TestOut Security Pro, Lab Practice

7.4.8 Configure BitLocker with a TPM You work as the IT security administrator for a small corporate network. The employee in Office 1 is working on a very sensitive project. Management is concerned that if the hard drive in the computer were stolen, sensitive information could be compromised. As a result, you have been asked to encrypt the entire System volume. The Office1 computer has a built-in TPM on the motherboard. In this lab, your task is to configure BitLocker drive encryption as follows: From within the computer's BIOS, turn on and activate TPM Security. From Windows, turn on BitLocker for the System (C:) drive. Back up the recovery key to the \\CorpServer\BU-Office1 folder. Encrypt the entire System (C:) drive. Use the new encryption mode. Run the BitLocker system check.

1.) (Optional) Try to enable BitLocker. From the search field on the Windows taskbar, type Control. From Best match, select Control Panel. Select System and Security. From the right pane, select BitLocker Drive Encryption. Under Operating system drive, select Turn on BitLocker.An error message at the bottom of the screen indicates that a TPM security device was not found. Select Cancel. 2.) Access the BIOS settings. Right-click the Start menu and then select Shut down or sign out > Restart to reboot your computer. When the TestOut logo appears, press Delete to enter the BIOS. 3.) Turn on and activate the TPM. From the left pane, expand and select Security > TPM Security. From the right pane, select TPM Security and then select Apply. Select Activate and then select Apply. Select Exit.Your computer will automatically reboot. 4.) Turn BitLocker on. From the search field on the Windows taskbar, type Control. From Best match, select Control Panel. Select System and Security. Select BitLocker Drive Encryption. Under Operating system drive, select Turn on BitLocker. Windows begins the Drive Encryption setup. 5.) Back up a BitLocker recovery key. Select Save to a file. In the left pane, expand and select Network > CorpServer > BU-Office1. Select Save. Select Next. 6.) Configure BitLocker encryption. Select Encrypt entire drive and then select Next. Make sure that New encryption mode is selected and then select Next. Select Run BitLocker system check and then select Continue. Select Restart now.The computer will reboot, and the encryption process will run automatically. When the encryption process is complete, select Close. 7.)Verify that encryption is enabled. From the Windows taskbar, select File Explorer. From the left pane, select This PC. From the right pane, verify that the System (C:) drive shows the encryption lock icon.

6.5.13 Create a Group You are the IT administrator for the CorpNet domain. You have decided to use groups to simplify the administration of access control lists. Specifically, you want to create a group containing the department managers. In this lab, your task is to use Active Directory Users and Computers to complete the following actions on the CorpDC server: In the Users container, create a group named Managers. Configure the group as follows: -Group scope: Global -Group type: Security Make the following users members of the Managers group: -Organization Unit: -Accounting -Research-Dev -Marketing\MarketingManagers -Research-Dev\ResearchManagers -Sales\SalesManagers -Support\SupportManagers -Username: -Mark Woods -Pat Benton -Juan Suarez -Arlene Kimbly -Mark Burnes -Shelly Emery

1.) Access Active Directory Users and -Computers on the CorpDC server. -From Hyper-V Manager, select CORPSERVER. -From the Virtual Machines pane, double-click CorpDC. -From Server Manager's menu bar, select Tools > Active Directory Users and Computers. -Maximize the window for better viewing. 2.) In the Users container, create a group named Managers. -From the left pane, expand and select CorpNet.local > Users. -Right-click the Users container and select New > Group. -In the Group name field, enter Managers.A pre-Windows 2000 group name is created automatically, but it can be changed. -Under Group scope, make sure Global is selected. -Under Group type, make sure Security is selected and select OK. 3.) Add user accounts to the Managers group. -From the left pane, ensure that the Users container is still selected. -From the right pane, right-click Managers and select Properties. -Select the Members tab. -Select Add. -In the Enter the object names to select field, enter all the usernames. Use a semicolon to separate each name. Example: Steve Hoffer; Peter Williams; Princess Diana -Select Check Names. -Select OK to add the users and close the dialog. -Select OK to close the Managers Properties dialog.

6.5.14 Create Global Groups You are the IT Administrator for the CorpNet.local domain. You are in the process of implementing a group strategy for your network. You have decided to create global groups as shadow groups for specific departments in your organization. Each global group will contain all users in the corresponding department. In this lab, your task is to: Create the following global security groups on the CorpDC server in their corresponding OUs: -OU Creation Location -Accounting -Research-Dev -Sales -New Group Name -Accounting -Research-Dev -Sales Add all user accounts in the corresponding OUs and sub-OUs as members of the newly created groups.

1.) Access Active Directory Users and Computers on the CorpDC server From Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. From Server Manager's menu bar, select Tools > Active Directory Users and Computers. Maximize the window for better viewing. From the left pane, expand CorpNet.local. 2.) Create the groups Right-click the OU where the new group is to be added and select New > Group. In the Group name field, enter the name of the group. Make sure the Global Group scope is selected. Make sure the Security Group type is selected. Click OK. 3.) Add users to groups In the right pane, right-click the user account(s) and select Add to a group. (Use the Ctrl or Shift keys to select and add multiple user accounts to a group at one time.) In the Enter the object names to select field, enter the name of the group. Select Check Names and verify that the object name was found. Click OK to accept the groups added. Click OK to acknowledge the change. If a sub-OU with users exist, double-click on the sub-OU and then repeat step 3. Do this for each sub-group. 4.) Repeat steps 2 - 3 for additional groups and users.

6.5.12 Manage User Accounts You are the IT administrator for a small corporate network. You recently added an Active Directory domain on the CorpDC server to manage network resources centrally. Organizational units in the domain represent departments. User and computer accounts are in their respective departmental OUs. Over the past few days, several personnel changes have occurred that require changes to user accounts. In this lab, your task is to use the following information to make the necessary user account changes on CorpDC: -Mary Barnes from the Accounting Department has forgotten her password, and now her account is locked. -Unlock the account. -Reset the password to asdf1234$. -Require a password change at the next logon. -Mark Woods has been fired from the accounting department. Disable his account. -Pat Benton is returning to the Research-Dev department from maternity leave. Her account is disabled to prevent logon. Enable her account. -Andrea Simmons from the Research-Dev department has recently married. -Rename the account Andrea Socko. -Change the last name to Socko. -Change the display name to Andrea Socko. -Change the user logon and the pre-Windows 2000 user logon name to asocko. -For all users in the Support OU (but not the SupportManagers OU), allow logon only to the Support computer.

1.) Access Active Directory Users and Computers on the CorpDC server. From Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing. 2.) From the left pane, expand CorpNet.local. 3.) Unlock the Mary Barnes account. -From the left pane, select Accounting. -Right-click Mary Barnes and select Reset Password. -In the New password field, enter asdf1234$. -In the Confirm password field, enter asdf1234$. -Make sure User must change password at next logon is selected. -Make sure Unlock the user's account is selected. -Select OK. -Select OK to confirm the changed. 4.) Disable the Mark Woods account. From the right pane, right-click Mark Woods and select Disable Account. -Select OK to confirm the change. 5.) Enable Pat Benton's account. -From the left pane, select Research-Dev. -From the right pane, right-click Pat Benton and select Enable Account. -Select OK to confirm the change. 6.) Rename the Andrea Simmons account. -Right-click Andrea Simmons and select Rename. -Enter Andrea Socko and press Enter. This opens the Rename User dialog. -In the Last name field, enter Socko. -In the User logon name field, replace the old name with asocko. -Select OK. 7.) Configure user account restrictions. -From the left pane, select Support. -Press the Ctrl key and then from the right pane, select both the Tom Plask and Janice Rons users to edit multiple users at the same time. -Right-click the user accounts and select Properties. -Select the Account tab. -Select Computer restrictions. -Select Log On To. -Select The following computers. -In the Computer name field, type Support. -Select Add. -Select OK. -Select OK.

7.5.6 Manage Certificates You are the IT administrator for a growing corporate network. You manage the certification authority for your network. As part of your daily routine, you perform several certificate management tasks. CorpCA, the certification authority, is a guest server on CorpServer2. In this lab, your task is to complete the following: Your network uses smart cards to control access to sensitive computers. Currently, the approval process dictates that you manually approve smart card certificate requests.Approve pending certificate requests for smart card certificates from tsutton and mmallory. Deny the pending web server certificate request for CorpSrv12. User bchan lost his smartcard. Revoke the certificate assigned to bchan.CorpNet.com using the Key Compromise reason code. Unrevoke the CorpDev3 certificate.

1.) Access Certification Authority on the CORPSERVER2 server. From Hyper-V Manager, select CORPSERVER2. Maximize the window for easier viewing. From the Virtual Machines pane, double-click CorpCA. From Server Manager's menu bar, select Tools > Certification Authority. Maximize the window for easier viewing. From the left pane, expand CorpCA-CA. 2.) Approve the pending certificate request for tsutton and mmallory. Select Pending Requests. From the right pane, scroll to the Requester Name column. Right-click tsutton and select All Tasks > Issue to approve the certificate. Right-click mmallory and select All Tasks > Issue. 3.) Deny the pending request for CorpSrv12. Right-click CorpSrv12.CorpNet.com and select All Tasks > Deny. Select Yes. 4.) Revoke bchan's certificates. From the left pane, select Issued Certificates. From the right pane, right-click bchan.CorpNet.com and select All Tasks > Revoke Certificate. Using the Reason code drop-down menu list, select Key Compromise. Select Yes. 5.) Unrevoke the CorpDev3 certificate. From the left pane, select Revoked Certificates. From the right pane, right-click CorpDev3.CorpNet.com and select All Tasks > Unrevoke Certificate.

6.5.6 Delete OUs You are the IT administrator for a corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. You have created an Active Directory structure based on the company's departmental structure. While creating the structure, you added a Workstations OU in each of the departmental OUs. After further thought, you decide to use one Workstations OU for the entire company. As a result, you need to delete the departmental Workstations OUs. In this lab, your task is to delete the following OUs on CorpDC: Within the Marketing OU, delete the Workstations OU. Within the Research-Dev OU, delete the Workstations OU. Within the Sales OU, delete the Workstations OU.

1.) Access the CorpDC server. From Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. 2.) Delete the applicable OUs. From Server Manager, select Tools > Active Directory Users and Computers. Select View > Advanced Features.This enables the Advanced feature, allowing you to disable the OU from accidental deletion. From the left pane, expand CorpNet.local > the_parent OU. Right-click the OU that needs to be deleted and then select Properties. Select the Object tab. Clear Protect object from accidental deletion and then select OK. Right-click the OU to be deleted and then click Delete. Click Yes to confirm the OU's deletion. Repeat steps 2c - 2h to delete the remaining OUs. 3.) From the Active Directory Users and Computers menu bar, select View > Advanced Features to turn off the Advanced Features view.

6.6.11 Configure Smart Card Authentication You work as the IT administrator for a growing corporate network. The Research and Development Department is working on product enhancements. Last year, some secret product plans were compromised. As a result, the company decided to implement smart cards for logon to every computer in the Research and Development Department. No user should be able to log onto the workstation without using a smart card. In this lab, your task is to perform the following on CorpDC: Enforce the existing Research-DevGPO linked to the Research-Dev OU. Edit the Research-DevGPO and configure the following local security setting policies located in the Computer Configuration section:PolicySettingInteractive logon: Require smart cardEnableInteractive logon: Smart card removal behaviorForce logoff

1.) Access the CorpDC server. In Hyper-V Manager, select CORPSERVER. Double-click CorpDC. 2.) Enforce the existing Research-DevGPO. From Server Manager, select Tools > Group Policy Management. Maximize the window for better viewing. From the left pane, expand Forest: CorpNet.local > Domains > CorpNet.local > Group Policy Objects. From the left pane, select the Research-DevGPO. From the Scope tab under Links, right-click Research-Dev and then select Enforced. 3.) Edit Research-DevGPO polices From the left pane, right-click Research-DevGPO and then select Edit. Maximize the window for better viewing. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies. Select Security Options. From the right pane, double-click the policy and select Properties. Select Define this policy setting. Select additional parameters to configure the policy setting. Select OK. Repeat steps 3e-3h to configure the additional policy setting.

6.10.6 Configure Kerberos Policy Settings You are the IT security administrator for a small corporate network that has a single Active Directory domain named CorpNet.local. You are working on increasing the authentication security of the domain. In this lab, your task is to configure the Kerberos policy settings in the Default Domain Policy using Group Policy Management with the following settings: Security SettingValueMaximum lifetime for service ticket180 minutesMaximum lifetime for user ticket3 hoursMaximum lifetime for user ticket renewal3 daysMaximum tolerance for computer clock synchronization1 minute Start Lab

1.) Access the CorpNet.local Default Domain Policy. From Server Manager, select Tools > Group Policy Management. Maximize the window for better viewing. Expand Forest: CorpNet.local > Domains > CorpNet.local. 2.) Edit the Default Domain Policy to configure the Kerberos policy for computer configurations. Right-click Default Domain Policy and then select Edit. Maximize the window for better viewing. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Account Policies. Select Kerberos Policy. From the right pane, double-click the policy you want to edit. Configure the policy setting and then select OK. Repeat steps 2e - 2f for each policy setting.

6.6.6 Restrict Local Accounts You are the IT security administrator for a small corporate network. You are working to increase the authentication security of the domain. You need to make sure that only authorized users have administrative rights to all local machines. Local users and groups can be controlled through a GPO linked to the domain. In this lab, your task is to edit the Default Domain Policy and configure the Local Users and Groups policy settings as follows: Create a policy to update the built-in Administrator local group. Delete all member users. Delete all member groups. Add BUILTIN\Administrator to the group. Add %DOMAINNAME%\Domain Admins to the group.

1.) Access the CorpNet.local domain under Group Policy Management. From Server Manager, select Tools > Group Policy Management. Maximize the windows for better viewing. Expand Forest: CorpNet.local > Domains > CorpNet.local. 2.) Create a policy to update the built-in Administrator local group Right-click Default Domain Policy and select Edit. Maximize the windows for better viewing. Under Computer Configuration, expand Preferences > Control Panel Settings. Right-click Local Users and Groups and select New > Local Group. Using the Group name drop-down, select Administrators (built-in). Select Delete all member users to remove all member users. Select Delete all member groups to remove all member groups. Select Add. In the Name field, enter BUILTIN\Administrator and then select OK. Select Add. In the Name field, enter %DOMAINNAME%\Domain Admins and then select OK. Select OK to save the policy.

6.5.10 Create and Link a GPO You are the IT security administrator for a small corporate network. You would like to use Group Policy to enforce settings for certain workstations on your network. You have prepared and tested a security template file that contains policies that meet your company's requirements. In this lab, your task is to perform the following on CorpDC: -Create a GPO named Workstation Settings in the CorpNet.local domain. -Link the Workstation Settings GPO to the following organizational units (OUs): -Marketing > TempMarketing -Sales > TempSales -Support -Import the ws_sec.inf template file, located in C:\Templates, to the Workstation Settings Group Policy object.

1.) Access the CorpNet.local domain. -From Server Manager, select Tools > Group Policy Management. -Expand Forest: CorpNet.local > Domains > CorpNet.local. -Maximize the window for better viewing. 2.) Create the Workstation Settings GPO and link it to the CorpNet.local domain. -Right-click the Group Policy Objects OU and select New. -In the Name field, enter the Workstation Settings and then click OK. 3.) Link OUs to the Workstation Settings GPO. -Right-click the OU and select Link an Existing GPO. -Under Group Policy Objects, select Workstation Settings from the list and then click OK. -Repeat step 3 to link the additional OUs. 4.) Import the ws_sec.inf security policy template. -Expand Group Policy Objects. -Right-click Workstation Settings and select Edit. -Under Computer Configuration, expand Policies > Windows Settings. -Right-click Security Settings and select Import Policy. -Browse to the C:\Templates. -Select ws_sec.inf and then click Open.

8.1.5 Configure a Wireless Network You are a network technician for a small corporate network. You just installed a Ruckus zone controller and wireless access points throughout your office buildings using wired connections. You now need to configure basic wireless network settings. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: Create a WLAN using the following settings:Name: CorpNet WirelessESSID: CorpNetType: Standard UsageAuthentication: OpenEncryption: WPA2Encryption algorithm: AESPassphrase: @CorpNetWeRSecure! Connect the Exec-Laptop in the Executive office to the new wireless network.

1.) Access the Ruckus zone controller. From the taskbar, open Chrome. In the URL field, enter 192.168.0.6 and press Enter. Maximize the window for easier viewing. 2.) Log into the Wireless Controller console. In the Admin field, enter admin (case sensitive). In the Password field, enter password as the password. Select Login. 3.) Create a new WLAN. Select the Configure tab. From the left menu, select WLANs. Under WLANs, select Create New. In the New Name field, enter the CorpNet Wireless. In the ESSID field, enter the CorpNet. Under Type, make sure Standard Usage is selected. Under Authentication Options, make sure Open is selected. Under Encryption Options, select WPA2. Under Algorithm, make sure AES is selected. In the Passphrase field, enter @CorpNetWeRSecure!. Select OK. 4.) Switch to the Exec-Laptop. Using the navigation tabs at the top of the screen, select Floor 1. Under Executive Office, select Exec-Laptop. 5.) Connect to the new CorpNet wireless network. In the notification area, select the wireless network icon to view the available networks. Select CorpNet. Select Connect. Enter @CorpNetWeRSecure! for the security key. Select Next. Select Yes to make the computer discoverable on the network.The CorpNet network now shows as being connected and secured.

8.3.7 Configure WIPS You are a network technician for a small corporate network. You would like to enable Wireless Intrusion Prevention on the wireless controller. You are already logged in as WxAdmin. Access the Wireless Controller console through Chrome on http://192.168.0.6. In this lab, your task is to: Configure the wireless controller to protect against denial-of-service (DOS) attacks as follows:Protect against excessive wireless requests.Block clients with repeated authentication failures for two minutes (120 seconds). Configure Intrusion Detection and Prevention as follows:Report all rogue devices regardless of type.Protect the network from rogue access points. Enable Rogue DHCP Server Detection.

1.) Access the Ruckus zone controller. From the taskbar, open Google Chrome. In the URL field, enter 192.168.0.6 and press Enter. Maximize the window for easier viewing. 2.) Configure Denial of Service protection. Select the Configure tab. From the left menu, select WIPS. Under Denial of Services(DoS), select Protect my wireless network against excessive wireless requests. Select Temporarily block wireless clients with repeated authentication failures. Enter 120 seconds. On the right, select Apply. 3.) Configure Intrusion Detection and Prevention: Under Intrusion Detection and Prevention, select Enable report rogue devices. Select Report all rogue devices. Select Protect the network from malicious rogue access points. On the right, select Apply. 4.) Select Enable rogue DHCP server detection and then select Apply.

8.3.6 Harden a Wireless Network You are a network technician for a small corporate network. You need to increase the security of your wireless network. Your new wireless controller provides several security features that you want to implement. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: Change the admin username and password for the Zone Director controller to the following:Admin Name: WxAdminPassword: ZDAdminsOnly!$ (O is the capital letter O) Set up MAC address filtering (L2 Access Control) to create a whitelist called Allowed Devices that includes the following wireless devices:00:18:DE:01:34:6700:18:DE:22:55:9900:02:2D:23:56:8900:02:2D:44:66:88 Implement a device access policy called NoGames that blocks gaming consoles from the wireless network.

1.) Access the Ruckus zone controller. From the taskbar, select Google Chrome. In the URL field, enter 192.168.0.6 and press Enter. Maximize the window for easier viewing. 2.) Log in to the wireless controller console. In the Admin field, enter admin (case sensitive). In the Password field, enter password as the password. Select Login. 3.) Change the admin username and password for the Zone Director controller. From the top, select the Administer tab. Make sure Authenticate using the admin name and password is selected. In the Admin Name field, enter WxAdmin. In the Current Password field, enter password. In the New Password field, enter ZDAdminsOnly!$. In the Confirm New Password field, enter ZDAdminsOnly!$. On the right, select Apply. 4.) Enable MAC address filtering. From the top, select the Configure tab. From the left menu, select Access Control. Expand L2-L7 Access Control. Under L2/MAC address Access Control, select Create New. In the Name field, enter Allowed Devices. Under Restriction, make sure Only allow all stations listed below is selected. Enter a MAC address. Select Create New. Repeat step 4g-4h for each MAC address you would like to add to the ACL. Select OK. 5.) Configure access controls. Under Access Control, expand Device Access Policy. Select Create New. In the Name field, enter NoGames. Select Create New. In the Description field, enter Games. Using the OS/Type drop-down list, select Gaming. In the Type field, select Deny. Under Uplink, make sure Disabled is selected. Under Downlink, make sure Disabled is selected. Select Save. Select OK.

6.6.7 Secure Default Accounts You work as the IT security administrator for a small corporate network. You are improving office computers' security by renaming and disabling default computer accounts. In this lab, your task is to perform the following on the Office1 computer: Rename the Administrator account Yoda. Disable the Guest account. Verify that Password never expires is not selected for any local users. This forces them to change their passwords regularly. Delete any user accounts with User must change password at next logon selected. This indicates that a user has never logged in. Start Lab

1.) Access the computer's Computer Management tool. Right-click Start and select Computer Management. Under System Tools, expand Local Users and Groups. Select Users. 2.) Rename the Administrator account From the center pane, right-click Administrator and select Rename. Enter Yoda and press Enter. 3.) Disable the Guest account Right-click Guest and select Properties. Select Account is disabled and click OK. 4.) Remove Password never expires option if it is selected. Right-click a user and select Properties. Deselect Password never expires (if selected) and then select OK. Repeat step 4 for each user. 5.) Delete any unused accounts Right-click the user that has User must change password at next logon selected and select Delete. Click Yes to confirm deletion of the account.

6.8.4 Add Users to a Group Maggie Brown (mbrown) and Corey Flynn (cflynn) have recently been hired in the human resources department. You have already created their user accounts. In this lab, your task is to: Add the hr group as a secondary group for the mbrown and cflynn user accounts. When you're finished, view the /etc/group file or use the groups command to verify the changes.

1.) Add users to the hr group. At the prompt, type usermod -G hr mbrown and press Enter. Use usermod -G hr cflynn and press Enter. 2.) Verify the group membership for the users added to each group. Use groups mbrown and press Enter. Use groups cflynn and press Enter.

6.7.8 Change a User's Password Salman Chawla (schawla) forgot his password and needs access to the resources on his computer. You are logged on as wadams. The password for the root account is 1worm4b8. In this lab, your task is to: Change the password for the schawla user account to G20oly04 (0 is a zero). Make sure the password is encrypted in the shadow file.

1.) Change Salman Chawla's password At the prompt, type su -c "passwd schawla", then press Enter. Type 1worm4b8, then press Enter. This is the password for the root user. At the New password prompt, type G20oly04, then press Enter. This is the new password for the schawla user account. At the Retype new password prompt, type G20oly04, then press Enter.

6.7.7 Change Your Password You use a special user account called Administrator to log on to your computer. However, you think someone has learned your password. You are logged on as Administrator. In this lab, your task is to change your password to r8ting4str. The current Administrator account uses 7hevn9jan as the password.

1.) Change your password At the prompt, type passwd and press Enter. When prompted, enter 7hevn9jan and press Enter. This is the current password. At the New password prompt, enter r8ting4str and press Enter. Retype r8ting4str as the new password and press Enter.

8.2.6 Configure Rogue Host Protection You are a network technician for a small corporate network. You want to take advantage of the self-healing features provided by the small enterprise wireless solution you've implemented. You're already logged in as WxAdmin on the Wireless Controller console from ITAdmin. In this lab, your task is to: Configure self-healing on the wireless network.Automatically adjust AP radio power to optimize coverage when interference is present.Set 2.4 GHz and 5 GHz radio channels to use the Background Scanning method to adjust for interference. Configure the background scanning needed for rogue device detection, AP locationing, and self-healing. Background scans should be performed on all radios every 30 seconds. Configure load balancing for all radios by adjusting the threshold to 40 dB. Configure band balancing to allow no more than 30% of clients to use the 2.4 GHz radios. Reduce the power levels to -3 dB for three access points in Building A to reduce RF emanations. Use the wireless survey results in the exhibit to identify the access points.The amount you reduce TX Power by requires a judgment call based on the wir

1.) Configure self-healing. From the top, select the Configure tab. From the left menu, select Services. Under Self-Healing, select Automatically adjust AP radio power to optimize coverage when interference is present. Using the Automatically adjust 2.4GHz channels using drop-down menu, select Background Scanning from the drop-down menu. Using the Automatically adjust 5GHz channels using drop-down menu, select Background Scanning from the drop-down menu. On the right, select Apply. 2.) Configure background scanning. Select Run a background scan on 2.4GHz radio. Enter 30 seconds. Select Run a background scan on 5GHz radio. Enter 30 seconds. On the right, select Apply. 3.) Configure load balancing. Select Run load balancing on 2.4GHz radio. In the Adjacent radio threshold(dB) field, enter 40. Select Run load balancing on 5GHz radio. In the Adjacent radio threshold(dB) field, enter 40. On the right, select Apply. 4.) Configure band balancing. Select Percent of clients on 2.4GHz radio. Enter the 30. On the right, select Apply. 5.) Adjust the AP power level. From the left menu, select Access Points. From the top right, select Exhibit to determine which access points to adjust. Select Edit next to the access point to be modified. Under Radio B/G/N(2.4G) next to TX Power, make sure Override Group Config is selected. From the TX Power drop-down list, select -3dB (1/2). Under Radio A/N/AC(5G) next to TX Power, make sure Override Group Config is selected. From the TX Power drop-down list, select -3dB (1/2). Select OK. Repeat steps 5b - 5h for additional access points.

5.11.11 Secure Access to a Switch 2 You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet by creating an access control list. You have been asked to prevent video game consoles from connecting to the switch. In this lab, your task is to: Create a MAC-based ACL named GameConsoles. Configure the GameConsoles MAC-based access control entry (ACE) settings as follows:PriorityActionDestinationMAC AddressSource MAC Address1DenyAnyValue: 00041F111111Mask: 0000001111112DenyAnyValue: 005042111111Mask: 0000001111113DenyAnyValue: 000D3A111111Mask: 0000001111114DenyAnyValue: 001315111111Mask: 0000001111115DenyAnyValue: 0009BF111111Mask: 0000001111116DenyAnyValue: 00125A111111Mask: 000000111111 Bind the GameConsoles ACL to all of the GE1-GE30 interfaces.Use Copy Settings to apply the binding to multiple interfaces Save the changes to the switch's startup configuration file. Use the default settings.

1.) Create the GameConsoles ACL. From the Getting Started page, under Quick Access, select Create MAC-Based ACL. Select Add. In the ACL Name field, enter GameConsoles Click Apply and then click Close. 2.) Create MAC-based access control. Select MAC-Based ACE Table. Select Add. Enter the priority. Select the action. For Destination MAC Address, make sure Any is selected. For Source MAC Address, select User Defined. Enter the source MAC address value. Enter the source MAC address mask. Click Apply. Repeat steps 2c-2i for additional ACE entries. Click Close. 3.) Bind the GameConsoles ACL to all of the interfaces. From the left pane, under Access Control, select ACL Binding (Port). Select GE1. At the bottom of the window, select Edit. Click Select MAC-Based ACL. Select Apply and then select Close. Select Copy Settings. In the Copy configuration's to field, enter 2-30. Click Apply. 4.) Save the Configuration. From the top of the window, select Save. Under Source File Name, make sure Running configuration is selected. Under Destination File Name, make sure Startup configuration is selected. Click Apply. Click OK.

6.7.6 Delete a User Terry Haslam (thaslam) was dismissed from the organization. His colleagues have harvested the files they need from his home and other directories. Your company security policy states that upon dismissal, users accounts should be removed in their entirety. In this lab, your task is to: Delete the thaslam user account and home directory from the system. When you're finished, view the /etc/passwd file and /home directory to verify the account's removal.

1.) Delete the Terry Haslam account and home directory. At the prompt, type userdel -r thaslam and press Enter. 2.) Verify the account's removal Type cat /etc/passwd and press Enter. Type ls /home and press Enter to verify that the account was removed.

7.1.11 Hide Files with OpenStego You are the IT security administrator for a small corporate network. Recently, some of your firm's proprietary data leaked online. You have been asked to use steganography to encrypt data into a file that is to be shared with a business partner. The data will allow you to track the source if the information is leaked again. In this lab, your task is to use OpenStego to hide data in photos as follows: Encrypt the user data into the file to be shared. Name the file send.png and save it in the Documents folder. Password-protect the file with NoMor3L3@ks! as the password. Confirm the functionality of the steganography by extracting the data and opening the file to confirm that the associated username has been embedded into the file.

1.) Encrypt the user data into the file to be shared. In the search field on the taskbar, type OpenStego. Under Best match, select OpenStego. 2.) Select the Message, Cover, and Output Stego files. For Message File field, select the ellipses [...] button at the end of the field. Double-click John.txt to select the file. For Cover File field, select the ellipses [...] button at the end of the field. Double-click gear.png to select the file. For the Output Stego File field, select the ellipses [...] button at the end of the field. In the File name field, enter send.png and then select Open. 3.) Password protect the file. In the Password field, enter NoMor3L3@ks! In the Confirm Password field, enter NoMor3L3@ks! Select Hide Data. Select OK. 4.) Extract the data. Under Data Hiding, select Extract Data. For the Input Stego File field, select the ellipses [...] button. Double-click send.png to select the file with the encryption. For the Output Folder for Message File field, select the ellipses [...] button. Double-click Export to set it as the destination of the file output. Click Select Folder. In the Password field, enter NoMor3L3@ks! as the password. Select Extract Data. Select OK. 5.) Verify that the decryption process was successful. From the taskbar, select File Explorer. Double-click Documents to navigate to the folder.

5.13.6 Permit Traffic The Fiji router has been configured with Standard IP Access List 11. The access list is applied to the Fa0/0 interface. The access list must allow all traffic except traffic coming from hosts 192.168.1.10 and 192.168.1.12. However, you've noticed that it's preventing all traffic from being sent on Fa0/0. You remember that access lists contain an implied deny any statement. This means that any traffic not permitted by the list is denied. For this reason, access lists should contain at least one permit statement or all traffic is blocked. In this lab, your task is to: -Add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic. -Save your changes in the startup-config file.

1.) Enter the configuration mode for the Fiji router: -From the exhibit, select the Fiji router. -From the terminal, press Enter. -Type enable and then press Enter. -Type config term and then press Enter. 2.) From the terminal, add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic. -Type access-list 11 permit any and press Enter. -Press Ctrl + Z. 3.) Save your changes in the startup-config file. -Type copy run start and then press Enter. -Press Enter to begin building the configuration. -Press Enter.

5.13.7 Block Source Hosts You have a small business network connected to the internet through a single router as shown in the network diagram. You have noticed that three hosts on the internet have been flooding your router with unwanted traffic. As a temporary measure, you want to prevent all communication from these three hosts until the issue is resolved. In this lab, your task is to: -Create a Standard Access List 25. -Add statements to the access list to block traffic from the following hosts: -199.68.111.199 -202.177.9.1 -211.55.67.11 -Add a statement to allow all other traffic from all other hosts. -Apply Access List 25 to the Serial0/0/0 interface to filter incoming traffic.

1.) Enter the configuration mode for the router: -From the exhibit, select the router. -From the terminal, press Enter. -Type enable and then press Enter. -Type config term and then press Enter. 2. ) From the terminal, create a standard numbered access list using number 25. Add statements to the access list to block traffic to the required hosts. -Type access-list 25 deny host 199.68.111.199 and press Enter. -Type access-list 25 deny host 202.177.9.1 and press Enter. -Type access-list 25 deny host 211.55.67.11 and press Enter. 3.) From the terminal, add a statement to allow all other traffic from all other hosts, by typing access-list 25 permit any and pressing Enter. 4.) From the terminal, apply Access List 25 to the Serial0/0/0 interface to filter incoming traffic. -Type int s0/0/0 and press Enter. -Type ip access-group 25 in and press Enter. -Type Ctrl + Z.

5.13.5 Restrict Telnet and SSH Access You are in the process of configuring a new router. The router interfaces connect to the following networks: Interface: FastEthernet0/0 FastEthernet0/1 FastEthernet0/1/0 Network: 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 Only Telnet and SSH access from these three networks should be allowed. In this lab, your task is to: -Use the access-list command to create a standard numbered access list using number 5. -Add a permit statement for each network to the access list. -Use the access-class command to apply the access list to VTY lines 0-4. Use the in direction to filter incoming traffic. -Save your changes in the startup-config file.

1.) Enter the configuration mode for the router: -From the exhibit, select the router. -From the terminal, press Enter. -Type enable and then press Enter. -Type config term and then press Enter. 2.) From the terminal, create a standard numbered access list using number 5. Add a permit statement for each network to the access list. -Type access-list 5 permit 192.168.1.0 0.0.0.255 and then press Enter. -Type access-list 5 permit 192.168.2.0 0.0.0.255 and then press Enter. -Type access-list 5 permit 192.168.3.0 0.0.0.255 and then press Enter. 3.) Apply the access list to VTY lines 0-4. Filter incoming traffic. -Type line vty 0 4 and then press Enter. -Type access-class 5 in and then press Enter. -Press Ctrl + Z. 4.) Save your changes in the startup-config file. -Type copy run start and then press Enter. -Press Enter to begin building the configuration. -Press Enter.

5.12.4 Explore VLANs You are the IT security administrator for a small corporate network. You need to increase the networking closet's security by implementing a CCTV system with IP cameras. As part of this task, you need to separate the CCTV data traffic on the network using a separate VLAN on the switch. The patch panel connections for the networking closet, lobby, and IT administration office are installed and ready for use (ports 18-20). A DHCP server is already configured to provide the IP cameras and the laptop in the IT administration office with the correct TCP/IP settings (port 21). For an easier implementation, create the logical VLAN first and then establish the physical connections of the IP cameras and the laptop.

1.) From the ITAdmin computer, log into the CISCO switch. -From the taskbar, open Google Chrome. -Maximize the window for easier viewing. -In the URL field, enter 192.168.0.2 and press Enter. -For Username, enter ITSwitchAdmin. -For Password, enter Admin$only (password is case-sensitive). -Select Log In. 2.) Create a VLAN. -From the Getting Started pane, under Initial Setup, select Create VLAN. -Select Add.For VLAN ID, enter 2. -For VLAN Name, enter IPCameras. -Select Apply. -Select Close. 3.) Configure a VLAN. -From the left pane, under VLAN Management, select Port to VLAN. -From the the VLAN ID equals to drop-down menu, select 2. -Select Go. -For ports GE18, GE19, GE20, and GE21, select Untagged. -Select Apply. 4.) Connect the IP camera in the lobby to the VLAN and mount the IP cameras. -From the top navigation area, select Floor 1. -Under Lobby, select Hardware. -Under Shelf, expand CCTV Cameras. -Drag the IP Camera (Lobby) to the workspace. -Under Workspace for the IP camera, select Back to switch to the back view of the IP camera. -Under Shelf, expand Cables and then select a Cat5e Cable, RJ45. -Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the IP Camera wall mount plate. -From the wall plate's Partial Connections list, drag the other connector to the RJ-45 port on the back of the IP camera. -Drag the IP camera to the IP camera wall plate. 5.) Connect the IP camera in the networking closet to the VLAN and mount the IP cameras. -From the top navigation area, select Floor 1. -Under Networking Closet, select Hardware. -Under Shelf, expand CCTV Cameras. -Drag the IP Camera (Networking Closet) to the workspace. -Under Workspace for the IP camera, select Back to switch to the back view of the IP camera. -Under Shelf, expand Cables and then select Cat5e Cable, RJ45. -Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the IP Camera mount wall plate. -Under Selected Component, drag the unconnected RJ45 cable to the RJ-45 port on the back of the IP camera. -To mount the IP camera, drag the IP camera to the IP camera wall plate. 6.) Connect the DHCP server and laptop to the VLAN. -In the networking closet, under Shelf, select a Cat5e Cable, RJ45. -Under Selected Component, drag a RJ45 Connector to port 21 on the switch. -Under Selected Component, drag the unconnected RJ45 Connector to port 21 on the patch panel. 7.) Connect the laptop to the VLAN. From the top menu, select Floor 1. Under IT Administration, select Hardware. Above the laptop, select Back to switch to the back view of the laptop. Under Shelf, select Cat5e Cable, RJ45. Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the laptop. Under Selected Component, drag the unconnected RJ45 Connector to the open RJ-45 port on the wall plate. 8.) Launch the IP camera monitoring software. Under the laptop's workspace, select Front. On the IT-Laptop2, select Click to view Windows 10. From the taskbar, select Start. Select IP Cameras. Verify that both cameras are detected on the network.

6.7.9 Lock and Unlock User Accounts Every seven years, your company provides a six-week sabbatical for every employee. Vera Edwards (vedwards), Corey Flynn (cflynn), and Bhumika Kahn (bkahn) are leaving today. Maggie Brown (mbrown), Brenda Cassini (bcassini), and Arturo Espinoza (aespinoza) are just returning. The company security policy mandates that user accounts for employees gone for longer than two weeks be disabled. In this lab, your task is to: Lock the following user accounts:vedwardscflynnbkahn Unlock the following user accounts:mbrownbcassiniaespinoza When you're finished, view the /etc/shadow file to verify the changes.

1.) Lock the applicable accounts At the prompt, type usermod -L vedwards or passwd -l vedwards and press Enter. Type usermod -L cflynn or passwd -l cflynn and press Enter. Type usermod -L bkahn or passwd -l bkahn and press Enter. 2.) Unlock the applicable accounts Type usermod -U mbrown or passwd -u mbrown and press Enter. Type usermod -U bcassini or passwd -u bcassini and press Enter. Type usermod -U aespinoza or passwd -u aespinoza and press Enter. 3.) Verify your changes by typing cat /etc/shadow and pressing Enter. The inclusion of the exclamation point (!) in the password field indicates whether the account is disabled.

6.6.8 Enforce User Account Control You are the IT administrator for a small corporate network. The company has a single Active Directory domain named CorpNet.xyz. You need to increase the domain's authentication security. You need to make sure that User Account Control (UAC) settings are consistent throughout the domain and in accordance with industry recommendations. In this lab, your task is to configure the following UAC settings in the Default Domain Policy on CorpDC as follows: User Account ControlSettingAdmin Approval mode for the built-in Administrator accountEnabledAllow UIAccess applications to prompt for elevation without using the secure desktopDisabledBehavior of the elevation prompt for administrators in Admin Approval modePrompt for credentialsBehavior of the elevation prompt for standard usersAutomatically deny elevation requestsDetect application installations and prompt for elevationEnabledOnly elevate UIAccess applications that are installed in secure locationsEnabledOnly elevate executables that are signed and validatedDisabledRun all administrators in Admin Approval modeEnabledSwitch to the secure desktop when prompting for elevationEnabledVirtualize file and registry write failures to per-user locationsEnabled User Account Control policies are set in a GPO linked to the domain. In this scenario, edit the Default Domain Policy and configure settings in the following path:Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.

1.) On CorpDC, access the CorpNet.local domain for Group Policy Management From Hyper-V Manager, select CORPSERVER. Double-click CorpDC. From Server Manager, select Tools > Group Policy Management. Maximize the window for easy viewing. Expand Forest: CorpNet.local > Domains > CorpNet.local. 2.) Configure the UAC settings. Right-click Default Domain Policy and select Edit. Maximize the window for easier viewing. Under Computer Configuration, expand and select Policies > Windows Settings > Security Settings > Local Policies > Security Options. From the right pane, double-click the policy you want to edit. Select Define this policy setting. Select Enable or Disable as necessary. Edit the value for the policy as needed and then click OK. Repeat steps 2d-2g for each policy setting.

7.4.3 Encrypt Files with EFS At work, you share a computer with other users. You want to secure the contents of the Finances folder so that unauthorized users cannot view its contents. In this lab, your task is to: Encrypt the D:\Finances folder and all of its contents. Add the Susan user account as an authorized user for the D:\Finances\2020report.xls file.

1.) Open the D: drive. From the Windows taskbar, select File Explorer. From the left pane, select This PC. From the right pane, double-click Data (D:). 2.) Encrypt the Finances folder. Right-click Finances and then select Properties. Select Advanced. Select Encrypt contents to secure data and then select OK. Select OK to close the properties dialog. Select OK to confirm the attribute changes. 3.) Give Susan authorization to modify the 2020report.xls file. Double-click Finances. Right-click 2020report.xls and then select Properties. Select Advanced. Select Details. Select Add. Select Susan and then select OK. Select OK as many times as needed to close all remaining dialogs.

6.7.5 Rename a User Account Brenda Cassini (bcassini) was recently married. You need to update her Linux user account to reflect her new last name of Palmer. In this lab, your task is to use the usermod command to: Rename Brenda's user account bpalmer. Change Brenda's comment field to read Brenda Palmer. Change and move Brenda's home directory to /home/bpalmer. When you're finished, view the /etc/passwd file and /home directory to verify the modification.

1.) Rename the bpalmer account and move her home directory From the Favorites bar, select Terminal From the Terminal prompt, type usermod -l bpalmer bcassini -m -c "Brenda Palmer" -d /home/bpalmer and press Enter. 2.) Verify account modification Type cat /etc/passwd and press Enter. Find the line that shows that Brenda's account has been changed. Type ls /home and press Enter to verify that the account was modified.Notice that now, the home directory for Brenda is bpalmer.

6.8.3 Rename and Create Groups Currently, all the salespeople in your company belong to a group called sales. The VP of sales wants two sales groups, a western sales division and an eastern sales division. In this lab, your task is to: Rename the sales group to western_sales_division. Create the eastern_sales_division group. Remove aespinoza as a member of the western_sales_division group. Assign aespinoza as a member of the eastern_sales_division group. When you're finished, view the /etc/group file or use the groups command to verify the changes.

1.) Rename the sales group western_sales_division and create the eastern_sales_division group. At the prompt, type groupmod -n western_sales_division sales and press Enter. Type groupadd eastern_sales_division and press Enter. 2.) Modify the group membership as needed. Type usermod -G eastern_sales_division aespinoza and press Enter. 3.) Use cat /etc/group or groups aespinoza to verify aespinoza's group membership.

8.3.9 Configuring a Captive Portal You have been hired by a small hotel to configure how their guests access the internet. You have chosen to use pfSense's captive portal feature. Guests must pass through this portal to access the internet. In this lab, your task is to: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Add a captive portal zone named Guest_WiFiUse the description Zone used for the guest Wi-Fi Using the GuestWi-Fi interface, configure your portal as follows:Allow a maximum of 100 concurrent connections.Disconnect user from the internet if their connection is inactive for 30 minutes.Disconnect user from the internet after two hours regardless of their activity.Limit user's download and upload to 8000 and 2500 Kbit/s, respectively.Force to pass through your portal prior to authentication. Allow the following MAC and IP address to pass through the portal:MAC: 00:00:1B:12:34:56IP: 198.28.1.100/16Give the IP address the description Admin's Laptop

1.) Sign into the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero). Select SIGN IN or press Enter. 2.) Add a captive portal zone. From the pfSense menu bar, select Services > Captive Portal. Select Add. For Zone name, enter Guest_WiFi. For Zone description, enter Zone used for the guest Wi-Fi. Select Save & Continue. 3.) Enable and configure the captive portal. Under Captive Portal Configuration, select Enable. For Interfaces, select GuestWi-Fi. For Maximum concurrent connections, select 100. For Idle timeout, enter 30. For Hard timeout, enter 120. Scroll down and select Per-user bandwidth restriction. For Default download (Kbit/s), enter 8000. For Default upload (Kbit/s), enter 2500. Under Authentication, use the drop-down menu to select None, don't authenticate users. Scroll to the bottom and select Save. 4.) Allow a MAC address to pass through the portal. From the Captive Portal page, select the Edit Zone icon (pencil). Under the Services breadcrumb, select MACs. Select Add. Make sure the Action field is set to Pass. For Mac Address, enter 00:00:1B:12:34:56. Select Save. 5.) Allow an IP address to pass through the portal. Under the Services breadcrumb, select Allowed IP Addresses. Select Add. For IP Address, enter 198.28.1.100. Use the IP address drop-down menu to select 16. This sets the subnet mask to 255.255.0.0. For the Description field, enter Admin's Laptop. Make sure Direction is set to Both. Select Save.

6.6.4 Configure Account Password Policies You have been asked to perform administrative tasks for a computer that is not a member of a domain. To increase security and prevent unauthorized access to the computer, you need to configure specific password and account lockout policies. In this lab, your task is to use the Local Security Policy to configure the following password and account lockout policies: Configure password settings so that the user must:Cycle through 10 passwords before reusing an old one.Change the password every 90 days.Keep the password at least 14 days.Create a password at least eight characters long.Create a password that meets complexity requirements, such as using uppercase letters, lowercase letters, numbers, or symbols. Configure the account lockout policy to: Lock out any user who enters five incorrect passwords. Unlock an account automatically after 60 minutes. Configure the number of minutes that must elapse after a failed logon attempt to 10 minutes.

1.) Using Windows Administrative Tools, access the Local Security Policy. Select Start. Locate and expand Windows Administrative Tools. Select Local Security Policy. Maximize the window for easier viewing. 2.) Configure the password policies From the left pane, expand Account Policies and then select Password Policy. From the center pane, expand the Policy column. Double-click the policy to be configured. Configure the policy settings. Click OK. Repeat steps 2c-2e to configure the additional password policies. 3.) Configure the account lockout policies From the left pane, select Account Lockout Policy. From the center pane, expand the Policy column. Double-click the policy to be configured. Configure the policy settings (if needed, answer any prompts shown). Click OK. Repeat steps 3c-3e to configure the additional lockout policies.

6.8.5 Remove a User from a Group Corey Flynn (cflynn) currently belongs to several groups. Due to some recent restructuring, he no longer needs to be a member of the hr group. To preserve existing group membership, use the usermod -G command to list all groups to which the user must belong. Do not include the primary group name in the list of groups. In this lab, your task is to: Remove cflynn from the hr group. Preserve all other group memberships. View the /etc/group file or use the groups command to verify the changes. Start Lab

1.) View a list of all groups to which Cory Flynn belongs. At the prompt, type groups cflynn and press Enter.Notice that cflynn currently belongs to the mgmt1, hr, and it secondary groups. The cflynn group is the user's primary group. 2.) Change and verify Cory Flynn's group membership. Type usermod -G mgmt1,it cflynn and press Enter. Type groups cflynn and press Enter.Cory now only belongs to the mgmt1 and it groups.

6.5.11 Create User Accounts You are the IT administrator for a small corporate network. You recently added an Active Directory domain to the CorpDC server to manage network resources centrally. You now need to add user accounts in the domain. In this lab, your task is to create the following user accounts on CorpDC: User: -Juan Suarez -Susan Smith -Mark Burnes -Borey Chan Job Role: -Marketing Manager -Permanent sales employee -Sales Manager -Temporary sales employee Departmental OU: -Marketing\MarketingManagers -Sales\PermSales -Sales\SalesManagers -Sales\TempSales Use the following user account naming standards and specifications as you create each account: -Create the user account in the departmental OU corresponding to the employee's job role. -User account name: First name + Last name -Logon name: firstinitial + lastname with @CorpNet.local as the domain -Original password: asdf1234$ (must change after the first logon) -Configure the following for the temporary sales employee: -Limit the logon hours to allow logon only from 8:00 a.m. to 5:00 p.m., Monday through Friday. -Set the user account to expire on December 31st of the current year.

2.) Access Active Directory Users and Computers on the CorpDC server. -From Hyper-V Manager, select CORPSERVER. -From the Virtual Machines pane, double-click CorpDC. -From Server Manager's menu bar, select Tools > Active Directory Users and Computers. -Maximize the window for better viewing. 2.) Create the domain user accounts. -From the left pane, expand CorpNet.local. -Browse to the appropriate OU. -Right-click the OU and select New > User. -In the First name field, enter the user's first name. -In the Last name field, enter the user's last name. -In the User logon name field, enter the user's logon name which should be the first letter of the user's first name together with their last name. (e.g. jsuarez) -Click Next. -Select Next. -In the Password field, enter asdf1234$. -In the Confirm password field, enter asdf1234$. -Make sure User must change password at next logon is selected and then click Next. -Select Finish to create the object. -Repeat steps 3e-3m to create the additional users. 3.) Modify user account restrictions for the temporary sales employee. -Right-click Borey Chan and select Properties. -Select the Account tab. -Select Logon hours. -From the Logon Hours dialog, select Logon Denied to clear the allowed logon hours. -Select the time range of 8:00 a.m. to 5:00 p.m., Monday through Friday. -Select Logon Permitted to allow logon. -Select OK. -Under Account expires, select End of. -In the End of field, use the drop-down calendar to select 31 December of the current year. -Select OK.

6.5.5 Create OUs You are the IT administrator for a small corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. Now you need to create an Active Directory organizational unit (OU) structure based on the company's departmental structure. In this lab, your task is to create the following organizational units (OUs) on the CorpDC server and ensure that each is protected from accidental deletion as follows: -Beneath the CorpNet.local domain, create the following OUs: -Accounting -Admins -Marketing -Research-Dev -Servers -Support -Workstations -Sales -Within the Sales OU, create the following OUs: -SalesManagers -TempSales

Beneath the CorpNet.local domain, create the following OUs: -Accounting -Admins -Marketing -Research-Dev -Servers -Support -Workstations -Sales Beneath the Sales OU, create the following OUs: -SalesManagers -TempSales 1.) Access the CorpDC server. -From the left pane of Hyper-V Manager, select CORPSERVER. -From the Virtual Machines pane, double-click CorpDC. 2.) Create the Active Directory organizational units (OUs) beneath the CorpNet.local domain. -From Server Manager's menu bar, select Tools > Active Directory Users and Computers. -From the left pane, right-click CorpNet.local and then select New > Organizational Unit. -Enter the name of the OU to be created. -Ensure that Protect container from accidental deletion is selected and then select OK. -Repeat steps 2b - 2d until all the required domain OUs are created. 3.) Create the OUs within the Sales OU. -From the left pane, select CorpNet.local > Sales. -From the menu bar, select the Create a new organizational unit in the current container icon. -Enter the name of the OU to be created. -Ensure that Protect container from accidental deletion is selected and then select OK. -Repeat steps 3a - 3d to create the remaining OU.

6.7.4 Create a User Account The VP of marketing has told you that Paul Denunzio will join the company as a market analyst in two weeks. You need to create a new user account for him. In this lab, your task is to: Create the pdenunzio user account. Include the full name, Paul Denunzio, as a comment for the user account. Set eye8cereal as the password for the user account. When you're finished, view the /etc/passwd file to verify the creation of the account. Answer the question.

Correct answer: 510 1.) Create the Paul Denunzio account and comment From the Linux prompt, type useradd -c "Paul Denunzio" pdenunzio and press Enter. 2.) Create a password for Paul. Type passwd pdenunzio and press Enter. Type eye8cereal as the password and press Enter. Retype eye8cereal as the password and press Enter. 3.) Verify that the account was created. Type cat /etc/passwd and press Enter. 4.)Answer the question. In the top right, select Answer Questions. Select the correct answer. Select Score Lab.

7.3.5 Compare an MD5 Hash You are the IT administrator at a small corporate office. You just downloaded a new release for a program you use. You need to make sure the file was not altered before you received it. Another file containing the original file hash was also downloaded. Both files are located in the C:\Downloads folder. In this lab, your task is to use MD5 hash files to confirm that the Release.zip file was unaltered. From Windows PowerShell: Generate a file hash for the Release.zip file. View the hash of the original file stored in the release821hash.txt file. Use the following command to compare the original hash of the Release.zip file to its calculated hash to see if they match: "the_new_hash_generated" -eq "known_hash_extracted_from_the_.txt_file" Example: "4A84C7958C246E39439C784349F4ZDB4" -eq "9C784349F4ZDB44A84C7958C246E3943" Answer the question.

Correct answer: No 1.) View the files in the C:\Downloads folder. Right-click Start and select Windows PowerShell (Admin). At the prompt, type cd C:\downloads and press Enter to navigate to the directory that contains the files. Type dir and press Enter to view the available files. 2.) Confirm that the Release.zip file is unaltered. Type get-filehash Release.zip -a md5 and press Enter to view the MD5 hash. Type get-content release821hash.txt and press Enter to view the known hash contained in the .txt file. Type "new hash" -eq "known hash" and press Enter to determine whether the file hashes match. 3.) Answer the question. In the top right, select Answer Questions. Answer the question. Select Score Lab.