TestOut Security Pro, Lab Practice|2023 LATEST UPDATE|GUARANTEED SUCCESS

5.12.4 Explore VLANs You are the IT security administrator for a small corporate network. You need to increase the networking closet's security by implementing a CCTV system with IP cameras. As part of this task, you need to separate the CCTV data traffic on the network using a separate VLAN on the switch. The patch panel connections for the networking closet, lobby, and IT administration office are installed and ready for use (ports 18-20). A DHCP server is already configured to provide the IP cameras and the laptop in the IT administration office with the correct TCP/IP settings (port 21). For an easier implementation, create the logical VLAN first and then establish the physical connections of the IP cameras and the laptop. 1.) From the ITAdmin computer, log into the CISCO switch. -From the taskbar, open Google Chrome. -Maximize the window for easier viewing. -In the URL field, enter 192.168.0.2 and press Enter. -For Username, enter ITSwitchAdmin. -For Password, enter Admin$only (password is case-sensitive). -Select Log In. 2.) Create a VLAN. -From the Getting Started pane, under Initial Setup, select Create VLAN. -Select Add.For VLAN ID, enter 2. -For VLAN Name, enter IPCameras. -Select Apply. -Select Close. 3.) Configure a VLAN. -From the left pane, under VLAN Management, select Port to VLAN. -From the the VLAN ID equals to drop-down menu, select 2. -Select Go. -For ports GE18, GE19, GE20, and GE21, select Untagged. -Select Apply. 4.) Connect the IP camera in the lobby to the VLAN and mount the IP cameras. -From the top navigation area, select Floor 1. -Under Lobby, select Hardware. -Under Shelf, expand CCTV Cameras. -Drag the IP Camera (Lobby) to the workspace. -Under Workspace for the IP camera, select Back to switch to the back view of the IP camera. -Under Shelf, expand Cables and then select a Cat5e Cable, RJ45. -Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the IP Camera wall mount plate. -From the wall plate's Partial Connections list, drag the other connector to the RJ-45 port on the back of the IP camera. -Drag the IP camera to the IP camera wall plate. 5.) Connect the IP camera in the networking closet to the VLAN and mount the IP cameras. -From the top navigation area, select Floor 1. -Under Networking Closet, select Hardware. -Under Shelf, expand CCTV Cameras. -Drag the IP Camera (Networking Closet) to the workspace. -Under Workspace for the IP camera, select Back to switch to the back view of the IP camera. -Under Shelf, expand Cables and then select Cat5e Cable, RJ45. -Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the IP Camera mount wall plate. -Under Selected Component, drag the unconnected RJ45 cable to the RJ-45 port on the back of the IP camera. -To mount the IP camera, drag the IP camera to the IP camera wall plate. 6.) Connect the DHCP server and laptop to the VLAN. -In the networking closet, under Shelf, select a Cat5e Cable, RJ45. -Under Selected Component, drag a RJ45 Connector to port 21 on the switch. -Under Selected Component, drag the unconnected RJ45 Connector to port 21 on the patch panel. 7.) Connect the laptop to the VLAN. From the top menu, select Floor 1. Under IT Administration, select Hardware. Above the laptop, select Back to switch to the back view of the laptop. Under Shelf, select Cat5e Cable, RJ45. Under Selected Component, drag a RJ45 Connector to the RJ-45 port on the laptop. Under Selected Component, drag the unconnected RJ45 Connector to the open RJ-45 port on the wall plate. 8.) Launch the IP camera monitoring software. Under the laptop's workspace, select Front. On the IT-Laptop2, select Click to view Windows 10. From the taskbar, select Start. Select IP Cameras. Verify that both cameras are detected on the network. 5.13.5 Restrict Telnet and SSH Access You are in the process of configuring a new router. The router interfaces connect to the following networks: Interface: FastEthernet0/0 FastEthernet0/1 FastEthernet0/1/0 Network: 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 Only Telnet and SSH access from these three networks should be allowed. In this lab, your task is to: -Use the access-list command to create a standard numbered access list using number 5. -Add a permit statement for each network to the access list. -Use the access-class command to apply the access list to VTY lines 0-4. Use the in direction to filter incoming traffic. -Save your changes in the startup-config file. 1.) Enter the configuration mode for the router: -From the exhibit, select the router. -From the terminal, press Enter. -Type enable and then press Enter. -Type config term and then press Enter. 2.) From the terminal, create a standard numbered access list using number 5. Add a permit statement for each network to the access list. -Type access-list 5 permit 192.168.1.0 0.0.0.255 and then press Enter. -Type access-list 5 permit 192.168.2.0 0.0.0.255 and then press Enter. -Type access-list 5 permit 192.168.3.0 0.0.0.255 and then press Enter. 3.) Apply the access list to VTY lines 0-4. Filter incoming traffic. -Type line vty 0 4 and then press Enter. -Type access-class 5 in and then press Enter. -Press Ctrl + Z. 4.) Save your changes in the startup-config file. -Type copy run start and then press Enter. -Press Enter to begin building the configuration. -Press Enter. 5.13.6 Permit Traffic The Fiji router has been configured with Standard IP Access List 11. The access list is applied to the Fa0/0 interface. The access list must allow all traffic except traffic coming from hosts 192.168.1.10 and 192.168.1.12. However, you've noticed that it's preventing all traffic from being sent on Fa0/0. You remember that access lists contain an implied deny any statement. This means that any traffic not permitted by the list is denied. For this reason, access lists should contain at least one permit statement or all traffic is blocked. In this lab, your task is to: -Add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic. -Save your changes in the startup-config file. 1.) Enter the configuration mode for the Fiji router: -From the exhibit, select the Fiji router. -From the terminal, press Enter. -Type enable and then press Enter. -Type config term and then press Enter. 2.) From the terminal, add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic. -Type access-list 11 permit any and press Enter. -Press Ctrl + Z. 3.) Save your changes in the startup-config file. -Type copy run start and then press Enter. -Press Enter to begin building the configuration. -Press Enter. 5.13.7 Block Source Hosts You have a small business network connected to the internet through a single router as shown in the network diagram. You have noticed that three hosts on the internet have been flooding your router with unwanted traffic. As a temporary measure, you want to prevent all communication from these three hosts until the issue is resolved. In this lab, your task is to: -Create a Standard Access List 25. -Add statements to the access list to block traffic from the following hosts: -199.68.111.199 -202.177.9.1 -211.55.67.11 -Add a statement to allow all other traffic from all other hosts. -Apply Access List 25 to the Serial0/0/0 interface to filter incoming traffic. 1.) Enter the configuration mode for the router: -From the exhibit, select the router. -From the terminal, press Enter. -Type enable and then press Enter. -Type config term and then press Enter. 2. ) From the terminal, create a standard numbered access list using number 25. Add statements to the access list to block traffic to the required hosts. -Type access-list 25 deny host 199.68.111.199 and press Enter. -Type access-list 25 deny host 202.177.9.1 and press Enter. -Type access-list 25 deny host 211.55.67.11 and press Enter. 3.) From the terminal, add a statement to allow all other traffic from all other hosts, by typing access-list 25 permit any and pressing Enter. 4.) From the terminal, apply Access List 25 to the Serial0/0/0 interface to filter incoming traffic. -Type int s0/0/0 and press Enter. -Type ip access-group 25 in and press Enter. -Type Ctrl + Z. 6.5.5 Create OUs You are the IT administrator for a small corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. Now you need to create an Active Directory organizational unit (OU) structure based on the company's departmental structure. In this lab, your task is to create the following organizational units (OUs) on the CorpDC server and ensure that each is protected from accidental deletion as follows: -Beneath the CorpN domain, create the following OUs: -Accounting -Admins -Marketing -Research-Dev -Servers -Support -Workstations -Sales -Within the Sales OU, create the following OUs: -SalesManagers -TempSales Beneath the CorpN domain, create the following OUs: -Accounting -Admins -Marketing -Research-Dev -Servers -Support -Workstations -Sales Beneath the Sales OU, create the following OUs: -SalesManagers -TempSales 1.) Access the CorpDC server. -From the left pane of Hyper-V Manager, select CORPSERVER. -From the Virtual Machines pane, double-click CorpDC. 2.) Create the Active Directory organizational units (OUs) beneath the CorpN domain. -From Server Manager's menu bar, select Tools > Active Directory Users and Computers. -From the left pane, right-click CorpN and then select New > Organizational Unit. -Enter the name of the OU to be created. -Ensure that Protect container from accidental deletion is selected and then select OK. -Repeat steps 2b - 2d until all the required domain OUs are created. 3.) Create the OUs within the Sales OU. -From the left pane, select CorpN > Sales. -From the menu bar, select the Create a new organizational unit in the current container icon. -Enter the name of the OU to be created. -Ensure that Protect container from accidental deletion is selected and then select OK. -Repeat steps 3a - 3d to create the remaining OU. 6.5.10 Create and Link a GPO You are the IT security administrator for a small corporate network. You would like to use Group Policy to enforce settings for certain workstations on your network. You have prepared and tested a security template file that contains policies that meet your company's requirements. In this lab, your task is to perform the following on CorpDC: -Create a GPO named Workstation Settings in the CorpN domain. -Link the Workstation Settings GPO to the following organizational units (OUs): -Marketing > TempMarketing -Sales > TempSales -Support -Import the ws_ template file, located in C:Templates, to the Workstation Settings Group Policy object. 1.) Access the CorpN domain. -From Server Manager, select Tools > Group Policy Management. -Expand Forest: CorpN > Domains > CorpN. -Maximize the window for better viewing. 2.) Create the Workstation Settings GPO and link it to the CorpN domain. -Right-click the Group Policy Objects OU and select New. -In the Name field, enter the Workstation Settings and then click OK. 3.) Link OUs to the Workstation Settings GPO. -Right-click the OU and select Link an Existing GPO. -Under Group Policy Objects, select Workstation Settings from the list and then click OK. -Repeat step 3 to link the additional OUs. 4.) Import the ws_ security policy template. -Expand Group Policy Objects. -Right-click Workstation Settings and select Edit. -Under Computer Configuration, expand Policies > Windows Settings. -Right-click Security Settings and select Import Policy. -Browse to the C:Templates. -Select ws_ and then click Open. 6.5.11 Create User Accounts You are the IT administrator for a small corporate network. You recently added an Active Directory domain to the CorpDC server to manage network resources centrally. You now need to add user accounts in the domain. In this lab, your task is to create the following user accounts on CorpDC: User: -Juan Suarez -Susan Smith -Mark Burnes -Borey Chan Job Role: -Marketing Manager -Permanent sales employee -Sales Manager -Temporary sales employee Departmental OU: -MarketingMarketingManagers -SalesPermSales -SalesSalesManagers -SalesTempSales Use the following user account naming standards and specifications as you create each account: -Create the user account in the departmental OU corresponding to the employee's job role. -User account name: First name + Last name -Logon name: firstinitial + lastname with @CorpN as the domain -Original password: asdf1234$ (must change after the first logon) -Configure the following for the temporary sales employee: -Limit the logon hours to allow logon only from 8:00 a.m. to 5:00 p.m., Monday through Friday. -Set the user account to expire on December 31st of the current year. 2.) Access Active Directory Users and Computers on the CorpDC server. -From Hyper-V Manager, select CORPSERVER. -From the Virtual Machines pane, double-click CorpDC. -From Server Manager's menu bar, select Tools > Active Directory Users and Computers. -Maximize the window for better viewing. 2.) Create the domain user accounts. -From the left pane, expand CorpN. -Browse to the appropriate OU. -Right-click the OU and select New > User. -In the First name field, enter the user's first name. -In the Last name field, enter the user's last name. -In the User logon name field, enter the user's logon name which should be the first letter of the user's first name together with their last name. (e.g. jsuarez) -Click Next. -Select Next. -In the Password field, enter asdf1234$. -In the Confirm password field, enter asdf1234$. -Make sure User must change password at next logon is selected and then click Next. -Select Finish to create the object. -Repeat steps 3e-3m to create the additional users. 3.) Modify user account restrictions for the temporary sales employee. -Right-click Borey Chan and select Properties. -Select the Account tab. -Select Logon hours. -From the Logon Hours dialog, select Logon Denied to clear the allowed logon hours. -Select the time range of 8:00 a.m. to 5:00 p.m., Monday through Friday. -Select Logon Permitted to allow logon. -Select OK. -Under Account expires, select End of. -In the End of field, use the drop-down calendar to select 31 December of the current year. -Select OK. 6.5.12 Manage User Accounts You are the IT administrator for a small corporate network. You recently added an Active Directory domain on the CorpDC server to manage network resources centrally. Organizational units in the domain represent departments. User and computer accounts are in their respective departmental OUs. Over the past few days, several personnel changes have occurred that require changes to user accounts. In this lab, your task is to use the following information to make the necessary user account changes on CorpDC: -Mary Barnes from the Accounting Department has forgotten her password, and now her account is locked. -Unlock the account. -Reset the password to asdf1234$. -Require a password change at the next logon. -Mark Woods has been fired from the accounting department. Disable his account. -Pat Benton is returning to the Research-Dev department from maternity leave. Her account is disabled to prevent logon. Enable her account. -Andrea Simmons from the Research-Dev department has recently married. -Rename the account Andrea Socko. -Change the last name to Socko. -Change the display name to Andrea Socko. -Change the user logon and the pre-Windows 2000 user logon name to asocko. -For all users in the Support OU (but not the SupportManagers OU), allow logon only to the Support computer. 1.) Access Active Directory Users and Computers on the CorpDC server. From Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, double-click CorpDC. From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing. 2.) From the left pane, expand CorpN. 3.) Unlock the Mary Barnes account. -From the left pane, select Accounting. -Right-click Mary Barnes and select Reset Password. -In the New password field, enter asdf1234$. -In the Confirm password field, enter asdf1234$. -Make sure User must change password at next logon is selected. -Make sure Unlock the user's account is selected. -Select OK. -Select OK to confirm the changed. 4.) Disable the Mark Woods account. From the right pane, right-click Mark Woods and select Disable Account. -Select OK to confirm the change. 5.) Enable Pat Benton's account. -From the left pane, select Research-Dev. -From the right pane, right-click Pat Benton and select Enable Account. -Select OK to confirm the change. 6.) Rename the Andrea Simmons account. -Right-click Andrea Simmons and select Rename. -Enter Andrea Socko and press Enter. This opens the Rename User dialog. -In the Last name field, enter Socko. -In the User logon name field, replace the old name with asocko. -Select OK. 7.) Configure user account restrictions. -From the left pane, select Support. -Press the Ctrl key and then from the right pane, select both the Tom Plask and Janice Rons users to edit multiple users at the same time. -Right-click the user accounts and select Properties. -Select the Account tab. -Select Computer restrictions. -Select Log On To. -Select The following computers. -In the Computer name field, type Support. -Select Add. -Select OK. -Select OK. 6.5.13 Create a Group You are the IT administrator for the CorpNet domain. You have decided to use groups to simplify the administration of access control lists. Specifically, you want to create a group containing the department managers. In this lab, your task is to use Active Directory Users and Computers to complete the following actions on the CorpDC server: In the Users container, create a group named Managers. Configure the group as follows: -Group scope: Global -Group type: Security Make the following users members of the Managers group: -Organization Unit: -Accounting -Research-Dev -MarketingMarketingManagers -Research-DevResearchManagers -SalesSalesManagers -SupportSupportManagers -Username: -Mark Woods -Pat Benton -Juan Suarez -Arlene Kimbly -Mark Burnes -Shelly Emery 1.) Access Active Directory Users and -Computers on the CorpDC server. -From Hyper-V Manager, select CORPSERVER. -From the Virtual Machines pane, double-click CorpDC. -From Server Manager's menu bar, select Tools > Active Directory Users and Computers. -Maximize the window for better viewing. 2.) In the Users container, create a group named Managers. -From the left pane, expand and select CorpN > Users. -Right-click the Users container and select New > Group. -In the Group name field, enter Managers.A pre-Windows 2000 group name is created automatically, but it can be changed. -Under Group scope, make sure Global is selected. -Under Group type, make sure Security is selected and select OK. 3.) Add user accounts to the Managers group. -From the left pane, ensure that the Users container is still selected. -From the right pane, right-click Managers and select Properties. -Select the Members tab. -Select Add. -In the Enter the object names to select field, enter all the usernames. Use a semicolon to separate each name. Example: Steve Hoffer; Peter Williams; Princess Diana -Select Check Names. -Select OK to add the users and close the dialog. -Select OK to close the Managers Properties dialog.