NetSecPT.2, Net seCu ALL
Confidential personnel data is stored on the CorpFiles file server in a shared directory named Personnel. You need to configure NTFS permissions for this folder so that only managers are authorized to access it. In this lab, your task is to perform the following: Grant the Managers group the Full Control permission to the D:\Personnel folder. Remove all inherited permissions that are flowing to the D:\Personnel folder.
4.3.6 Disable Inheritance
10.3.15 Perform an SQL Injection Attack
Look in files folder for Blake
11.4.8 Scan for Linux Vulnerabilities
You are the IT security administrator for a small corporate network. You need to use a vulnerability scanner to check for security issues on your Linux computers. In this lab, your task is to: Use the Security Evaluator to check the security:On the Linux computer with the 192.168.0.45 IP address.On the Linux computers in the IP address range of 192.168.0.60 through 192.168.0.69
11.7.7 Crack a Password with John the Ripper
You are the IT security administrator for a small corporate network. You've received a zip file that contains sensitive password-protected files. You need to access these files. The zip file is located in the home directory. In this lab, your task is to use John the Ripper to: Crack the root password on the Linux computer named Support. Crack the password of the protected.zip file located in the home directory on IT-Laptop. After John the Ripper cracks the password, it won't crack it again. The results are stored in the john.pot file.
You recognize that the threat of malware is increasing. As such, you would like to use Windows Virus & Threat Protection to protect your computer from malware. In this lab, your task is to enable and configure Windows Virus & Threat Protection as follows: Add a file exclusion for D:\Graphics\cat.jpg. Add a process exclusion for welcome.scr. Locate the current threat definition version number. Answer Question 1. Check for updates. Answer Question 2. Perform a quick scan.
2.2.6 Configure Microsoft Defender
You work as the IT security administrator for a small corporate network in the United States of America. The name of your site is www.corpnet.xyz. The company president has received several questionable emails that he is concerned may be malicious attacks on the company. He has asked you to determine whether the emails are hazardous and to handle them accordingly. In this lab, your task is to: Read each email and determine whether it is legitimate. Delete any emails that are attempts at social engineering. Keep emails that are safe.
2.3.11 Identify Social Engineering
Based on a review of physical security at your office, you have recommended several improvements. Your plan includes installing smart card readers, IP cameras, signs, and an access log book. In this lab, your task is to: Implement your physical security plan by dragging the correct items from the shelf onto the various locations in the building. As you drag the items from the shelf, the possible drop locations are highlighted. To implement your plan, you must: Install two IP security cameras in the appropriate location to record which employees access the key infrastructure. The security cameras should operate over the TCP/IP network. Install the smart card key readers in the appropriate location to control access to key infrastructure. The key card readers should be contactless and record more information than the card's ID. Install a Restricted Access sign on the networking closet door to control access to the infrastructure. Install the visitor log on the lobby desk.
3.1.3 Implement Physical Security
You need to customize how Windows Update checks for and installs updates on the ITAdmin desktop system. In this lab, your task is to: Configure Windows Update to:Install updates for other Microsoft products when Windows is updated.Allow the installation of feature updates to be deferred 60 days.Allow quality updates to be deferred 30 days. Configure Windows to automatically download manufacturers' apps and custom icons for devices.
4.2.5 Configure Automatic Updates
You have a new laptop that is running Windows 10. You notice a security message that indicates that Windows Firewall has been disabled. The laptop is currently connected to your organization's network, and the Domain network profile settings are in effect. You plan to travel this week, and you will connect the laptop to various airport Wi-Fi hotspots. You need to enable Windows Firewall for any public network. In this lab, your task is to configure Windows Firewall as follows: Turn on Windows Firewall for the Public network profile only. In addition to the programs and ports currently allowed, allow the following service and programs through the firewall for the Public network profile only:A service named Key Management ServiceAn application named Arch98An application named Apconf
4.2.7 Configure Microsoft Defender Firewall
There are two groups of users who access the CorpFiles server, Marketing and Research. Each group has a corresponding folder: D:\Marketing Data D:\Research Data In this lab, your task is to: Disable permissions inheritance for D:\Marketing Data and D:\Research Data and convert the existing permissions to explicit permissions. For each of the above folders, remove the Users group from the access control list (ACL). Add the Marketing group to the Marketing Data folder ACL. Add the Research group to the Research Data folder ACL. Assign the groups Full Control to their respective folders. Do not change any other permissions assigned to other users or groups.
4.3.5 Configure NTFS Permissions
You are the IT administrator for a small corporate network. Several employees have complained of slow internet bandwidth. You have discovered that the user stations on the guest Wi-Fi network are consuming much of your company's bandwidth. You have decided to use pfSense's Traffic Shaper wizard to create the various rules needed to better control the bandwidth usage and to fine-tune the priority for the type of traffic used on your guest Wi-Fi network. Your network has one LAN and one WAN. In this lab, your task is to: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Create a firewall alias using the following specifications:Name: HighBWDescription: High bandwidth usersAssign the IP addresses of the high-bandwidth users to the alias:Vera's IP address: 172.14.1.25Paul's IP address: 172.14.1.100 The Shaper must be configured for the GuestWi-Fi interface using:An upload bandwidth of 5 MbitsA download bandwidth of 45 Mbits Allow your voice over IP traffic to have priority with:An upload bandwidth of 15 MbitsA download bandwidth of 20 Mbits To limit the user stations most likely to hog bandwidth, use the alias created earlier to penalize the offending stations to
5.1.10
You are an IT security administrator for a small corporate network. To increase security for the corporate network, you have installed the pfSense network security appliance in your network. Now you need to configure the device. In this lab, your task is to configure pfSense as follows: Sign in to pfSense using the following case-sensitive information:URL: 198.28.56.18Username: adminPassword: pfsense Configure the DNS servers as follows:Primary DNS server: 163.128.78.93 - Hostname: DNS1Secondary DNS server: 163.128.80.93 - Hostname: DNS2 Configure the WAN IPv4 information as follows:Enable the interface.Use a static IPv4 address of 65.86.24.136/8Add a new gateway using the following information:Type: Default gatewayName: WANGatewayIP address: 65.86.1.1
5.1.7 Configure a Security Appliance
You work as the IT security administrator for a small corporate network. You need to secure access to your pfSense appliance, which is still configured with the default user settings. In this lab, your task is to: Change the password for the default pfSense account from pfsense to P@ssw0rd (use a zero). Create a new administrative user with the following parameters:Username: zolsenPassword: St@yout!Full Name: Zoey OlsenGroup Membership: admins Set a session timeout of 15 minutes for pfSense. Disable the webConfigurator anti-lockout rule for HTTP.
5.1.8 Configure Network Security Appliance Access
You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet by restricting access management and by updating the switch's firmware. In this lab, your task is to: Create an access profile named MgtAccess and configure it with the following settings:SettingValueAccess Profile NameMgtAccessRule Priority1Management MethodAllActionDenyApplies to InterfaceAllApplies to Source IP addressAll Add a profile rule to the MgtAccess profile with the following settings:SettingValueRule Priority2Management MethodHTTPActionPermitApplies to interfaceAllApplies to Source IP addressUser definedIP Version: Version 4IP Address: 192.168.0.10Network Mask: 255.255.255.0 Set the MgtAccess profile as the active access profile. Save the changes to the switch's startup configuration file using the default settings. Update the firmware image to the latest version by downloading the firmware files found in C:\Sx300_Firmware\Sx300_FW-1.2.7.76.ros.
5.11.10 Secure Access to a Switch
You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet by creating an access control list. You have been asked to prevent video game consoles from connecting to the switch. In this lab, your task is to: Create a MAC-based ACL named GameConsoles. Configure the GameConsoles MAC-based access control entry (ACE) settings as follows:PriorityActionDestinationMAC AddressSource MAC Address1DenyAnyValue: 00041F111111Mask: 0000001111112DenyAnyValue: 005042111111Mask: 0000001111113DenyAnyValue: 000D3A111111Mask: 0000001111114DenyAnyValue: 001315111111Mask: 0000001111115DenyAnyValue: 0009BF111111Mask: 0000001111116DenyAnyValue: 00125A111111Mask: 000000111111 Bind the GameConsoles ACL to all of the GE1-GE30 interfaces.Use Copy Settings to apply the binding to multiple interfaces Save the changes to the switch's startup configuration file. Use the default settings.
5.11.11 Secure Access to a Switch 2
As an IT administrator, you need to know how security breaches are caused. You know that SMAC is used for MAC spoofing, so you are going to spoof your MAC address. In this lab, your task is to complete the following: On Office2, use ipconfig /all and find the IP address and MAC address. Using SMAC, spoof the MAC address on ITAdmin to match that of Office2. Refresh the IP address on ITAdmin. Verify the MAC and IP address now match Office2.
5.11.6 Spoof MAC Addresses with SMAC
You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the networking closet. The following table lists the used and unused ports: Unused PortsUsed PortsGE2GE7GE9-GE20GE25GE27-GE28GE1GE3-GE6GE8GE21-GE24GE26 In this lab, your task is to: Shut down the unused ports. Configure the following Port Security settings for the used ports:Interface Status: LockLearning Mode: Classic LockAction on Violation: Discard
5.11.9 Harden a Switch
You are the IT security administrator for a small corporate network. You need to increase the networking closet's security by implementing a CCTV system with IP cameras. As part of this task, you need to separate the CCTV data traffic on the network using a separate VLAN on the switch. The patch panel connections for the networking closet, lobby, and IT administration office are installed and ready for use (ports 18-20). A DHCP server is already configured to provide the IP cameras and the laptop in the IT administration office with the correct TCP/IP settings (port 21). For an easier implementation, create the logical VLAN first and then establish the physical connections of the IP cameras and the laptop. In this lab, your task is to perform the following: Access the switch management console from ITAdmin using the following credentials:Address: http://192.168.0.2Username: ITSwitchAdminPassword: Admin$only (the password is case-sensitive) Create and configure a VLAN on the switch as follows:VLAN ID: 2VLAN Name: IPCamerasConfigure ports GE18, GE19, GE20, GE21 as untagged..Port 18 is connected to the network jack next to the laptop in the IT administration office.Port 19 is connected to t
5.12.4 Explore VLANs
You are in the process of configuring a new router. The router interfaces connect to the following networks: InterfaceNetworkFastEthernet0/0192.168.1.0/24FastEthernet0/1192.168.2.0/24FastEthernet0/1/0192.168.3.0/24 Only Telnet and SSH access from these three networks should be allowed. In this lab, your task is to: Use the access-list command to create a standard numbered access list using number 5. Add a permit statement for each network to the access list. Use the access-class command to apply the access list to VTY lines 0-4. Use the in direction to filter incoming traffic. Save your changes in the startup-config file.
5.13.5 Restrict Telnet and SSH Access
The Fiji router has been configured with Standard IP Access List 11. The access list is applied to the Fa0/0 interface. The access list must allow all traffic except traffic coming from hosts 192.168.1.10 and 192.168.1.12. However, you've noticed that it's preventing all traffic from being sent on Fa0/0. You remember that access lists contain an implied deny any statement. This means that any traffic not permitted by the list is denied. For this reason, access lists should contain at least one permit statement or all traffic is blocked. In this lab, your task is to: Add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic. Save your changes in the startup-config file.
5.13.6 Permit Traffic
You have a small business network connected to the internet through a single router as shown in the network diagram. You have noticed that three hosts on the internet have been flooding your router with unwanted traffic. As a temporary measure, you want to prevent all communication from these three hosts until the issue is resolved. In this lab, your task is to: Create a Standard Access List 25. Add statements to the access list to block traffic from the following hosts:199.68.111.199202.177.9.1211.55.67.11 Add a statement to allow all other traffic from all other hosts. Apply Access List 25 to the Serial0/0/0 interface to filter incoming traffic.
5.13.7 Block Source Hosts
You are the IT administrator for a small corporate network. You want to make a web server that runs services accessible from the internet. To help protect your company, you want to place this server and other devices in a demilitarized zone (DMZ). This DMZ and server need to be protected by the pfSense Security Gateway Appliance (pfSense). Since a few of the other devices in the DMZ require an IP address, you have also decided to enable DHCP on the DMZ network. In this lab, your task is to perform the following: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Add a new pfSense interface that can be used for the DMZ.Name the interface DMZ.Use a static IPv4 address of 172.16.1.1/16 Add a firewall rule for the DMZ interface that allows all traffic from the DMZ.Use a description of Allow DMZ to any rule Configure and enable the DHCP server for the DMZ interface.Use a range of 172.16.1.100 to 172.16.1.200
5.2.3
You work as the IT security administrator for a small corporate network. You recently placed a web server in the demilitarized zone (DMZ). You need to configure the perimeter firewall on the network security appliance (pfSense) to allow access from the WAN to the Web server in the DMZ using both HTTP and HTTPs. You also want to allow all traffic from the LAN network to the DMZ network. In this lab, your task is to: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Create and configure a firewall rule to pass HTTP traffic from the WAN to the Web server in the DMZ. Create and configure a firewall rule to pass HTTPS traffic from the WAN to the Web server in the DMZ.Use the following table when creating the HTTP and HTTPS firewall rules:ParameterSettingSourceWAN networkDestination port/serviceHTTP (80), HTTPS (443)DestinationA single hostIP address for host172.16.1.5DescriptionsFor HTTP: HTTP from WAN to DMZFor HTTPS: HTTPS from WAN to DMZ Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network. Use the description LAN to DMZ Any.
5.3.5 Configure a Perimeter Firewall
You are the IT administrator for a small corporate network. One of your assignments is to manage several computers in the demilitarized zone (DMZ or screened subnet). However, your computer resides on the LAN network. To be able to manage these machines remotely, you have decided to configure your pfSense device to allow several remote control protocols to pass through the pfSense device using NAT port forwarding. In this lab, your task is to create NAT forwarding rules: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Allow the RDP/TCP Protocols from the LAN network to the PC1 computer located in the DMZ using the following:IP address for PC1: 172.16.1.100Description: RDP from LAN to PC1 Allow the SSH Protocol through the from the LAN network to the Kali Linux server located in the DMZ using the following:IP address for the Linux Kali server: 172.16.1.6Description: SSH from LAN to Kali Allow the RDP/TCP Protocols from the LAN network to the web server located in the DMZ using the following:Destination and redirect port: Port 5151IP address for the web server: 172.16.1.5Description: RDP from LAN to web server using custom port
5.4.3 Configure NAT
You work as the IT security administrator for a small corporate network. Occasionally, you and your co-administrators need to access internal resources when you are away from the office. You would like to set up a Remote Access VPN using pfSense to allow secure access. In this lab, your task is to use the pfSense wizard to create and configure an OpenVPN Remote Access server using the following guidelines: Sign in to pfSense using:Username: adminPassword: P@ssw0rd (zero) Create a new certificate authority certificate using the following settings:Name: CorpNet-CACountry Code: GBState: CambridgeshireCity: WoodwaltonOrganization: CorpNet Create a new server certificate using the following settings:Name: CorpNetCountry Code: GBState: CambridgeshireCity: Woodwalton Configure the VPN server using the following settings:Interface: WANProtocol: UDP on IPv4 onlyDescription: CorpNet-VPNTunnel network IP: 198.28.20.0/24Local network IP: 198.28.56.18/24Concurrent Connections: 4DNS Server 1: 198.28.56.1 Configure the following:A firewall ruleAn OpenVPN rule Set the OpenVPN server just created to Remote Access (User Auth). Create and configure the following standard remote VPN users:UsernamePasswordFu
5.5.4 Configure a Remote Access VPN
You work as the IT security administrator for a small corporate network. You recently set up the Remote Access VPN feature on your network security appliance to provide you and your fellow administrators with secure access to your network. You are currently at home and would like to connect your iPad to the VPN. Your iPad is connected to your home wireless network. In this lab, your task is to: Add an IPSec VPN connection using the following values:This can be added by selecting Settings > General > VPN.ParameterValueDescriptionCorpNetVPNServer198.28.56.34AccountmbrownSecretasdf1234$ Turn on the VPN. Verify that a connection is established. The password for mbrown is L3tM31nN0w (0 = zero).
5.5.5 Configure a VPN Connection iPad
You are the security analyst for a small corporate network. After monitoring your network, you have discovered that several employees are wasting time visiting non-productive and potentially malicious websites. As such, you have added pfBlockerNG to your pfSense device. You now need to configure this feature and add the required firewall rules that allow/block specific URLs and prevent all DNS traffic from leaving your LAN network. In this lab, your task is to: Sign in to pfSense using:Username: adminPassword: P@ssw0rd (zero) Create a firewall rule that blocks all DNS traffic leaving the LAN network. Create a firewall rule that allows all DNS traffic going to the LAN network. Use the following table for the two rules: ParameterSettingProtocolUDP (53)DescriptionsFor the block rule: Block DNS from LANFor the allow rule: Allow all DNS to LAN Arrange the firewall rules in the order that allows them to function properly. Enable and configure pfBlockerNG using the information in the following table: ParameterSettingDNSBL Virtual IP192.168.0.0Top-Level Domain (TLD) Blacklistfinancereports.cototalpad.comsalesscript.infoTop-Level Domain (TLD) Whitelist.www.google.com.play.google.com.drive.google.
5.6.3 Configure URL Blocking
You are the IT security administrator for a small corporate network. You need to secure access to your switch, which is still configured with the default settings. Access the switch management console through Chrome on http://192.168.0.2 with the username cisco and password cisco. In this lab, your task is to: Create a new user account with the following settings:Username: ITSwitchAdminPassword: Admin$only1844User Level: Read/Write Management Access (15) Edit the default user account as follows:Username: ciscoPassword: CLI$only1958User Level: Read-Only CLI Access (1) Save the changes to the switch's startup configuration file.
5.9.6 Secure a Switch
You are the IT security administrator for a small corporate network. You would like to use Group Policy to enforce settings for certain workstations on your network. You have prepared and tested a security template file that contains policies that meet your company's requirements. In this lab, your task is to perform the following on CorpDC: Create a GPO named Workstation Settings in the CorpNet.local domain. Link the Workstation Settings GPO to the following organizational units (OUs):Marketing > TempMarketingSales > TempSalesSupport Import the ws_sec.inf template file, located in C:\Templates, to the Workstation Settings Group Policy object.
6.5.10 Create and Link a GPO
You are the IT administrator for a small corporate network. You recently added an Active Directory domain to the CorpDC server to manage network resources centrally. You now need to add user accounts in the domain. In this lab, your task is to create the following user accounts on CorpDC: UserJob RoleDepartmental OUJuan SuarezMarketing managerMarketing\MarketingManagersSusan SmithPermanent sales employeeSales\PermSalesMark BurnesSales managerSales\SalesManagersBorey ChanTemporary sales employeeSales\TempSales Use the following user account naming standards and specifications as you create each account: Create the user account in the departmental OU corresponding to the employee's job role. User account name: First name + Last name Logon name: firstinitial + lastname with @CorpNet.local as the domain Original password: asdf1234$ (must change after the first logon) Configure the following for the temporary sales employee:Limit the logon hours to allow logon only from 8:00 a.m. to 5:00 p.m., Monday through Friday.Set the user account to expire on December 31st of the current year.
6.5.11 Create User Accounts
You are the IT administrator for a small corporate network. You recently added an Active Directory domain on the CorpDC server to manage network resources centrally. Organizational units in the domain represent departments. User and computer accounts are in their respective departmental OUs. Over the past few days, several personnel changes have occurred that require changes to user accounts. In this lab, your task is to use the following information to make the necessary user account changes on CorpDC: Mary Barnes from the Accounting Department has forgotten her password, and now her account is locked.Unlock the account.Reset the password to asdf1234$.Require a password change at the next logon. Mark Woods has been fired from the accounting department. Disable his account. Pat Benton is returning to the Research-Dev department from maternity leave. Her account is disabled to prevent logon. Enable her account. Andrea Simmons from the Research-Dev department has recently married.Rename the account Andrea Socko.Change the last name to Socko.Change the display name to Andrea Socko.Change the user logon and the pre-Windows 2000 user logon name to asocko. For all users in the Support OU (but
6.5.12 Manage User Accounts
You are the IT administrator for the CorpNet domain. You have decided to use groups to simplify the administration of access control lists. Specifically, you want to create a group containing the department managers. In this lab, your task is to use Active Directory Users and Computers to complete the following actions on the CorpDC server: In the Users container, create a group named Managers. Configure the group as follows:Group scope: GlobalGroup type: Security Make the following users members of the Managers group: Organization UnitUsernameAccountingMark WoodsResearch-DevPat BentonMarketing\MarketingManagersJuan SuarezResearch-Dev\ResearchManagersArlene KimblySales\SalesManagersMark BurnesSupport\SupportManagersShelly Emery
6.5.13 Create a Group
You are the IT Administrator for the CorpNet.local domain. You are in the process of implementing a group strategy for your network. You have decided to create global groups as shadow groups for specific departments in your organization. Each global group will contain all users in the corresponding department. In this lab, your task is to: Create the following global security groups on the CorpDC server in their corresponding OUs:OU CreationLocationNew Group NameAccountingAccountingResearch-DevResearch-DevSalesSales Add all user accounts in the corresponding OUs and sub-OUs as members of the newly created groups.
6.5.14 Create Global Groups
You are the IT administrator for a small corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. Now you need to create an Active Directory organizational unit (OU) structure based on the company's departmental structure. In this lab, your task is to create the following organizational units (OUs) on the CorpDC server and ensure that each is protected from accidental deletion as follows: Beneath the CorpNet.local domain, create the following OUs:AccountingAdminsMarketingResearch-DevServersSupportWorkstationsSales Within the Sales OU, create the following OUs:SalesManagersTempSales
6.5.5 Create OUs
You are the IT administrator for a corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. You have created an Active Directory structure based on the company's departmental structure. While creating the structure, you added a Workstations OU in each of the departmental OUs. After further thought, you decide to use one Workstations OU for the entire company. As a result, you need to delete the departmental Workstations OUs. In this lab, your task is to delete the following OUs on CorpDC: Within the Marketing OU, delete the Workstations OU. Within the Research-Dev OU, delete the Workstations OU. Within the Sales OU, delete the Workstations OU.
6.5.6 Delete OUs
You work as the IT administrator for a growing corporate network. The Research and Development Department is working on product enhancements. Last year, some secret product plans were compromised. As a result, the company decided to implement smart cards for logon to every computer in the Research and Development Department. No user should be able to log onto the workstation without using a smart card. In this lab, your task is to perform the following on CorpDC: Enforce the existing Research-DevGPO linked to the Research-Dev OU. Edit the Research-DevGPO and configure the following local security setting policies located in the Computer Configuration section:PolicySettingInteractive logon: Require smart cardEnableInteractive logon: Smart card removal behaviorForce logoff Certificate auto-enrollment has already been enabled for the domain.
6.6.11 Configure Smart Card Authentication
You have been asked to perform administrative tasks for a computer that is not a member of a domain. To increase security and prevent unauthorized access to the computer, you need to configure specific password and account lockout policies. In this lab, your task is to use the Local Security Policy to configure the following password and account lockout policies: Configure password settings so that the user must:Cycle through 10 passwords before reusing an old one.Change the password every 90 days.Keep the password at least 14 days.Create a password at least eight characters long.Create a password that meets complexity requirements, such as using uppercase letters, lowercase letters, numbers, or symbols. Configure the account lockout policy to: Lock out any user who enters five incorrect passwords. Unlock an account automatically after 60 minutes. Configure the number of minutes that must elapse after a failed logon attempt to 10 minutes.
6.6.4 Configure Account Password Policies
You are the IT security administrator for a small corporate network. You are working to increase the authentication security of the domain. You need to make sure that only authorized users have administrative rights to all local machines. Local users and groups can be controlled through a GPO linked to the domain. In this lab, your task is to edit the Default Domain Policy and configure the Local Users and Groups policy settings as follows: Create a policy to update the built-in Administrator local group. Delete all member users. Delete all member groups. Add BUILTIN\Administrator to the group. Add %DOMAINNAME%\Domain Admins to the group.
6.6.6 Restrict Local Accounts
You work as the IT security administrator for a small corporate network. You are improving office computers' security by renaming and disabling default computer accounts. In this lab, your task is to perform the following on the Office1 computer: Rename the Administrator account Yoda. Disable the Guest account. Verify that Password never expires is not selected for any local users. This forces them to change their passwords regularly. Delete any user accounts with User must change password at next logon selected. This indicates that a user has never logged in.
6.6.7 Secure Default Accounts
You are the IT administrator for a small corporate network. The company has a single Active Directory domain named CorpNet.xyz. You need to increase the domain's authentication security. You need to make sure that User Account Control (UAC) settings are consistent throughout the domain and in accordance with industry recommendations. In this lab, your task is to configure the following UAC settings in the Default Domain Policy on CorpDC as follows: User Account ControlSettingAdmin Approval mode for the built-in Administrator accountEnabledAllow UIAccess applications to prompt for elevation without using the secure desktopDisabledBehavior of the elevation prompt for administrators in Admin Approval modePrompt for credentialsBehavior of the elevation prompt for standard usersAutomatically deny elevation requestsDetect application installations and prompt for elevationEnabledOnly elevate UIAccess applications that are installed in secure locationsEnabledOnly elevate executables that are signed and validatedDisabledRun all administrators in Admin Approval modeEnabledSwitch to the secure desktop when prompting for elevationEnabledVirtualize file and registry write failures to per-user locatio
6.6.8 Enforce User Account Control
The VP of marketing has told you that Paul Denunzio will join the company as a market analyst in two weeks. You need to create a new user account for him. You are logged in as root so the sudo command is not necessary. In this lab, your task is to: Create the pdenunzio user account. Include the full name, Paul Denunzio, as a comment for the user account. Set eye8cereal as the password for the user account. When you're finished, view the /etc/passwd file to verify the creation of the account. Answer the question.
6.7.4 Create a User Account
Brenda Cassini (bcassini) was recently married. You need to update her Linux user account to reflect her new last name of Palmer. You are currently logged in as the root account, so you won't need to use the sudo command to get permissions to perform the required tasks. In this lab, your task is to open Terminal and then use the usermod command to: Rename Brenda's user account to bpalmer. Change Brenda's comment field to read Brenda Palmer. Change and move Brenda's home directory to /home/bpalmer. When you're finished, view the /etc/passwd file and /home directory to verify the modification. Start Lab
6.7.5 Rename a User Account
Terry Haslam (thaslam) was dismissed from the organization. His colleagues have harvested the files they need from his home and other directories. Your company security policy states that upon dismissal, users accounts should be removed in their entirety. In this lab, your task is to: Delete the thaslam user account and home directory from the system. When you're finished, view the /etc/passwd file and /home directory to verify the account's removal.
6.7.6 Delete a User
You use a special user account called Administrator to log on to your computer. However, you think someone has learned your password. You are logged on as Administrator. In this lab, your task is to change your password to r8ting4str. The current Administrator account uses 7hevn9jan as the password.
6.7.7 Change Your Password
Salman Chawla (schawla) forgot his password and needs access to the resources on his computer. You are logged on as wadams. The password for the root account is 1worm4b8. In this lab, your task is to: Change the password for the schawla user account to G20oly04 (0 is a zero). Make sure the password is encrypted in the shadow file.
6.7.8 Change a User's Password
11.7.4 Crack Password with Rainbow Tables
A recent breach of a popular 3rd party service has exposed a password database. The security team is evaluating the risk of the exposed passwords for the company. The password hashes are saved in the root user's home directory, /root/captured_hashes.txt. You want to attempt to hack these passwords using a rainbow table. The password requirements for your company are as follows: The password must be 12 or more characters in length. The password must include at least one uppercase and one lowercase letter. The password must have at least one of these special characters: !, ", #, $, %, &, _, ', *, or @. All passwords are encrypted using a hash algorithm of either md5 or sha1. In this lab, your task is to: Create md5 and sha1 rainbow tables using rtgen. Sort the rainbow tables using the rtsort command. Crack the hashes using rcrack command. You can run rcrack on an individual hash or run it on the hash file (/root/captured_hashes.txt). Answer the questions. The type of charset that can be used to create a rainbow table is stored in the /usr/share/rainbowcrack/charset.txt file. This file can be viewed using the cat command.
7.4.3 Encrypt Files with EFS
At work, you share a computer with other users. You want to secure the contents of the Finances folder so that unauthorized users cannot view its contents. In this lab, your task is to: Encrypt the D:\Finances folder and all of its contents. Add the Susan user account as an authorized user for the D:\Finances\2020report.xls file.
6.8.5 Remove a User from a Group
Corey Flynn (cflynn) currently belongs to several groups. Due to some recent restructuring, he no longer needs to be a member of the hr group. To preserve existing group membership, use the usermod -G command to list all groups to which the user must belong. Do not include the primary group name in the list of groups. In this lab, your task is to: Remove cflynn from the hr group. Preserve all other group memberships. View the /etc/group file or use the groups command to verify the changes.
6.8.3 Rename and Create Groups
Currently, all the salespeople in your company belong to a group called sales. The VP of sales wants two sales groups, a western sales division and an eastern sales division. In this lab, your task is to: Rename the sales group to western_sales_division. Create the eastern_sales_division group. Remove aespinoza as a member of the western_sales_division group. Assign aespinoza as a member of the eastern_sales_division group. When you're finished, view the /etc/group file or use the groups command to verify the changes.
6.7.9 Lock and Unlock User Accounts
Every seven years, your company provides a six-week sabbatical for every employee. Vera Edwards (vedwards), Corey Flynn (cflynn), and Bhumika Kahn (bkahn) are leaving today. Maggie Brown (mbrown), Brenda Cassini (bcassini), and Arturo Espinoza (aespinoza) are just returning. The company security policy mandates that user accounts for employees gone for longer than two weeks be disabled. In this lab, your task is to: Lock the following user accounts:vedwardscflynnbkahn Unlock the following user accounts:mbrownbcassiniaespinoza When you're finished, view the /etc/shadow file to verify the changes.
6.8.4 Add Users to a Group
Maggie Brown (mbrown) and Corey Flynn (cflynn) have recently been hired in the human resources department. You have already created their user accounts. In this lab, your task is to: Add the hr group as a secondary group for the mbrown and cflynn user accounts. When you're finished, view the /etc/group file or use the groups command to verify the changes. When the -g switch is used with the usermod command, it sets the primary group membership, not the secondary group membership.
12.8.8 Recover a File from File History
Susan produces your organization's monthly magazine. While working on an upcoming issue, Susan accidentally deleted significant portions of the layout image. She also made extensive changes to the cover artwork, but has now been asked to discard the changes and use the original artwork. Susan has asked you to help her recover older versions of her files in the Pictures library so she can still meet her publishing deadline. In this lab, your task is to complete the following: Using the Settings app, access the program needed to restore files from a current backup. From the File History dialog, restore the following files: FileFile Version to RestorePictures\Layouts\June2020_Issue.jpgWednesday, March 16, 2020 11:15 AMPictures\Images\coverart.jpgWednesday, March 16, 2020 12:15 PM
8.1.5 Configure a Wireless Network
You are a network technician for a small corporate network. You just installed a Ruckus zone controller and wireless access points throughout your office buildings using wired connections. You now need to configure basic wireless network settings. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: Create a WLAN using the following settings:Name: CorpNet WirelessESSID: CorpNetType: Standard UsageAuthentication: OpenEncryption: WPA2Encryption algorithm: AESPassphrase: @CorpNetWeRSecure! Connect the Exec-Laptop in the Executive office to the new wireless network.
9.8.6 Create a Guest Network for BYOD
You are a network technician for a small corporate network. You need to enable BYOD Guest Access Services on your network for guests and employees that have mobile phones, tablets, and personal computers. In this lab, your task is to perform the following: Access the Wireless Controller console through Google Chrome on http://192.168.0.6.Username: admin (case sensitive)password: password Set up Guest Access Services using the following parameters:Name: Guest_BYODAuthentication: Use guest pass authenticationThe guest should be presented with your terms of use statement and then allowed to go to the URL he or she was trying to access.Verify that 192.168.0.0/16 is on the list of restricted subnets. Create a guest WLAN using the following parameters:Network name: GuestESSID: Guest_BYODType: Guest AccessAuthentication: OpenEncryption Method: NoneGuest Access Service: Guest_BYODIsolate guest wireless clients from other clients on the access point. Open a new Google Chrome window and request a guest pass using the BYODAdmin user as follows:URL: 192.168.0.6/guestpassUsername: BYODAdmin (case sensitive)Password: P@ssw0rd (0 is a zero)Use any full name in the Full Name field.Make a note of or copy and paste the key in the Key field. Use the key from the guest pass request to authenticate to the wireless LAN Guest_BYOD from the Gst-Lap laptop computer in the Lobby.
8.3.6 Harden a Wireless Network
You are a network technician for a small corporate network. You need to increase the security of your wireless network. Your new wireless controller provides several security features that you want to implement. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: Change the admin username and password for the Zone Director controller to the following:Admin Name: WxAdminPassword: ZDAdminsOnly!$ (O is the capital letter O) Set up MAC address filtering (L2 Access Control) to create a whitelist called Allowed Devices that includes the following wireless devices:00:18:DE:01:34:6700:18:DE:22:55:9900:02:2D:23:56:8900:02:2D:44:66:88 Implement a device access policy called NoGames that blocks gaming consoles from the wireless network.
8.2.6 Configure Rogue Host Protection
You are a network technician for a small corporate network. You want to take advantage of the self-healing features provided by the small enterprise wireless solution you've implemented. You're already logged in as WxAdmin on the Wireless Controller console from ITAdmin. In this lab, your task is to: Configure self-healing on the wireless network.Automatically adjust AP radio power to optimize coverage when interference is present.Set 2.4 GHz and 5 GHz radio channels to use the Background Scanning method to adjust for interference. Configure the background scanning needed for rogue device detection, AP locationing, and self-healing. Background scans should be performed on all radios every 30 seconds. Configure load balancing for all radios by adjusting the threshold to 40 dB. Configure band balancing to allow no more than 30% of clients to use the 2.4 GHz radios. Reduce the power levels to -3 dB for three access points in Building A to reduce RF emanations. Use the wireless survey results in the exhibit to identify the access points.The amount you reduce TX Power by requires a judgment call based on the wireless survey results. In practice, you would repeat the wireless survey to verify the proper TX Power settings.
8.3.7 Configure WIPS
You are a network technician for a small corporate network. You would like to enable Wireless Intrusion Prevention on the wireless controller. You are already logged in as WxAdmin. Access the Wireless Controller console through Chrome on http://192.168.0.6. In this lab, your task is to: Configure the wireless controller to protect against denial-of-service (DOS) attacks as follows:Protect against excessive wireless requests.Block clients with repeated authentication failures for two minutes (120 seconds). Configure Intrusion Detection and Prevention as follows:Report all rogue devices regardless of type.Protect the network from rogue access points. Enable Rogue DHCP Server Detection.
11.6.8 Perform and Analyze a SYN Flood
You are the CorpNet IT administrator. Your support team says that CorpNet's customers are unable to browse to the public-facing web server. You suspect that it might be under some sort of denial-of-service attack, possibly a TCP-SYN flood attack. Your www_stage computer is on the same network segment as your web server, so you should use this computer to investigate the problem. In this lab, your task is to: Capture packets from the network segment on www_stage using Wireshark.Use the enp2s0 interface. Analyze the attack using the following filters:tcp.flags.syn==1 and tcp.flags.ack==1tcp.flags.syn==1 and tcp.flags.ack==0
7.3.5 Compare an MD5 Hash
You are the IT administrator at a small corporate office. You just downloaded a new release for a program you use. You need to make sure the file was not altered before you received it. Another file containing the original file hash was also downloaded. Both files are located in the C:\Downloads folder. In this lab, your task is to use MD5 hash files to confirm that the Release.zip file was unaltered. From Windows PowerShell: Generate a file hash for the Release.zip file. View the hash of the original file stored in the release821hash.txt file. Use the following command to compare the original hash of the Release.zip file to its calculated hash to see if they match:"the_new_hash_generated" -eq "known_hash_extracted_from_the_.txt_file"Example: "4A84C7958C246E39439C784349F4ZDB4" -eq "9C784349F4ZDB44A84C7958C246E3943"You can highlight text in PowerShell and right-click it to copy the text to the active line. If using Chromebooks, highlight the desired hash amount and then click on the touchpad using 2 fingers to copy and paste the value. Answer the question. The new hash is the hash generated by the get-filehash file_name -a md5 command. The known hash is the hash generated by the get-content file_name.txt command. Include the quotation marks and the file extensions with the file names in the commands.
7.5.6 Manage Certificates
You are the IT administrator for a growing corporate network. You manage the certification authority for your network. As part of your daily routine, you perform several certificate management tasks. CorpCA, the certification authority, is a guest server on CorpServer2. In this lab, your task is to complete the following: Your network uses smart cards to control access to sensitive computers. Currently, the approval process dictates that you manually approve smart card certificate requests.Approve pending certificate requests for smart card certificates from tsutton and mmallory. Deny the pending web server certificate request for CorpSrv12. User bchan lost his smartcard. Revoke the certificate assigned to bchan.CorpNet.com using the Key Compromise reason code. Unrevoke the CorpDev3 certificate.
12.7.6 Configure Fault-Tolerant Volumes
You are the IT administrator for a small corporate network. You have installed the Windows Server 2019 operating system on a server named CorpServer2. During this installation, you created a single partition that took up the entire first disk. You would like to add fault tolerance to the system volume and create an additional fault tolerant volume for storing data. Four additional, uninitialized hard disks have been installed in the server for this purpose. In this lab, your task is to complete the following: To add fault tolerance for the System (C:) volume, create a mirrored volume using Disk 1. Create a new volume that provides both fault tolerance and improved performance using the following settings:Disks: Disk 2, Disk 3, and Disk 4Volume size: 2048000 MB (2 TB)Drive letter: RFormat: NTFSVolume label: Data You cannot create a RAID 5 volume from an existing volume.
12.8.10 Backup a Domain Controller
You are the IT administrator for a small corporate network. You need to back up the system state of your domain controllers so that, in the event of a disaster, Active Directory is backed up. You want to configure regular backups on CorpDC4. In this lab, your task is to perform the following using Windows Server Backup on CorpDC4: Create a regular backup schedule for the CorpDC4 server using the following settings:Backup items: System StateBackup schedule: once per day at 1:00 a.m.Backup location: \\CorpFiles\Backup Take an immediate backup using the following settings:Backup items: System State and C: driveBackup location: \\CorpFiles\Backup
6.10.6 Configure Kerberos Policy Settings
You are the IT security administrator for a small corporate network that has a single Active Directory domain named CorpNet.local. You are working on increasing the authentication security of the domain. In this lab, your task is to configure the Kerberos policy settings in the Default Domain Policy using Group Policy Management with the following settings: Security SettingValueMaximum lifetime for service ticket180 minutesMaximum lifetime for user ticket3 hoursMaximum lifetime for user ticket renewal3 daysMaximum tolerance for computer clock synchronization1 minute
7.1.11 Hide Files with OpenStego
You are the IT security administrator for a small corporate network. Recently, some of your firm's proprietary data leaked online. You have been asked to use steganography to encrypt data into a file that is to be shared with a business partner. The data will allow you to track the source if the information is leaked again. In this lab, your task is to use OpenStego to hide data in photos as follows: Encrypt and password protect the user data into the file to be shared.Message file: John.txtCover file: gear.pngOutput Sego file: send.png (saved in the Documents folder)Password: NoMor3L3@ks! Confirm the functionality of the steganography by:Extracting the data to C:\Users\Administrator\Documents\Export.Open the extracted file to confirm that the associated username has been embedded into the file.
10.4.10 Implement Application Whitelisting with AppLocker
You are the IT security administrator for a small corporate network. You are increasing network security by implementing application whitelisting. Your first step is to prevent applications not located in the operating system directory or the program files directory from running on your computers. In addition, the call center application used by the support team runs from C:\CallCenter\CallStart.exe and must be allowed to run. You also want any future versions of the call center application to run without changing any settings. In this lab, your task is to configure AppLocker in the default domain policy as follows: Create the default rules.Allow all files located in the Program Files folder.Allow all files located in the Windows folder. Configure a publisher rule that will allow future updates from the same vendor. Allow the Support group to run the call center software found in C:\CallCenter\CallStart.exe
11.4.7 Scan for Windows Vulnerabilities
You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Mary is the primary administrator for the network and the only person authorized to perform local administrative actions. The company network security policy requires complex passwords for all users. It is also required that Windows Firewall is enabled on all workstations. Sharing personal files is not allowed. In this lab, your task is to: Run a vulnerability scan for the Office2 workstation using the Security Evaluator. A shortcut is located on the taskbar. Remediate the vulnerabilities found in the vulnerability report for Office2. Re-run a vulnerability scan to make sure all of the issues are resolved
11.4.9 Scan for Domain Controller Vulnerabilities
You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Use the Security Evaluator tool to run a vulnerability scan on the CorpDC domain controller. In this lab, your task is to: Run a vulnerability scan for the CorpDC domain controller using the Security Evaluator on the taskbar. Remediate the vulnerabilities in the Default Domain Policy using Group Policy Management on CorpDC. Re-run a vulnerability scan to make sure all of the issues are resolved.
11.6.4 Poison ARP and Analyze with Wireshark
You are the IT security administrator for a small corporate network. You believe a hacker has penetrated your network and is using ARP poisoning to infiltrate it. In this lab, your task is to discover whether ARP poisoning is taking place as follows: Use Wireshark to capture packets on the enp2s0 interface for five seconds. Analyze the Wireshark packets to determine whether ARP poisoning is taking place. Use the 192.168.0.2 IP address to help make your determination. Answer the questions.
10.1.5 Allow SSL Connections
You are the IT security administrator for a small corporate network. You currently run a website on the CorpWeb server. You want to allow SSL connections to this website. In this lab, your task is to add a binding to the CorpNet website using the following settings: Website: www.corpnet.xyz Protocol: HTTPS Port: 443 SSL certificate: www.corpnet.xyz
11.4.10 Scan for IoT Vulnerabilities
You are the IT security administrator for a small corporate network. You have some security issues on a few Internet of Things (IoT) devices. You have decided to use the Security Evaluator to find these problems. In this lab, your task is to use the Security Evaluator to: Find a device using the IP address of 192.168.0.54. Find all devices using an IP address in the range of 192.168.0.60 through 192.168.0.69. Answer the questions.
13.3.5 Configure Email Filters
You are the IT security administrator for a small corporate network. You helped your boss remove a lot of junk email, and now he would like you to only allow emails and attachments from senders on his safe sender list. In this lab, your task is to configure email filtering as follows: Only allow emails from the safe senders list. Report junk email messages to your email provider. Only allow attachments from the safe senders list.
14.1.6 Enable Device Logs
You are the IT security administrator for a small corporate network. You need to enable logging on the switch in the networking closet. In this lab, your task is to: Enable logging and the Syslog Aggregator. Configure RAM Memory Logging as follows:Emergency, Alert, and Critical: EnableError, Warning, Notice, Informational, and Debug: Disable Configure Flash Memory Logging as follows:Emergency and Alert: EnableCritical, Error, Warning, Notice, Informational, and Debug: Disable Copy the running configuration file to the startup configuration file using the following settings:Source File Name: Running configurationDestination File Name: Startup configuration
11.4.11 Scan for WAP Vulnerabilities
You are the IT security administrator for a small corporate network. You perform vulnerability scans on your network. You need to verify the security of your wireless network and your Ruckus wireless access controller. In this lab, your task is to: Run a vulnerability scan for the wireless access controller 192.168.0.6 using Security Evaluator, which is accessible from the taskbar. Remediate the vulnerabilities found in the vulnerability report for the wireless access controller.New admin name: your choiceNew password: your choiceEnable reporting of rogue devices for intrusion prevention. Rerun a vulnerability scan to make sure all of the issues are resolved. Access the wireless controller console through Google Chrome on http://192.168.0.6 with the admin name admin and the password password. The username and password are case-sensitive.
11.6.6 Poison DNS
You are the IT security administrator for a small corporate network. You want to spoof the DNS to redirect traffic as part of a man-in-the-middle attack. In this lab, your task is to: (Optional) From the Exec computer, access rmksupplies.com and verify that site can be accessed. From the Linux Support computer, use Ettercap to begin sniffing and scanning for hosts. Configure the Exec computer (192.168.0.30) as the target 1 machine. Initiate DNS spoofing. From the Exec computer, access rmksupplies.com and verify that it has been redirected to a different site.
8.3.9 Configuring a Captive Portal
You have been hired by a small hotel to configure how their guests access the internet. You have chosen to use pfSense's captive portal feature. Guests must pass through this portal to access the internet. In this lab, your task is to: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Add a captive portal zone named Guest_WiFiUse the description Zone used for the guest Wi-Fi Using the GuestWi-Fi interface, configure your portal as follows:Allow a maximum of 100 concurrent connections.Disconnect user from the internet if their connection is inactive for 30 minutes.Disconnect user from the internet after two hours regardless of their activity.Limit user's download and upload to 8000 and 2500 Kbit/s, respectively.Force to pass through your portal prior to authentication. Allow the following MAC and IP address to pass through the portal:MAC: 00:00:1B:12:34:56IP: 198.28.1.100/16Give the IP address the description Admin's Laptop
9.1.6 Create Virtual Machines
You have installed Hyper-V on ITAdmin. You're experimenting with creating virtual machines. In this lab, your task is to create two virtual machines named VM1 and VM2. Use the following settings as specified for each machine: VM1: Virtual machine name: VM1 Virtual machine location: D:\HYPERV Generation: Generation 1 Startup memory: 1024 MB (do not use dynamic memory) Networking connection: External Virtual hard disk name: VM1.vhdx Virtual hard disk location: D:\HYPERV\Virtual Hard Disks Virtual hard disk size: 50 GB Operating system will be installed later VM2: Virtual machine name: VM2 Virtual machine location: D:\HYPERV Generation: Generation 1 Startup memory: 2048 MB (use dynamic memory) Networking connection: Internal Virtual hard disk name: VM2.vhdx Virtual hard disk location: D:\HYPERV\Virtual Hard Disks Virtual hard disk size: 250 GB Operating system will be installed later Minimum RAM: 512 MB Maximum RAM: 4096 MB
9.2.6 Create Virtual Switches
You have installed Hyper-V on the CorpServer server. You want to use the server to create virtual machines. Prior to creating the virtual machines, you are experimenting with virtual switches. In this lab, your task is to: Create an internal virtual switch named Switch 1. Create a private virtual switch named Switch 2.
12.8.6 Back Up Files with File History
You have recently installed a new Windows 10 computer. To protect valuable data, you need to implement file history backups on this computer. In this lab, your task is to configure automatic backups for the Exec computer as follows: Save the backup to the Backup (E:) volume. Back up files daily. Keep backup files for six months. Back up the entire Data (D:) volume. Make a backup now.
10.3.10 Clear the Browser Cache
You use Google Chrome as your web browser on the desktop computer in your dorm room. You are concerned about privacy and security while surfing the web. You are also concerned about exploits that harvest data from your Google Chrome browsing history. In this lab, your task is to delete the following items from your Google Chrome browser history for all time: Browsing history Download history Cookies and other site data Cached images and files Hosted app data
14.1.4 Configure Advanced Audit Policy
You work as the IT security administrator for a small corporate network. As part of an ongoing program to improve security, you want to implement an audit policy for all workstations. You plan to audit user logon attempts and other critical events. In this lab, your task is to configure the following audit policy settings in WorkstationGPO: Local PoliciesSettingAudit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settingsEnabledAudit: Shut down system immediately if unable to log security auditsEnabled Event LogSettingRetention method for security logDefine: Do not overwrite events (clear log manually) Advanced Audit Policy ConfigurationSettingAccount Logon: Audit Credential ValidationSuccess and FailureAccount Management: Audit User Account ManagementSuccess and FailureAccount Management: Audit Security Group ManagementSuccess and FailureAccount Management: Audit Other Account Management EventsSuccess and FailureAccount Management: Audit Computer Account ManagementSuccessDetailed Tracking: Audit Process CreationSuccessLogon/Logoff: Audit LogonSuccess and FailureLogon/Logoff: Audit LogoffSuccessPolicy Change: Audit Authentication Policy ChangeSuccessPolicy Change: Audit Audit Policy ChangeSuccess and FailurePrivilege Use: Audit Sensitive Privilege UseSuccess and FailureSystem: Audit System IntegritySuccess and FailureSystem: Audit Security System ExtensionSuccess and FailureSystem: Audit Security State ChangeSuccess and FailureSystem: Audit IPsec DriverSuccess and Failure Do not use the old audit policies located in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policies
11.3.5 Implement Intrusion Prevention
You work as the IT security administrator for a small corporate network. In an effort to protect your network against security threats and hackers, you have added Snort to pfSense. With Snort already installed, you need to configure rules and settings and then assign Snort to the desired interface. In this lab, your task is to use pfSense's Snort to complete the following: Sign into pfSense Username: adminPW: P@ssw0rd (zero) Enable the downloading of the following:Snort free registered User rulesOinkmaster Cote: 359d00c0e75a37a4dbd70757745c5c5dg85aaSnort GPLv2 Community rulesEmerging Threats Open rulesSourcefire OpenAppID detectorsAPPID Open rules Configure rule updates to happen once a day at 1:00 a.m.Hide any deprecated rules. Block offending hosts for 1 hour. Send all alerts to the system log when the Snort starts and stops. Assign Snort to the WAN interface using a description of WANSnort.Include:Sending alerts to the system logAutomatically blocking hosts that generate a Snort alert Start Snort on the WAN interface.
7.4.8 Configure BitLocker with a TPM
You work as the IT security administrator for a small corporate network. The employee in Office 1 is working on a very sensitive project. Management is concerned that if the hard drive in the computer were stolen, sensitive information could be compromised. As a result, you have been asked to encrypt the entire System volume. The Office1 computer has a built-in TPM on the motherboard. In this lab, your task is to configure BitLocker drive encryption as follows: From within the computer's BIOS, turn on and activate TPM Security. From Windows, turn on BitLocker for the System (C:) drive. Back up the recovery key to the \\CorpServer\BU-Office1 folder. Encrypt the entire System (C:) drive. Use the new encryption mode. Run the BitLocker system check.
9.8.4 Secure an iPad
You work as the IT security administrator for a small corporate network. The receptionist uses an iPad to manage employees' schedules and messages. You need to help her secure the iPad because it contains all of the employees' personal information. In this lab, your task is to: View the current iOS version and then answer the applicable question. Apply the latest software update and then answer the applicable question. Configure Auto-Lock with a five-minute delay. Configure Passcode Lock using a passcode of C@sp3r Require the passcode after five minutes. Configure Data Erase to wipe all data after 10 failed passcode attempts. Require unknown networks to be added manually. Turn off Bluetooth.
13.3.7 Secure Email on iPad
You work as the IT security administrator for a small corporate network. The receptionist, Maggie Brown, uses an iPad to manage employee schedules and messages. You need to help her secure her email and browser on her iPad. In this lab, your task is to complete the following: Configure Maggie's email account to use SSL for incoming mail. Secure the internet browser as follows:Turn off AutoFillTurn on Block Pop-upsBlock all cookiesTurn on Fraudulent Website WarningTurn off JavaScript
10.4.12 Implement Data Execution Preventions
You work as the IT security administrator for a small corporate network. You are configuring the computer in Office 1 to use Data Execution Prevention (DEP) for all programs and services. You have noticed that the accounting program used on some computers does not function well when DEP is enabled. In this lab, your task is to configure DEP as follows: Enable DEP for all files. Disable DEP for C:\Program Files (x86)\AccountWizard\AccountWizard.exe. Restart the computer to activate DEP.