testout labs 2023 all questions and answers with complete solution

testout labs 2023 all questions and answers with complete solution 2.2.6 Configure Microsoft Defender You recognize that the threat of malware is increasing. As such, you would like to use Windows Virus & Threat Protection to protect your computer from malware. In this lab, your task is to enable and configure Windows Virus & Threat Protection as follows: 1. Add a file exclusion for D:Graphics. 2. Add a process exclusion for . 3. Locate the current threat definition version number. 4. Answer Question 1. 5. Check for updates. 6. Answer Question 2. Perform a quick scan Complete this lab as follows: 1. Access the Virus & threat protection options. a. Right-click Start; then select Settings. b. Select Update & Security. c. From the left pane, select Windows Security. d. Select Virus & threat protection. 2. Add a file exclusion for D:Graphics. a. Under Virus & threat protection settings, select Manage settings. b. Scroll down to Exclusions and then select Add or remove exclusions. c. Select Add an exclusion; then select File. d. From the left pane, browse to and select Data (D:) Graphics , and then select Open. 3. Add a process exclusion for . a. From the Exclusions dialog, select Add an exclusion; then select Process. b. In the Enter process name field, type ; then select Add. 4. Check for protection updates. a. In the top left, select the back arrow twice to return to the Virus & threat protection page. b. Scroll down to Virus & threat protection updates and then select Check for updates to access the Protection updates page. c. In the top right, select Answer Questions. d. Answer Question 1. e. Select Check for updates. f. Answer Question 2. 5. Perform a quick virus scan. a. In the top left of the Windows Security dialog, select the back arrow to return to the Virus & threat protection page. b. Select Quick scan. c. Wait for the scan to complete. 6. From the Lab Questions dialog, select Score Lab. 2.3.11 Identify Social Engineering You work as the IT security administrator for a small corporate network in the United States of America. The name of your site is . The company president has received several questionable emails that he is concerned may be malicious attacks on the company. He has asked you to determine whether the emails are hazardous and to handle them accordingly. In this lab, your task is to: · Read each email and determine whether it is legitimate. · Delete any emails that are attempts at social engineering. · Keep emails that are safe. Complete this lab as follows: From the Inbox of the WebEmail interface, highlight an email. Read and explore the email and determine whether it is a legitimate email. This includes using your mouse to hover over suspicious attachments and links. Take the appropriate action for each email:If the email is an attempt at social engineering, from the menu bar, select Delete.If the email safe, do nothing. Repeat steps 1 through 3 for each email. The following table list the actions you should take for each email.EmailDiagnosisActionExplanation for ActionMicrosoft Windows Update CenterNew Service PackPhishingDeleteThis email has various spelling errors. The link does not direct you to a Microsoft website.Joe DavisRe: Lunch Today?Malicious AttachmentDeleteThis email appears to be from a colleague; however, why would he fail to respond to your lunch question and send you a random attachment in return?Executive RecruitingExecutive JobsWhalingDeleteWhaling uses tailored information to attack executives. Clicking the link could install malware that would capture sensitive company information. The link is pointing to a site in Germany (.de). It is suspicious that this organization would recruite executives from the USA.Human ResourcesEthics VideoSafeKeepWhile this email has an embedded link, it is digitally signed, as indicated by the green shield and checkmark. Therefore, you know it actually comes from your Human Resources department. When you hover over the link, you see that it is a secure link to the corporate web server.Online Banking DepartmentPayment PendingPhishingDeleteThis is a carefully crafted attempt to get your bank account information. Hover over the link and notice that it does not direct you to your credit union website, but to an unknown IP address. It is also very unlikely that a bank would delete your account for not verifying your information.Grandma JacklinFW: FW: FW: Virus Attack WarningHoaxDeleteAny email that asks you to forward it to everyone you know is probably a hoax. This email also contains very bad grammar.Emily SmithWeb Site UpdateSpear PhishingDeleteWhile this email appears to come from a colleague, notice that the link points to an executable file from a Russian domain name (.ru). A report file is more likely to have an extension of .pdf. .docx, .xlsx, or .txt. This probably is not a message a real colleague would send. This file will likely infect the computer with malware.Sara GoodwinWow!!Malicious AttachmentDeleteEmails with attachments from unknown people who address you as "Dear Friend" are probably not safe.Grandma JacklinFree Airline TicketsHoaxDeleteAny email that asks you to forward it to everyone you know is probably a hoax, even if the contents promise you a prize. In addition, there is no way to know how many people the email has been forwarded to. Likewise, it is very unlikely that an airline would give away that many free tickets.Human ResourcesIMPORTANT NOTICE-Action RequiredSafeKeepWhile this email appears very urgent, it doesn't ask you to click on anything or run any attachments. It does inform you that you need to go a website that you should already know and make sure your courses are complete.Activities CommitteePumpkin ContestSafeKeepThis email doesn't ask you to click on anything or run any attachments.Robert WilliamsPresentationSafeKeepThis email doesn't ask you to click on anything or run any attachments. 3.1.3 Implement Physical Security Based on a review of physical security at your office, you have recommended several improvements. Your plan includes installing smart card readers, IP cameras, signs, and an access log book. In this lab, your task is to: Implement your physical security plan by dragging the correct items from the shelf onto the various locations in the building. As you drag the items from the shelf, the possible drop locations are highlighted. To implement your plan, you must: Install two IP security cameras in the appropriate location to record which employees access the key infrastructure. The security cameras should operate over the TCP/IP network. Install the smart card key readers in the appropriate location to control access to key infrastructure. The key card readers should be contactless and record more information than the card's ID. Install a Restricted Access sign on the networking closet door to control access to the infrastructure. Install the visitor log on the lobby desk. Complete this lab as follows: Install the IP security cameras:From the Shelf, expand CCTV Cameras.Drag the IP Security Camera from the shelf to the highlighted circle inside the networking closet.Drag the IP Security Camera from the shelf to the highlighted circle just outside the networking closet. Install the smart card key readers:From the Shelf, expand Door Locks.Drag a smart card reader from the shelf to the highlighted location outside the building's front door.Drag a smart card reader from the shelf to the highlighted location outside the networking closet's door. Install the Restricted Access sign:From the Shelf, expand Restricted Access Signs.Drag the Restricted Access sign from the shelf to the networking closet door. Install the visitor log:From the Shelf, expand Visitor Logs.Drag the visitor log from the shelf to the lobby desk. 4.2.5 Configure Automatic Updates You need to customize how Windows Update checks for and installs updates on the ITAdmin desktop system. In this lab, your task is to: Configure Windows Update to:Install updates for other Microsoft products when Windows is updated.Allow the installation of feature updates to be deferred 60 days.Allow quality updates to be deferred 30 days. Configure Windows to automatically download manufacturers' apps and custom icons for devices. Complete this lab as follows: Configure the Windows Update settings.Right-click Start and then select Settings.Select Update & Security.From the right pane, select Advanced options.Under Update Options, turn on Receive updates for other Microsoft products when you update Windows by sliding the switch to On.Under Choose when updates are installed, configure each option as follows:A feature update includes new capabilities and improvements. It can be deferred for 60 days.A quality update includes security improvements. It can be deferred for this many days: 30Close the Settings window. Configure Windows to automatically download the manufacture's apps and custom icons.In the search field on the Windows taskbar, type Control.From Best match, select Control Panel.Select System and Security.Select System.From the left pane, select Advanced system settings.Select the Hardware tab.Select Device Installation Settings.Select Yes and then select Save Changes.Select OK. 4.2.7 Configure Microsoft Defender Firewall You have a new laptop that is running Windows 10. You notice a security message that indicates that Windows Firewall has been disabled. The laptop is currently connected to your organization's network, and the Domain network profile settings are in effect. You plan to travel this week, and you willconnect the laptop to various airport Wi-Fi hotspots. You need to enable Windows Firewall for any public network. In this lab, your task is to configure Windows Firewall as follows: Turn on Windows Firewall for the Public network profile only. In addition to the programs and ports currently allowed, allow the following service and programs through the firewall for the Public network profile only:A service named Key Management ServiceAn application named Arch98An application named Apconf Complete this lab as follows: Access the Windows Firewall settings.Right-click Start and then select Settings.Select Network & Internet.From the right pane, scroll down and select Windows Firewall. From the Firewall & network protection dialog, under Public network, select Turn on. Allow applications to communicate through the firewall for the Public network only.Select Allow an app through firewall.Select Change settings.For Key Management Service, clear Domain and Private, and then select Public.Select Allow another app to configure an exception for an application not currently allowed through the firewall.Select the application from the list and then select Add.For the newly added application, clear Domain and Private, and then select Public.Repeat steps 3d - 3f for the remaining application. Select OK. 4.3.5 Configure NTFS Permissions There are two groups of users who access the Office1 computer, Marketing and Research. Each group has a corresponding folder: E:Marketing Data E:Research Data In this lab, your task is to: Disable permissions inheritance for E:Marketing Data and E:Research Data and convert the existing permissions to explicit permissions. For each of the above folders, remove the Users group from the access control list (ACL). Add the Marketing group to the Marketing Data folder ACL. Add the Research group to the Research Data folder ACL. Assign the groups Full Control to their respective folders. Do not change any other permissions assigned to other users or groups. Complete this lab as follows: Open the Data (E:) drive.From the Windows taskbar, select File Explorer.From the left pane, expand and select This PC Data (E:). Disable inheritance and convert inherited permissions to explicit permissions.From the right pane, right-click the applicable folder and then select Properties.Select the Security tab.Select Advanced to modify inherited permissions.Select Disable inheritance to prevent inherited permissions.Select Convert inherited permissions into explicit permissions on this object. Remove the Users group from the access control list.In Permission entries, select Users.Select Remove to remove the group from the access control list.Select OK. Add a new group to the access control list and allow Full Control.Select Edit to add a group to the access control list.Select Add.Enter the name of the group you want to add and then select Check Names.Select OK.With the newly added group selected, under the Allow column, select Full control and then select OK.Select OK to close the properties dialog. Repeat steps 2 - 4 to modify the permissions for the additional folder. 4.3.6 Disable Inheritance Confidential personnel data is stored on the CorpFiles file server in a shared directory named Personnel. You need to configure NTFS permissions for this folder so that only managers are authorized to access it. In this lab, your task is to perform the following: Grant the Managers group the Full Control permission to the D:Personnel folder. Remove all inherited permissions that are flowing to the D:Personnel folder. Complete this lab as follows: Open the Data (E:) drive.From the Windows taskbar, select File Explorer.From the left pane, expand and select This PC Data (D:). Configure NTFS permissions.From the right pane, right-click Personnel and select Properties.Select the Security tab.Select Edit.Select Add.Enter Managers as the group that will receive permission to the folder.Click OK.With the Managers group selected, select the appropriate Full control.Click OK. Prevent inherited permissions from parent.On the Security tab, select Advanced.Select Disable inheritance.Select Remove all inherited permissions from this object.Click OK to close the Advanced Security Settings for Personnel dialog.Click OK to close the Properties dialog. 5.1.7 Configure a Security Appliance You are an IT security administrator for a small corporate network. To increase security for the corporate network, you have installed the pfSense network security appliance in your network. Now you need to configure the device. In this lab, your task is to configure pfSense as follows: Sign in to pfSense using the following case-sensitive information:URL: 198.28.56.18Username: adminPassword: pfsense Configure the DNS servers as follows:Primary DNS server: 163.128.78.93 - Hostname: DNS1Secondary DNS server: 163.128.80.93 - Hostname: DNS2 Configure the WAN IPv4 information as follows:Enable the interface.Use a static IPv4 address of 65.86.24.136/8Add a new gateway using the following information:Type: Default gatewayName: WANGatewayIP address: 65.86.1.1 Complete this lab as follows: Access the pfSense management console.From the taskbar, select Google Chrome.Maximize the window for better viewing.In the address bar, type 198.28.56.18 and then press Enter.Sign in using the following case-sensitive information:Username: adminPassword: pfsenseSelect SIGN IN or press Enter. Configure the DNS Servers.From the pfSense menu bar, select System General Setup.Under DNS Server Settings, configure the primary DNS Server as follows:Address: 163.128.78.93Hostname: DNS1Gateway: NoneSelect Add DNS Server to add a secondary DNS Server and then configure it as follows:Address: 163.128.80.93Hostname: DNS2Gateway: NoneScroll to the bottom and select Save. Configure the WAN settings.From pfSense menu bar, select Interfaces WAN.Under General Configuration, select Enable interface.Use the IPv4 Configuration Type drop-down to select Static IPv4.Under Static IPv4 Configuration, in the IPv4 Address field, enter 65.86.24.136.Use the IPv4 Address subnet drop-down to select 8.Under Static IPv4 Configuration, select Add a new gateway.Configure the gateway settings as follows:Default: Select Default gatewayGateway name: Enter WANGatewayGateway IPv4: 65.86.1.1Select Add.Scroll to the bottom and select Save.Select Apply Changes. 5.1.8 Configure Network Security Appliance Access You work as the IT security administrator for a small corporate network. You need to secure access to your pfSense appliance, which is still configured with the default user settings. In this lab, your task is to: Change the password for the default pfSense account from pfsense to P@ssw0rd (use a zero). Create a new administrative user with the following parameters:Username: zolsenPassword: St@yout!Full Name: Zoey OlsenGroup Membership: admins Set a session timeout of 15 minutes for pfSense. Disable the webConfigurator anti-lockout rule for HTTP. Complete this lab as follows: Access the pfSense management console.From the taskbar, select Google Chrome.Maximize the window for better viewing.In the Google Chrome address bar, enter 198.28.56.18 and then press Enter.Enter the pfSense sign-in information as follows:Username: adminPassword: pfsenseSelect SIGN IN. Change the password for the default (admin) account.From the pfSense menu bar, select System User Manager.For the admin account, under Actions, select the Edit user icon (pencil).For the Password field, change to P@ssw0rd (use a zero).For the Confirm Password field, enter P@ssw0rd.Scroll to the bottom and select Save. Create and configure a new pfSense user.Select Add.For Username, enter zolsen.For the Password field, enter St@yout!.For the Confirm Password field, enter St@yout!For Full Name, enter Zoey Olsen.For Group Membership, select admins and then select Move to Member of list.Scroll to the bottom and select Save. Set a session timeout for pfSense.Under the System breadcrumb, select Settings.For Session timeout, enter 15.Select Save. Disable the webConfigurator anti-lockout rule for HTTP.From the pfSense menu bar, select System Advanced.Under webConfigurator, for Protocol, select HTTP.Select Anti-lockout to disable the webConfigurator anti-lockout rule.Scroll to the bottom and select Save. 5.1.10 Configure QoS You are the IT administrator for a small corporate network. Several employees have complained of slow internet bandwidth. You have discovered that the user stations on the guest Wi-Fi network are consuming much of your company's bandwidth. You have decided to use pfSense's Traffic Shaper wizard to create the various rules needed to better control the bandwidth usage and to fine-tune the priority for the type of traffic used on your guest Wi-Fi network. Your network has one LAN and one WAN. In this lab, your task is to: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Create a firewall alias using the following specifications:Name: HighBWDescription: High bandwidth usersAssign the IP addresses of the high-bandwidth users to the alias:Vera's IP address: 172.14.1.25Paul's IP address: 172.14.1.100 The Shaper must be configured for the GuestWi-Fi interface using:An upload bandwidth of 5 MbitsA download bandwidth of 45 Mbits Allow your voice over IP traffic to have priority with:An upload bandwidth of 15 MbitsA download bandwidth of 20 Mbits To limit the user stations most likely to hog bandwidth, use the alias created earlier to penalize the offending stations to 2% of the bandwidth. Give a higher priority to the following services and protocols:MSRDPVNCPPTPIPSEC Change the port number used on the floating rule created for MSRDP as