my files is set to On. Select More options. Scroll to the bottom of the Backup options dialog and select Restore files from a current backup. Maximize the window for better viewing. Restore the June2020_Issue.jpg file. From the bottom of the File History dialog, select the Previous version button (left arrow) to navigate to the backups captured on Monday, March 16, 2020 11:15 AM. Double-click Pictures. Double-click Layouts. Select the June2020_Issue.jpg file. Select the green Restore to original location arrow located at the bottom center. Select Replace the file in the destination.The Layouts folder where the file was restored is opened. From the Layouts folder, right-click the June2020_Issue.jpg file and then select Properties. Verify that the file is 115.44 MB in size and was last modified on March 16, 2020 at 11:15:12 AM. Select OK. Close the Layouts window. Restore the Coverart.jpg file.In the top left of the File History dialog, select the up arrow to navigate to the Home\Pictures folder. Select the Previous version button at the bottom to navigate to the backups captured on Monday, March 16, 2020 12:15 PM.Double-click Images. Select the coverart.jpg file.Select the green Restore to original location arrow located at the bottom center. Select Replace the file in the destination. Right-click the coverart.jpg file and select Properties. Verify that the file is 1.09 MB in size and was last modified on March 16, 2020 at 12:15:12 PM Select OK.

You are a network technician for a small corporate network. You just installed a Ruckus zone controller and wireless access points throughout your office buildings using wired connections. You now need to configure basic wireless network settings. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: Create a WLAN using the following settings: Name: CorpNet Wireless ESSID: CorpNet Type: Standard Usage Authentication: Open Encryption: WPA2Encryption algorithm: AES Passphrase: @CorpNetWeRSecure! Connect the Exec-Laptop in the Executive office to the new wireless network.

Access the Ruckus zone controller. From the taskbar, open Chrome. In the URL field, enter 192.168.0.6 and press Enter. Maximize the window for easier viewing. Log into the Wireless Controller console. In the Admin field, enter admin (case sensitive).In the Password field, enter password as the password. Select Login. Create a new WLAN. Select the Configure tab. From the left menu, select WLANs. Under WLANs, select Create New. In the New Name field, enter the CorpNet Wireless. In the ESSID field, enter the CorpNet. Under Type, make sure Standard Usage is selected. Under Authentication Options, make sure Open is selected. Under Encryption Options, select WPA2.Under Algorithm, make sure AES is selected. In the Passphrase field, enter @CorpNetWeRSecure!.Select OK. Switch to the Exec-Laptop. Using the navigation tabs at the top of the screen, select Floor 1.Under Executive Office, select Exec-Laptop. Connect to the new CorpNet wireless network. In the notification area, select the wireless network icon to view the available networks. Select CorpNet. Select Connect. Enter @CorpNetWeRSecure! for the security key. Select Next. Select Yes to make the computer discoverable on the network. The CorpNet network now shows as being connected and secured.

You are a network technician for a small corporate network. You need to increase the security of your wireless network. Your new wireless controller provides several security features that you want to implement. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: Change the admin username and password for the Zone Director controller to the following: Admin Name: WxAdmin Password: ZDAdminsOnly!$ (O is the capital letter O) Set up MAC address filtering (L2 Access Control) to create a whitelist called Allowed Devices that includes the following wireless devices: 00:18:DE:01:34:67 00:18:DE:22:55:99 00:02:2D:23:56:89 00:02:2D:44:66:88 Implement a device access policy called No Games that blocks gaming consoles from the wireless network.

Access the Ruckus zone controller. From the taskbar, select Google Chrome. In the URL field, enter 192.168.0.6 and press Enter. Maximize the window for easier viewing. Log in to the wireless controller console. In the Admin field, enter admin (case sensitive).In the Password field, enter password as the password. Select Login. Change the admin username and password for the Zone Director controller. From the top, select the Administer tab. Make sure Authenticate using the admin name and password is selected. In the Admin Name field, enter WxAdmin. In the Current Password field, enter password. In the New Password field, enter ZDAdminsOnly!$. In the Confirm New Password field, enter ZDAdminsOnly!$. On the right, select Apply. Enable MAC address filtering. From the top, select the Configure tab. From the left menu, select Access Control. Expand L2-L7 Access Control. Under L2/MAC address Access Control, select Create New. In the Name field, enter Allowed Devices .Under Restriction, make sure Only allow all stations listed below is selected. Enter a MAC address. Select Create New. Repeat step 4g-4h for each MAC address you would like to add to the ACL. Select OK. Configure access controls. Under Access Control, expand Device Access Policy. Select Create New. In the Name field, enter NoGames. Select Create New. In the Description field, enter Games. Using the OS/Type drop-down list, select Gaming. In the Type field, select Deny. Under Uplink, make sure Disabled is selected. Under Downlink, make sure Disabled is selected. Select Save. Select OK.

You recognize that the threat of malware is increasing. As such, you would like to use Windows Virus & Threat Protection to protect your computer from malware. In this lab, your task is to enable and configure Windows Virus & Threat Protection as follows: Add a file exclusion for D:\Graphics\cat.jpg. Add a process exclusion for welcome.scr. Locate the current threat definition version number. Answer Question 1. Check for updates. Answer Question 2. Perform a quick scan.

Access the Virus & threat protection options. Right-click Start; then select Settings. Select Update & Security. From the left pane, select Windows Security. Select Virus & threat protection. Add a file exclusion for D:\Graphics\cat.jpg.Under Virus & threat protection settings, select Manage settings. Scroll down to Exclusions and then select Add or remove exclusions. Select Add an exclusion; then select File. From the left pane, browse to and select Data (D:) > Graphics > cat.jpg, and then select Open. Add a process exclusion for welcome.scr. From the Exclusions dialog, select Add an exclusion; then select Process. In the Enter process name field, type welcome.scr; then select Add. Check for protection updates. In the top left, select the back arrow twice to return to the Virus & threat protection page. Scroll down to Virus & threat protection updates and then select Check for updates to access the Protection updates page. In the top right, select Answer Questions. Answer Question 1.Select Check for updates. Answer Question 2. Perform a quick virus scan. In the top left of the Windows Security dialog, select the back arrow to return to the Virus & threat protection page. Select Quick scan. Wait for the scan to complete. From the Lab Questions dialog, select Score Lab.

You work as the IT security administrator for a small corporate network. You need to secure access to your pfSense appliance, which is still configured with the default user settings. In this lab, your task is to: Change the password for the default pfSense account from pfsense to P@ssw0rd (use a zero). Create a new administrative user with the following parameters: Username: zolsen Password: St@yout!Full Name: Zoey Olsen Group Membership: admins Set a session timeout of 15 minutes for pfSense. Disable the webConfigurator anti-lockout rule for HTTP. Access the pfSense management console through Google Chrome using: http://198.28.56.18Default username: admin Password: pfsense

Access the pfSense management console. From the taskbar, select Google Chrome. Maximize the window for better viewing. In the Google Chrome address bar, enter 198.28.56.18 and then press Enter. Enter the pfSense sign-in information as follows: Username: admin Password: pfsense Select SIGN IN. Change the password for the default (admin) account. From the pfSense menu bar, select System > User Manager. For the admin account, under Actions, select the Edit user icon (pencil).For the Password field, change to P@ssw0rd (use a zero).For the Confirm Password field, enter [email protected] to the bottom and select Save. Create and configure a new pfSense user. Select Add. For Username, enter zolsen. For the Password field, enter St@yout!.For the Confirm Password field, enter St@yout!For Full Name, enter Zoey Olsen. For Group Membership, select admins and then select Move to Member of list. Scroll to the bottom and select Save. Set a session timeout for pfSense. Under the System breadcrumb, select Settings. For Session timeout, enter 15.Select Save. Disable the webConfigurator anti-lockout rule for HTTP. From the pfSense menu bar, select System > Advanced. Under webConfigurator, for Protocol, select HTTP. Select Anti-lockout to disable the webConfigurator anti-lockout rule. Scroll to the bottom and select Save.

You work as the IT security administrator for a small corporate network. The receptionist, Maggie Brown, uses an iPad to manage employee schedules and messages. You need to help her secure her email and browser on her iPad. In this lab, your task is to complete the following: Configure Maggie's email account to use SSL for incoming mail. Secure the internet browser as follows: Turn off AutoFill Turn on Block Pop-ups Block all cookies Turn on Fraudulent Website Warning Turn off JavaScript

Configure email for SSL. Select Settings. Scroll down and select Accounts & Passwords. From the right pane, select Gmail. Select Account [email protected] Advanced. Under Incoming Settings, set Use SSL to ON. From the top, select Account to return to the Account menu. Select Done. Turn off AutoFill. From the Settings menu, select Safari. From the right pane, select AutoFill. Set Use Contact Info to OFF. Set Names and Passwords to OFF. From the top, select Safari to return to the Safari menu Block all pop-up and cookies. From the right pane, set Block Pop-ups to ON. Set Block All Cookies to On. Turn on the fraudulent website Warning and turn off JavaScript. From the right pane, set Fraudulent Website Warning to ON. Select Advanced. Set JavaScript to OFF.

You need to customize how Windows Update checks for and installs updates on the ITAdmin desktop system. In this lab, your task is to: Configure Windows Update to:Install updates for other Microsoft products when Windows is updated.Allow the installation of feature updates to be deferred 60 days.Allow quality updates to be deferred 30 days. Configure Windows to automatically download manufacturers' apps and custom icons for devices.

Configure the Windows Update settings. Right-click Start and then select Settings. Select Update & Security. From the right pane, select Advanced options. Under Update Options, turn on Receive updates for other Microsoft products when you update Windows by sliding the switch to On. Under Choose when updates are installed, configure each option as follows: A feature update includes new capabilities and improvements. It can be deferred for 60 days. A quality update includes security improvements. It can be deferred for this many days: 30Close the Settings window. Configure Windows to automatically download the manufacture's apps and custom icons. In the search field on the Windows taskbar, type Control. From Best match, select Control Panel. Select System and Security. Select System. From the left pane, select Advanced system settings. Select the Hardware tab. Select Device Installation Settings. Select Yes and then select Save Changes. Select OK.

You need to customize how Windows Update checks for and installs updates on the ITAdmin desktop system. In this lab, your task is to: Configure Windows Update to:Install updates for other Microsoft products when Windows is updated. Allow the installation of feature updates to be deferred 60 days. Allow quality updates to be deferred 30 days. Configure Windows to automatically download manufacturers' apps and custom icons for devices.

Configure the Windows Update settings. Right-click Start and then select Settings. Select Update & Security. From the right pane, select Advanced options.Under Update Options, turn on Receive updates for other Microsoft products when you update Windows by sliding the switch to On. Under Choose when updates are installed, configure each option as follows: A feature update includes new capabilities and improvements. It can be deferred for 60 days. A quality update includes security improvements. It can be deferred for this many days: 30 Close the Settings window. Configure Windows to automatically download the manufacture's apps and custom icons. In the search field on the Windows taskbar, type Control. From Best match, select Control Panel.Select System and Security. Select System. From the left pane, select Advanced system settings. Select the Hardware tab. Select Device Installation Settings. Select Yes and then select Save Changes. Select OK.

The Fiji router has been configured with Standard IP Access List 11. The access list is applied to the Fa0/0 interface. The access list must allow all traffic except traffic coming from hosts 192.168.1.10 and 192.168.1.12. However, you've noticed that it's preventing all traffic from being sent on Fa0/0. You remember that access lists contain an implied deny any statement. This means that any traffic not permitted by the list is denied. For this reason, access lists should contain at least one permit statement or all traffic is blocked. In this lab, your task is to: Add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic. Save your changes in the startup-config file.

Enter the configuration mode for the Fiji router: From the exhibit, select the Fiji router. From the terminal, press Enter. Type enable and then press Enter. Type config term and then press Enter. From the terminal, add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic. Type access-list 11 permit any and press Enter. Press Ctrl + Z. Save your changes in the startup-config file. Type copy run start and then press Enter. Press Enter to begin building the configuration. Press Enter.

As an IT administrator, you need to know how security breaches are caused. You know that SMAC is used for MAC spoofing, so you are going to spoof your MAC address. In this lab, your task is to complete the following: On Office2, use ipconfig /all and find the IP address and MAC address. Using SMAC, spoof the MAC address on ITAdmin to match that of Office2. Refresh the IP address on ITAdmin. Verify the MAC and IP address now match Office2.

Find the MAC address for Office2.Right-click Start and then select Windows PowerShell (Admin).From the Command Prompt, type ipconfig /all and press Enter. Find the MAC address. Spoof the MAC address. From the top navigation tabs, select Floor 1 Overview. Under IT Administration, select ITAdmin. In the Windows search bar, type SMAC. Under Best match, right-click SMAC and select Run as administrator. In the New Spoofed Mac Address field, type 00:00:55:55:44:15 (the MAC address from Office2).Select Update MAC. Select OK to confirm the adapter restart. Renew the IP information for the ITAdmin computer. Right-click Start and select Windows PowerShell (Admin).From the Command Prompt, type ipconfig /renew to renew the IP address. Type ipconfig /all to confirm the MAC address and the IP address have been updated.

You are the IT security administrator for a small corporate network. You need to increase the networking closet's security by implementing a CCTV system with IP cameras. As part of this task, you need to separate the CCTV data traffic on the network using a separate VLAN on the switch. The patch panel connections for the networking closet, lobby, and IT administration office are installed and ready for use (ports 18-20). A DHCP server is already configured to provide the IP cameras and the laptop in the IT administration office with the correct TCP/IP settings (port 21). For an easier implementation, create the logical VLAN first and then establish the physical connections of the IP cameras and the laptop. In this lab, your task is to perform the following: Access the switch management console from ITAdmin using the following credentials:Address: http://192.168.0.2 Username: ITSwitchAdmin Password: Admin$only (the password is case-sensitive) Create and configure a VLAN on the switch as follows:VLAN ID: 2VLAN Name: IPCameras Configure ports GE18, GE19, GE20, GE21 as untagged.

From the ITAdmin computer, log into the CISCO switch.From the taskbar, open Google Chrome. Maximize the window for easier viewing. In the URL field, enter 192.168.0.2 and press Enter. For Username, enter ITSwitchAdmin. For Password, enter Admin$only (password is case-sensitive). Select Log In. Create a VLAN. From the Getting Started pane, under Initial Setup, select Create VLAN. Select Add.For VLAN ID, enter 2. For VLAN Name, enter IPCameras.Select Apply. Select Close. Configure a VLAN. From the left pane, under VLAN Management, select Port to VLAN. From the the VLAN ID equals to drop-down menu, select 2. Select Go.For ports GE18, GE19, GE20, and GE21, select Untagged. Select Apply. Connect the IP camera in the lobby to the VLAN and mount the IP cameras.From the top navigation area, select Floor 1. Under Lobby, select Hardware. Under Shelf, expand CCTV Cameras. Drag the IP Camera (Lobby) to the workspace. Under Workspace for the IP camera, select Back to switch to the back view of the IP camera. Under Shelf, expand Cables and then select a Cat5e Cable, RJ45. Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the IP Camera wall mount plate. From the wall plate's Partial Connections list, drag the other connector to the RJ-45 port on the back of the IP camera. Drag the IP camera to the IP camera wall plate. Connect the IP camera in the networking closet to the VLAN and mount the IP cameras. From the top navigation area, select Floor 1. Under Networking Closet, select Hardware. Under Shelf, expand CCTV Cameras. Drag the IP Camera (Networking Closet) to the workspace.Under Workspace for the IP camera, select Back to switch to the back view of the IP camera. Under Shelf, expand Cables and then select Cat5e Cable, RJ45. Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the IP Camera mount wall plate. Under Selected Component, drag the unconnected RJ45 cable to the RJ-45 port on the back of the IP camera. To mount the IP camera, drag the IP camera to the IP camera wall plate. Connect the DHCP server and laptop to the VLAN. In the networking closet, under Shelf, select a Cat5e Cable, RJ45. Under Selected Component, drag a RJ45 Connector to port 21 on the switch. Under Selected Component, drag the unconnected RJ45 Connector to port 21 on the patch panel. Connect the laptop to the VLAN. From the top menu, select Floor 1. Under IT Administration, select Hardware. Above the laptop, select Back to switch to the back view of the laptop. Under Shelf, select Cat5e Cable, RJ45. Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the laptop. Under Selected Component, drag the unconnected RJ45 Connector to the open RJ-45 port on the wall plate. To verify that all components are connected, you can change location to the network closet hardware view. You should see green link/activity lights on ports 18 - 21 of the switch. You should also see amber Power Over Ethernet (POE) lights on ports 19 and 20, which are connected to the IP cameras. Launch the IP camera monitoring software .Under the laptop's workspace, select Front. On the IT-Laptop2, select Click to view Windows 10. From the taskbar, select Start.Select IP Cameras. Verify that both cameras are detected on the network.

You are the IT security administrator for a small corporate network. You want to spoof the DNS to redirect traffic as part of a man-in-the-middle attack. In this lab, your task is to: (Optional) From the Exec computer, access rmksupplies.com and verify that site can be accessed. From the Linux Support computer, use Ettercap to begin sniffing and scanning for hosts. Configure the Exec computer (192.168.0.30) as the target 1 machine. Initiate DNS spoofing. From the Exec computer, access rmksupplies.com and verify that it has been redirected to a different site.

From the Support computer, use Ettercap to begin sniffing and scanning for hosts. From the Favorites bar, select Ettercap. Select Sniff > Unified sniffing .From the Network Interface drop-down menu, select enp2s0.Select OK. Select Hosts >Scan for hosts. Configure the Exec computer (192.168.0.30) as the target 1 machine. Select Hosts > Host list. Under IP Address, select 192.168.0.30.Select Add to Target 1 to assign it as the target. Initiate DNS spoofing. Select Plugins > Manage the plugins. Select the Plugins tab. Double-click dns_spoof to activate it.S elect Mitm > ARP poisoning. Select Sniff remote connections and then select OK. From the Exec computer, access rmksupplies.com. From the top navigation tabs, select Floor 1 Overview. Under Executive Office, select Exec. From the taskbar, select Google Chrome. In the URL field, type rmksupplies.com and then press Enter. Notice that the page was redirected to RUS Office Supplies despite the web address staying the same.

Confidential personnel data is stored on the CorpFiles file server in a shared directory named Personnel. You need to configure NTFS permissions for this folder so that only managers are authorized to access it. In this lab, your task is to perform the following: Grant the Managers group the Full Control permission to the D:\Personnel folder. Remove all inherited permissions that are flowing to the D:\Personnel folder.

Open the Data (E:) drive. From the Windows taskbar, select File Explorer. From the left pane, expand and select This PC > Data (D:). Configure NTFS permissions. From the right pane, right-click Personnel and select Properties.Select the Security tab. Select Edit.Select Add. Enter Managers as the group that will receive permission to the folder. Click OK. With the Managers group selected, select the appropriate Full control. Click OK. Prevent inherited permissions from parent. On the Security tab, select Advanced. Select Disable inheritance. Select Remove all inherited permissions from this object. Click OK to close the Advanced Security Settings for Personnel dialog. Click OK to close the Properties dialog.

You are the IT security administrator for a small corporate network. You currently run a website on the CorpWeb server. You want to allow SSL connections to this website. In this lab, your task is to add a binding to the CorpNet website using the following settings: Website: www.corpnet.xyz Protocol: HTTPS Port: 443 SSL certificate: www.corpnet.xyz

Open the IIS Manager to the CorpNet.xyz site. From the Server Manager's menu bar, select Tools > Internet Information Services (IIS) Manager. Expand CorpWeb(CorpNet.com\Administrator) > Sites. Select CorpNet.xyz. Add a binding to the CorpNet website. From the Actions pane (far right), select Bindings. Select Add. Using the Type drop-down menu, select HTTPS. Make sure the port is set to 443.Using the SSL certificate drop-down menu, select www.CorpNet.xyz and then select OK. Select Close.

You have installed Hyper-V on the CorpServer server. You want to use the server to create virtual machines. Prior to creating the virtual machines, you are experimenting with virtual switches. In this lab, your task is to: Create an internal virtual switch named Switch 1. Create a private virtual switch named Switch 2.

Open the Virtual Switch Manager. From Hyper-V Manager, right-click CORPSERVER. Select Virtual Switch Manager. Create an internal switch named Switch 1.Select Create Virtual Switch. In the Name field, enter Switch 1.Under Connection type, select Internal network. Select Apply. Create a private switch named Switch 2.From the left pane, select New virtual network switch. From the right pane, select Private. Select Create Virtual Switch. In the Name field, enter Switch 2.Select OK.

You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Use the Security Evaluator tool to run a vulnerability scan on the CorpDC domain controller. In this lab, your task is to: Run a vulnerability scan for the CorpDC domain controller using the Security Evaluator on the taskbar. Remediate the vulnerabilities in the Default Domain Policy using Group Policy Management on CorpDC. Re-run a vulnerability scan to make sure all of the issues are resolved.

Run a Security Evaluator report. From the taskbar, open Security Evaluator. Next to Target Local Machine, select the Target icon to select a new target. Select Workstation. From the Workstation drop-down list, select Office2 as the target. Select OK. Next to Status, select the Run/Rerun Security Evaluation icon. Review the results to determine which issues you need to resolve on Office2. Access local users using Office2's Computer Management console. From the top navigation tabs, select Floor 1.Under Office 2, select Office2.From Office2, right-click Start and select Computer Management. Expand and select Local Users and Groups > Users. Rename a user account. Right-click Administrator and select Rename. Enter a new name of your choice and press Enter. Disable the Guest account. Right-click Guest and select Properties. Select Account is disabled and then select OK. Set a new password for Mary. Right-click Mary and select Set Password. Select Proceed. Enter a new password of your choice (12 characters or more).Confirm the new password and then select OK. Select OK. Ideally, you should have created a policy that requires passwords with 12 characters or more. Configure Mary's password to expire and to change at next logon. Right-click Mary and select Properties. Clear Password never expires. Select User must change password at next logon and then select OK. Unlock Susan's account and remove her from the Administrators group. Right-click Susan and select Properties. Clear Account is locked out and then select Apply. Select the Member of tab. Select Administrators. Select Remove. Select OK. Close Computer Management. Enable Windows Firewall for all profiles. Right-click Start and then select Settings. Select Network & Internet. From the right pane, scroll down and select Windows Firewall. Under Domain network, select Turn on. Under Private network, select Turn on. Under Public network, select Turn on. Close all open Windows. Remove a file share. From the taskbar, select File Explorer. From the left pane, select This PC. From the right pane, double-click Local Disk (C:).Right-click MyMusic and select Properties. Select the Sharing tab. Select Advanced Sharing. Clear Share this folder. Select OK. Select OK. Use the Security Evaluator feature to verify that all of the issues on the ITAdmin computer were resolved. From the top navigation tabs, select Floor 1.Under IT Administration, select ITAdmin. From Security Evaluator, select the Run/Rerun Security Evaluation icon to rerun the security evaluation. If you still see unresolved issues, select Floor 1, navigate to the Office2 workstation and remediate any remaining issues.

You are the IT security administrator for a small corporate network. You perform vulnerability scans on your network. You need to verify the security of your wireless network and your Ruckus wireless access controller. In this lab, your task is to: Run a vulnerability scan for the wireless access controller 192.168.0.6 using Security Evaluator, which is accessible from the taskbar. Remediate the vulnerabilities found in the vulnerability report for the wireless access controller. New admin name: your choice New password: your choice Enable reporting of rogue devices for intrusion prevention. Rerun a vulnerability scan to make sure all of the issues are resolved. Access the wireless controller console through Google Chrome on http://192.168.0.6 with the admin name admin and the password: password. The username and password are case-sensitive.

Run a Security Evaluator report. From the taskbar, select Security Evaluator. Next to Target: Local Machine, select the Target icon to select a new target. Select IPv4 Address. Enter 192.168.0.6 for the wireless access controller. Select OK. Next to Status No Results, select the Status Run/Rerun Security Evaluation icon to run the security evaluation. Review the results to determine which issues you need to resolve on the wireless access controller. Use Google Chrome to go into the Ruckus wireless access controller. From the taskbar, open Google Chrome. Maximize Google Chrome for easier viewing. In the address bar, type 192.168.0.6 and press Enter. For Admin name, enter admin (case-sensitive).For Password, enter password. Select Login. Change the admin username and password for the Ruckus wireless access controller. Select the Administer tab. Make sure Authenticate using the admin name and password is selected. In the Admin Name field, replace admin with a username of your choice. In the Current Password field, enter password. In the New Password field, enter a password of you choice. In the Confirm New Password field, enter the new password. On the right, select Apply. Enable intrusion detection and prevention. Select the Configure tab. On the left, select WIPS. Under Intrusion Detection and Prevention, select Enable report rogue devices. On the right, select Apply. Verify that all the issues were resolved using the Security Evaluator. From the taskbar, select Security Evaluator. Next to Status Needs Attention, select the Status Run/Rerun Security Evaluation icon to re-run the security evaluation. Remediate any remaining issues.

You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Mary is the primary administrator for the network and the only person authorized to perform local administrative actions. The company network security policy requires complex passwords for all users. It is also required that Windows Firewall is enabled on all workstations. Sharing personal files is not allowed. In this lab, your task is to: Run a vulnerability scan for the Office2 workstation using the Security Evaluator. A shortcut is located on the taskbar. Remediate the vulnerabilities found in the vulnerability report for Office2. Re-run a vulnerability scan to make sure all of the issues are resolved.

Run a Security Evaluator report.From the taskbar, open Security Evaluator.Next to Target Local Machine, select the Target icon to select a new target.Select Workstation. From the Workstation drop-down list, select Office2 as the target.Select OK. Next to Status, select the Run/Rerun Security Evaluation icon.Review the results to determine which issues you need to resolve on Office2. Access local users using Office2's Computer Management console. From the top navigation tabs, select Floor 1. Under Office 2, select Office2. From Office2, right-click Start and select Computer Management. Expand and select Local Users and Groups > Users. Rename a user account.Right-click Administrator and select Rename. Enter a new name of your choice and press Enter. Disable the Guest account. Right-click Guest and select Properties. Select Account is disabled and then select OK. Set a new password for Mary. Right-click Mary and select Set Password. Select Proceed. Enter a new password of your choice (12 characters or more). Confirm the new password and then select OK. Select OK.

You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the networking closet. The following table lists the used and unused ports: GE2: GE1 GE7: GE3-GE6 GE9-GE20: GE8 GE25: GE21-GE24 GE27-GE28: GE26 In this lab, your task is to: Shut down the unused ports. Configure the following Port Security settings for the used ports: Interface Status: Lock Learning Mode: Classic Lock Action on Violation: Discard

Shut down the unused ports. Under Initial Setup, select Configure Port Settings. Select the GE2 port. Scroll down and select Edit. Under Administrative Status, select Down. Scroll down and select Apply. Select Close. With the GE2 port selected, scroll down and select Copy Settings. In the Copy configuration field, enter the remaining unused ports. Select Apply. From the Port Setting Table, in the Port Status column, you can see that all the ports are down now. Configure the Port Security settings .From the left menu, expand Security. Select Port Security. Select the GE1 port. Scroll down and select Edit. Under Interface Status, select Lock. Under Learning Mode, make sure Classic Lock is selected. Under Action on Violation, make sure Discard is selected. Select Apply. Select Close. Scroll down and select Copy Settings. Enter the remaining used ports Select Apply.

You work as the IT security administrator for a small corporate network. You recently placed a web server in the demilitarized zone (DMZ). You need to configure the perimeter firewall on the network security appliance (pfSense) to allow access to the web server from the LAN and from the WAN. You also want to allow all traffic from the LAN network to the DMZ network. In this lab, your task is to perform the following: Access the pfSense management console: Username: admin Password: P@ssw0rd (zero) Add an HTTP firewall rule that allows traffic from the WAN to the web server in the DMZ. Add an HTTPS firewall rule that allows traffic from the WAN to the web server in the DMZ. Use the following table for the HTTP and HTTPS rules: Source: WAN Source and destination port/service: HTTP (80), HTTPS (443) Destination: A single host IP address for host: 172.16.1.5 Descriptions: For HTTP: HTTP to DMZ from WAN, For HTTPS: HTTPS to DMZ from WAN

Sign in to the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Create and configure a firewall rule to pass HTTP traffic from the internet to the Web server. From the pfSense menu bar, select Firewall > Rules. Under the Firewall breadcrumb, select DMZ. Select Add (either one).Make sure Action is set to Pass. Under Source, use the drop-down to select WAN net. Select Display Advanced. For Source Port Range, use the From drop-down to select HTTP (80).Under Destination, use the Destination drop-down to select Single host or alias. In the Destination Address field, enter 172.16.1.5.Using the Destination Port Range drop-down, select HTTP (80).Under Extra Options, in the Description field, enter HTTP to DMZ from WAN. Select Save. Select Apply Changes. Create and configure a firewall rule to pass HTTPS traffic from the internet to the Web server. For the rule just created, select the Copy icon (two files).Under Source, select Display Advanced. Change the Source Port Range to HTTPS (443).Under Destination, change the Destination Port Range to HTTPS (443).Under Extra Options, change the Description filed to HTTPS to DMZ from WAN. Select Save. Select Apply Changes. Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network. Select Add (either one).Make sure Action is set to Pass. For Protocol, use the drop-down to select Any. Under Source, use the drop-down to select LAN net. Under Destination, use the drop-down to select DMZ net. Under Extra Options, change the Description filed to LAN to DMZ Any. Select Save. Select Apply Changes.

You are the IT administrator for a small corporate network. You want to make a web server that runs services accessible from the internet. To help protect your company, you want to place this server and other devices in a demilitarized zone (DMZ). This DMZ and server need to be protected by the pfSense Security Gateway Appliance (pfSense). Since a few of the other devices in the DMZ require an IP address, you have also decided to enable DHCP on the DMZ network. In this lab, your task is to perform the following: Access the pfSense management console: Username: admin Password: P@ssw0rd (zero) Add a new pfSense interface that can be used for the DMZ.Name the interface DMZ.Use a static IPv4 address of 172.16.1.1/16 Add a firewall rule for the DMZ interface that allows all traffic from the DMZ.Use a description of Allow DMZ to any rule Configure and enable the DHCP server for the DMZ interface.Use a range of 172.16.1.100 to 172.16.1.200

Sign into the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero). Select SIGN IN or press Enter. Configure an interface for the DMZ. From the pfSense menu bar, select Interfaces > Assignments. Select Add. Select OPT1.Select Enable interface. Change the Description field to DMZ. Under General Configuration, use the IPv4 Configuration Type drop-down menu to select Static IPv4. Under Static IPv4 Configuration, in the IPv4 Address field, enter 172.16.1.1.Use the subnet mask drop-down menu to select 16. Select Save. Select Apply Changes. (Optional) Verify the change as follows: From the menu bar, select pfsense COMMUNITY EDITION. Under Interfaces, verify that the DMZ is shown with the correct IP address. Add a firewall rule to the DMZ interface. From the pfSense menu bar, select Firewall > Rules.Under the Firewall breadcrumb, select DMZ. (Notice that no rules have been created.) Under the Firewall breadcrumb, select LAN. Under the Actions column, select the copy icon (two files) for the rule with a source of LAN net. For the Action field, make sure Pass is selected. Using the drop-down menu for the Interface field, select DMZ. Under Source, use the drop-down menu to select DMZ net. Under Destination, make sure it is configured for any. Under Extra Options, change the description to Allow DMZ to any rule. Scroll to the bottom and select Save. Select Apply Changes. Configure pfSense's DHCP server for the DMZ interface. From the menu bar, select Services > DHCP Server. Under the Services breadcrumb, select DMZ. Select Enable. Configure the Range field as follows: From: 172.16.1.100 To: 172.16.1.200 Scroll to the bottom and select Save.

You are the security analyst for a small corporate network. After monitoring your network, you have discovered that several employees are wasting time visiting non-productive and potentially malicious websites. As such, you have added pfBlockerNG to your pfSense device. You now need to configure this feature and add the required firewall rules that allow/block specific URLs and prevent all DNS traffic from leaving your LAN network. In this lab, your task is to: Sign in to pfSense using:Username: admin Password: P@ssw0rd (zero) Create a firewall rule that blocks all DNS traffic leaving the LAN network. Create a firewall rule that allows all DNS traffic going to the LAN network. Use the following table for the two rules: Protocol: UDP (53) Descriptions: For the block rule: Block DNS from LAN, For the allow rule: Allow all DNS to LAN Arrange the firewall rules in the order that allows them to function properly. Enable and configure pfBlockerNG using the information in the following table: DNSBL Virtual IP192.168.0.0 Top-Level Domain (TLD): financereports.co totalpad.com salesscript.info Top-Level Domain (TLD): .www.google.com .play.google.com .drive.google.com

Sign into the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero). Select SIGN IN or press Enter. Create a firewall rule that blocks all DNS traffic coming from the LAN. From the pfSense menu bar, select Firewall > Rules. Under the Firewall breadcrumb, select LAN. Select Add (either one). Under Edit Firewall Rule, use the Action drop-down to select Block.Under Edit Firewall Rule, set Protocol to UDP. Under Source, use the drop-down menu to select LAN net.Under Destination, configure the Destination Port Range to use DNS (53) (for From and To). Under Extra Options, in the Description field, enter Block DNS from LAN.Select Save. Select Apply Changes. Create a firewall rule that allows all DNS traffic going to the LAN network.Select Add (either one). Under Edit Firewall Rule, set Protocol to UDP. Under Destination, use the drop-down menu to select LAN net.Configure the Destination Port Range to use DNS (53) (for From and To). Under Extra Options, in the Description field, enter Allow all DNS to LAN. Select Save.Select Apply Changes. Arrange the firewall rules in the order that allows them to function properly. Using drag-and-drop, move the rules to the following order (top to bottom): Anti-Lockout Rule Allow all DNS to LAN Block DNS from LAN In the simulated version of pfSense, you can only drag and drop the rules you created. You cannot drag and drop the default rule. Select Save. Select Apply Changes. Enable pfBlockerNG. From the pfSense menu bar, select Firewall > pfBlockerNG. Under General Settings, select Enable pfBlockerNG. Scroll to the bottom and select Save. Enable and configure DNS block lists. Under the Firewall breadcrumb, select DNSBL. Select Enable DNSBL. For DNSBL Virtual IP, enter 192.168.0.0. Scroll to the bottom and expand TLD Blacklist. Enter the following URLs in the TLD Blacklist box: financereports.co totalpad.com salesscript.info Expand TLD Whitelist and then enter the following URLs:.www.google.com .play.google.com .drive.google.com Select Save.

You work as the IT security administrator for a small corporate network. In an effort to protect your network against security threats and hackers, you have added Snort to pfSense. With Snort already installed, you need to configure rules and settings and then assign Snort to the desired interface. In this lab, your task is to use pfSense's Snort to complete the following: Sign into pfSense using the following: Username: admin Password: P@ssw0rd (zero) Enable the downloading of the following: Snort free registered User rules Oinkmaster Code: 359d00c0e75a37a4dbd70757745c5c5dg85aaSnort GPLv2 Community rules Emerging Threats Open rules Sourcefire OpenAppID detectors APPID Open rules Configure rule updates to happen once a day at 1:00 a.m. Hide any deprecated rules. Block offending hosts for 1 hour. Send all alerts to the system log when the Snort starts and stops. Assign Snort to the WAN interface using a description of WANSnort. Include: Sending alerts to the system log Automatically blocking hosts that generate a Snort alert Start Snort on the WAN interface.

Sign into the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Access the Snort Global Settings. From the pfSense menu bar, select Services > Snort. Under the Services breadcrumb, select Global Settings. Configure the required rules to be downloaded. Select Enable Snort VRT. In the Sort Oinkmaster Code field, enter 359d00c0e75a37a4dbd70757745c5c5dg85aa. You can copy and paste this from the scenario. Select Enable Snort GPLv2.Select Enable ET Open. Configure the Sourcefire OpenAppID Detectors to be downloaded. Under Sourcefire OpenAppID Detectors, select Enable OpenAppID. Select Enable RULES OpenAppID. Configure when and how often the rules will be updated. Under Rules Update Settings, use the Update Interval drop-down menu to select 1 Day. For Update Start Time, change to 01:00.Select Hide Deprecated Rules Categories. Configure Snort General Settings. Under General Settings, use the Remove Blocked Hosts Interval drop-down menu to select 1 HOUR. Select Startup/Shutdown Logging. Select Save. Configure the Snort Interface settings for the WAN interface. Under the Services breadcrumb, select Snort Interfaces and then select Add. Under General Settings, make sure Enable interface is selected. For Interface, use the drop-down menu to select WAN (PFSense port 1).For Description, use WANSnort. Under Alert Settings, select Send Alerts to System Log. Select Block Offenders. Scroll to the bottom and select Save. Start Snort on the WAN interface. Under the Snort Status column, select the arrow. Wait for a checkmark to appear, indicating that Snort was started successfully.

You are the IT administrator for a small corporate network. Several employees have complained of slow internet bandwidth. You have discovered that the user stations on the guest Wi-Fi network are consuming much of your company's bandwidth. You have decided to use pfSense's Traffic Shaper wizard to create the various rules needed to better control the bandwidth usage and to fine-tune the priority for the type of traffic used on your guest Wi-Fi network. Your network has one LAN and one WAN. In this lab, your task is to: Access the pfSense management console: Username: admin Password: P@ssw0rd (zero) Create a firewall alias using the following specifications:Name: HighBW Description: High bandwidth users Assign the IP addresses of the high-bandwidth users to the alias: Vera's IP address: 172.14.1.25 Paul's IP address: 172.14.1.100 The Shaper must be configured for the GuestWi-Fi interface using: An upload bandwidth of 5 Mbits A download bandwidth of 45 Mbits Allow your voice over IP traffic to have priority with:An upload bandwidth of 15 Mbits A download bandwidth of 20 Mbits To limit the user stations most likely to hog bandwidth, use the alias created earlier to penalize the offending stations to 2% of the bandwidth. Give a higher priority to the following services and protocols:MSRDP VNC PPTP IPSEC Change the port number used on the floating rule created for MSRDP as follows:Interface: GuestWi-Fi Destination Port Range: 3391 Answer the question.

Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero). Select SIGN IN or press Enter. Create a high bandwidth usage alias. From the pfSense menu bar, select Firewall > Aliases.Select Add. Configure the Properties as follows:Name: HighBW Description: High bandwidth users Type: Host(s) Add the IP addresses of the offending computers to the host(s) configuration as follows: Under Host(s), in the IP or FQDN field, enter 172.14.1.25. Select Add Host.In the new IP or FQDN field, enter 172.14.1.100. Select Save.S elect Apply Changes. Start the Traffic Shaper wizard for dedicated links. From the pfSense menu bar, select Firewall > Traffic Shaper. Under the Firewall bread crumb, select Wizards. Select traffic_shaper_wizard_dedicated.xml. Under Traffic shaper Wizard, in the Enter number of WAN type connections field, enter 1 and then select Next. Configure the Traffic Shaper. Make sure you are on Step 1 of 8. Using the drop-down menu for the upper Local interface, select GuestWi-Fi.Using the drop-down menu for lower Local interface, make sure PRIQ is selected. For the upper Upload field, enter 5. Using the drop-down menu for the lower Upload field, select Mbit/s. For the top Download field, enter 45. Using the drop-down menu for the lower Download field, select Mbit/s. Select Next. Prioritize voice over IP traffic. Make sure you are on Step 2 of 8. Under Voice over IP, select Enable to prioritize the voice over IP traffic. Under Connection #1 parameters, in the Upload rate field, enter 15. Using the drop-down menu for the top Units, select Mbit/s. For the Download rate, enter 20. Using the drop-down menu for the bottom Units, select Mbit/s. Select Next. Enable and configure a penalty box. Make sure you are on Step 3 of 8. Under Penalty Box, select Enable to enable the penalize IP or alias option. In the Address field, enter HighBW. This is the alias created earlier. For Bandwidth, enter 2. Select Next. Continue to step 6 of 8.For Step 4 of 8, scroll to the bottom and select Next.For Step 5 of 8, scroll to the bottom and select Next. Raise and lower the applicable application's priority. Make sure you are on Step 6 of 8. Under Raise or lower other Applications, select Enable to enable other networking protocols. Under Remote Service / Terminal emulation, use the: MSRDP drop-down menu to select Higher priority. VNC drop-down menu to select Higher priority. Under VPN:Use the PPTP drop-down menu to select Higher priority Use the IPSEC drop-down menu to select Higher priority Scroll to the bottom and select Next. For step 7 of 8, select Finish. Wait for the reload status to indicate that the rules have been created (look for Done). View the floating rules created for the firewall. Select Firewall > Rules. Under the Firewall breadcrumb, select Floating. In the top right, select Answer Questions. Answer the question and then minimize the question dialog. Change the port number used for the MSRDP outbound rule. For the m_Other MSRDP outbound rule, select the edit icon (pencil). Under Edit Firewall Rule, in the Interface field, select GuestWi-Fi. Under Destination, use the Destination Port Range drop-down menu to select Other. In both Custom fields, enter 3391. Select Save. Select Apply Changes. In the top right, select Answer Questions. Select Score Lab.

you work as the IT security administrator for a small corporate network. As part of an ongoing program to improve security, you want to implement an audit policy for all workstations. You plan to audit user logon attempts and other critical events. In this lab, your task is to configure the following audit policy settings in WorkstationGPO: Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings: Enabled Audit: Shut down system immediately if unable to log security audits: Enabled Retention method for security log: Define: Do not overwrite events (clear log manually) Account Logon: Audit Credential Validation: Success and Failure Account Management: Audit User Account Management: Success and Failure Account Management: Audit Security Group Management: Success and Failure Account Management: Audit Other Account Management Events: Success and Failure Account Management: Audit Computer Account Management: Success Detailed Tracking: Audit Process Creation: Success Logon/Logoff: Audit Logon: Success and Failure Logon/Logoff: Audit Logoff: Success Policy Change: Audit Authentication Policy Change: Success Policy Change: Audit Audit Policy Change: Success and Failure Privilege Use: Audit Sensitive Privilege Use: Success and Failure System: Audit System Integrity: Success and Failure System: Audit Security System Extension: Success and Failure System: Audit Security State Change: Success and Failure System: Audit IPsec Driver: Success and Failure

Using Group Policy Management, access CorpNet.local's Group Policy Objects > WorkgroupGPO. From Server Manager's menu bar, select Tools > Group Policy Management. Expand Forest: CorpNet.local > Domains > CorpNet.local > Group Policy Objects. Maximize the windows for better viewing. Access the WorkstationGPO's Security Settings Local Policies. Right-click WorkstationGPO and select Edit. Maximize the windows for better viewing. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies. Modify Local Policies. Select Security Options. From the right pane, double-click the policy you want to edit. Select Define this policy setting. Select the policy settings as required. Select OK. Select Yes to confirm changes as necessary. Repeat steps 3b - 3f for additional policy settings. Modify the Event Log. From the left pane, select Event Log. From the right pane, double-click the policy you want to edit. Select Define this policy setting. Select the policy settings as required. Select OK. Modify Advanced Audit Policy Configuration. From the left pane, expand Advanced Audit Policy Configuration > Audit Policies. Select the audit policy category. From the right pane, double-click the policy you want to edit. Select Configure the following audit events. Select the policy settings as required. Select OK. Repeat steps 5b-5f for additional policy settings.

You are the CorpNet IT administrator. Your support team says that CorpNet's customers are unable to browse to the public-facing web server. You suspect that it might be under some sort of denial-of-service attack, possibly a TCP-SYN flood attack. Your www_stage computer is on the same network segment as your web server, so you should use this computer to investigate the problem. In this lab, your task is to: Capture packets from the network segment on www_stage using Wireshark. Use the enp2s0 interface. Analyze the attack using the following filters:tcp.flags.syn==1 and tcp.flags.ack==1tcp.flags.syn==1 and tcp.flags.ack==0 Answer the question.

Using Wireshark, only capture packets containing both the SYN flag and ACK flags. From the Favorites bar, select Wireshark. Under Capture, select enp2s0.From the menu, select the blue fin to begin the capture. In the Apply a display filter field, type tcp.flags.syn==1 and tcp.flags.ack==1 and press Enter to filter Wireshark to display only those packets with both the SYN flag and ACK flag. You may have to wait up to a minute before any SYN-ACK packets are captured and displayed. Select the red square to stop the capture. Change the filter to only display packets with the SYN flag. In the Apply a display filter field, change the tcp.flags.ack ending from the number 1 to the number 0 and press Enter. Notice that there are a flood of SYN packets being sent to 198.28.1.1 (www.corpnet.xyz) that are not being acknowledged. In the top right, select Answer Questions. Answer the question. Select Score Lab.

You are the IT security administrator for a small corporate network. You've received a zip file that contains sensitive password-protected files. You need to access these files. The zip file is located in the home directory. In this lab, your task is to use John the Ripper to: Crack the root password on the Linux computer named Support. Crack the password of the protected.zip file located in the home directory on IT-Laptop.

View the current John the Ripper password file. From the Favorites bar, select Terminal. At the prompt, type cd /usr/share/john and press Enter. Type ls and press Enter. Type cat password.lst and press Enter to view the password list.Type cd and press Enter to go back to the root. Crack the root password on the Support computer. Type john /etc/shadow and press Enter. The password is shown. Can you find it? Type john /etc/shadow and press Enter to attempt to crack the Linux passwords again. Notice that it does not attempt to crack the password again. The cracked password is already stored in the john.pot file.Use alternate methods of viewing the previously cracked password. Type john /etc/shadow --show and press Enter. Type cat ./.john/john.pot and press Enter to view the contents of the john.pot file. In the top right, select Answer Questions and then answer question 1. Open a terminal on the IT-Laptop. From the top navigation tabs, select Floor 1 Overview. Under IT Administration, select IT-Laptop. From the Favorites bar, select Terminal. Export the contents of the protected.zip file to a text file. At the prompt, type ls and press Enter. Notice the protected.zip file you wish to crack. Type zip2john protected.zip > ziphash.txt and press Enter. Type cat ziphash.txt and press Enter to confirm that the hashes have been copied. Using the text file, crack the password of the protected.zip file .Type john --format=pkzip ziphash.txt and press Enter to crack the password. The password is shown. Can you find it? Type john ziphash.txt --show and press Enter to show the previously cracked password.In the top right, select Answer Questions. In the top right, select Answer Questions and then answer Question 2. Select Score Lab.

You are the IT administrator at a small corporate office. You just downloaded a new release for a program you use. You need to make sure the file was not altered before you received it. Another file containing the original file hash was also downloaded. Both files are located in the C:\Downloads folder. In this lab, your task is to use MD5 hash files to confirm that the Release.zip file was unaltered. From Windows PowerShell: Generate a file hash for the new Release.zip file. View the hash of the original file stored in the release821hash.txt file. Use the following command to compare the original hash of the Release.zip file to its calculated hash to see if they match: "new hash" -eq "known hash"

View the files in the C:\Downloads folder. Right-click Start and select Windows PowerShell (Admin).At the prompt, type cd C:\downloads and press Enter to navigate to the directory that contains the files. Type dir and press Enter to view the available files. Confirm that the Release.zip file is unaltered. Type get-filehash Release.zip -a md5 and press Enter to view the MD5 hash. Type get-content release821hash.txt and press Enter to view the known hash contained in the .txt file. Type "new hash" -eq "known hash" and press Enter to determine whether the file hashes match. The new hash is the hash generated by the get-filehash file_name -a md5 command. The known hash is the hash generated by the get-content file_name.txt command. Include the quotation marks and the file extensions with the file names in the commands. Answer the question. In the top right, select Answer Questions. Answer the question. Select Score Lab.