Simulations SY0-601 10-23-2022 Simulation #1 Network Security An attack has occurred against a company. You have been tasked to do the following: 1. Identify the type of attack that is occurring on the network by clicking on the attacker’s Tablet and reviewing the output. 2. Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server. Instructions: All objects will be used, but not all placeholders may be filled. Objects may only be used once. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue. Mark Mark Exhibit (Network Diagram) Internet Attacker Tablet Anonymiser Switch A Firewall Drag and Drop Input Validation Router Code Review Web Server WAF URL Filtering Record Level Access Control Attack Type SQL Injection Application Source Code within Repository Switch B Cross Site Scripting XML Injection Session Hijacking Buffer Overflow CRM Server Instructions Reset Reset Done Done Next Next Database Mark Mark Exhibit (Network Diagram) Internet Attacker Tablet Anonymiser Switch A Firewall Drag and Drop Input Validation Router Code Review WAF Web Server Code Review Record Level Access Control URL Filtering Application Source Code within Repository Attack Type SQL Injection Cross Site Scripting XML Injection Session Hijacking Buffer Overflow Input Validation WAF URL Filtering Switch B Record Level Access Control CRM Server Instructions Reset Reset Done Done Database Next Next Attacker’s Tablet Company Site http://company/setup.do Request Response Please Login to access your online games Submit Query Company Site http://company/setup.do Request Response Welcome your online games. Thanks for logging in User,cookie-id,login-time Pete,123511235adf89866eaf,2012-.0-21 15:34:34 Matt,efda836a8321ff23213,2012-03-21 15:37:34 Sara,123e13afd358fa7499d, 2012-03-21 15-39:34 Mark Mark Exhibit (Network Diagram) Internet Attacker Tablet Anonymiser Switch A Firewall Drag and Drop Input Validation Router Code Review WAF Web Server Code Review URL Filtering Record Level Access Control Application Source Code within Repository Attack Type SQL Injection X Cross Site Scripting XML Injection Session Hijacking Buffer Overflow Input Validation WAF URL Filtering Switch B Record Level Access Control CRM Server Instructions Reset Reset Done Done Database Next Next Simulation #2 192.168.1.10 192.168.1.20 192.168.1.30 192.168.1.30 Active Directory SECRET 192.168.1.20 WPA2-EAP-PEAP-MSCHAPv2 CORPGUEST guest01 guestpass WPA2-ENTERPRISE Simulation #3 Leveraging Hostname: the information ws01 supplied the Domain: below, complete comptia.org CSR TLS IPv4:for the server to setup 10.1.9.50 (https): IPv4: 10.2.10.50 •Root: Hostname: ws01 home.aspx •DNSDomain: comptia.org CNAME: homesite • IPv4: 10.1.9.50 Extensions • IPv4: 10.2.10.50 • Root: home.aspx extendedKeyUsage policyIdentifier • DNS CNAME: homesite commonName Show Question Reset All Certificate Signing Request Extension Value subjAltName INSTRUCTIONS Drag the various data points to DNS Name=homesite.comptia.org the correct locations within the CSR. Extension criteria belong in serverAuth the left-hand column and values URL – http://homesite.comptia.org/home.aspx belong in the corresponding Ws01.comptia.org row in the right-hand column. Values OCSP;URL:http://ocsp.pki.comptia.org If at any time, you would like to DNS Name=*.comptia.org bring back the initial state of the simulation, please pick the clientAuth Reset All button DONE Hostname: Domain: IPv4: IPv4: Root: DNS CNAME: ws01 comptia.org 10.1.9.50 10.2.10.50 home.aspx homesite Show Question Reset Reset All Certificate Signing Request Extension Value Extensions extendedKeyUsage policyIdentifier commonName subjAltName Values DNS Name=homesite.comptia.org serverAuth URL – http://homesite.comptia.org/home.aspx ws01.comptia.org OCSP;URL:http://ocsp.pki.comptia.org DNS Name=*.comptia.org clientAuth DONE Hostname: Domain: IPv4: IPv4: Root: DNS CNAME: ws01 comptia.org 10.1.9.50 10.2.10.50 home.aspx homesite Extensions extendedKeyUsage policyIdentifier commonName subjAltName Values Show Question Reset Reset All Certificate Signing Request Extension Value commonName DNS Name=homesite.comptia.org subjAltName DNS Name=*.comptia.org extendedKeyUsage serverAuth policyIdentifier OCSP;URL:http://ocsp.pki.comptia.org DNS Name=homesite.comptia.org serverAuth URL – http://homesite.comptia.org/home.aspx ws01.comptia.org OCSP;URL:http://ocsp.pki.comptia.org DNS Name=*.comptia.org clientAuth DONE Simulation #4 A security administrator has been tasked with implementing controls that meet management goals. Drag and drop the appropriate control used to accomplish the account management goal. Options may be used once or not at all. Control Management Goal 1 Easily differentiate between mobile devices and servers in reports 2 Enforce password complexity requirements 3 Determine if devices used by terminated employees are returned 4 Identify which employees have access to sensitive file shares Standard naming convention Permission auditing and review Group policy Group-based access control Time of day restrictions Usage auditing and review Off-boarding procedures Reset Done A security administrator has been tasked with implementing controls that meet management goals. Drag and drop the appropriate control used to accomplish the account management goal. Options may be used once or not at all. Management Goal Control 1 Easily differentiate between mobile devices and servers in reports Standard naming convention 2 Enforce password complexity requirements 3 Determine if devices used by terminated employees are returned Off-boarding procedures 4 Identify which employees have access to sensitive file shares Permission auditing and review Standard naming convention Group policy Permission auditing and review Group policy Group-based access control Time of day restrictions Usage auditing and review Off-boarding procedures Reset Done Simulation #5 A security engineer is setting up passwordless authentication for the first time. Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused https://www.tecmint.com/ssh-passwordlesslogin-using-ssh-keygen-in-5-easy-steps/ A security engineer is setting up passwordless authentication for the first time. Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused Commands scp ~/.ssh/id_rsa user@server:.ssh/authorized_keys chmod 777 ~/.ssh/authorized_keys ssh-keygen –t rsa ssh root@server chmod 644 ~/.ssh/id_rsa ssh-copy-id –i ~/.ssh/id_rsa.pub user@server ssh –i ~/.ssh/id_rsa user@server SSH Client A security engineer is setting up passwordless authentication for the first time. Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused Commands SSH Client scp ~/.ssh/id_rsa user@server:.ssh/authorized_keys ssh-keygen –t rsa chmod 777 ~/.ssh/authorized_keys ssh-copy-id –i ~/.ssh/id_rsa.pub user@server ssh-keygen –t rsa ssh –i ~/.ssh/id_rsa user@server ssh root@server chmod 644 ~/.ssh/id_rsa ssh-copy-id –i ~/.ssh/id_rsa.pub user@server ssh –i ~/.ssh/id_rsa user@server Simulation #6 INSTRUCTIONS Click on each firewall to do the following: 1. Deny cleartext web traffic. 2. Ensure secure management protocols are used. 3. Resolve issues at the DR site. The ruleset order cannot be modified due to outside constraints. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button Datacenter Router 10.0.0.254/24 Firewall 1 Web Server 10.0.0.1/24 Firewall 2 Email Server 10.0.1.1/24 Internet DR Router 192.168.0.254/24 Firewall 3 Web Server 192.168.0.1/24 Firewall 1 Rule Name Source Destination Service Action DNS Rule 10.0.0.1/24 ANY DNS Permit HTTPS Outbound 10.0.0.1/24 ANY HTTPS Permit Management ANY 10.0.0.1/24 SSH Permit HTTPS Inbound ANY 10.0.0.1/24 HTTPS Permit HTTP Inbound ANY 10.0.0.1/24 HTTP Deny Reset Answer Reset Answer Reset Answer Firewall 2 Rule Name Source Destination Service Action DNS Rule 10.0.1.1/24 ANY DNS Permit HTTPS Outbound 10.0.1.1/24 ANY HTTPS Permit Management ANY 10.0.1.1/24 SSH Permit HTTPS Inbound ANY 10.0.1.1/24 HTTPS Permit HTTP Inbound ANY 10.0.1.1/24 HTTP Deny Reset Answer Reset Answer Reset Answer Firewall 3 Rule Name Source Destination Service Action DNS Rule 192.168.0.1/24 ANY DNS Permit HTTPS Outbound 192.168.0.1/24 ANY HTTPS Permit Management ANY 192.168.0.1/24 SSH Permit HTTPS Inbound ANY 192.168.0.1/24 HTTPS Permit HTTP Inbound ANY 192.168.0.1/24 HTTP Deny Reset Answer Reset Answer Reset Answer Simulation #7 TEST QUESTION Attack Description Select the appropriate attack and remediation from each drop-down list to label the corresponding attackSYN with its An attacker sends multiple packets from remediation multiple sources The attack establishes a connection, which allows remote commands to be executed INSTRUCTIONS: The attack is self-propagating and compromises a SQL database well-known credentials as Not all attacks andusing remediation actions will it used. moves through the network be Target Web Server User Database Server attacker useswould hardware remotely IfThe at any time you like toto bring back monitor Executive a user’s activity to harvestplease credentials the initial input state of the simulation, click the Reset All button. The attacker embeds hidden access in an Application internally developed application that bypasses account login Attack Identified BEST Preventative or Remediation Action Attack Description Target An attacker sends multiple SYN packets from multiple sources Web Server The attack establishes a connection, which allows remote commands to be executed User The attack is self-propagating and compromises a SQL database using well-known credentials as it moves through the network Database Server The attacker uses hardware to remotely monitor Executive a user’s input activity to harvest credentials The attacker embeds hidden access in an internally developed application that bypasses account login Application Attack Identified BEST Preventative or Remediation Action Attack Identified Botnet RAT Logic Bomb Backdoor Virus Spyware Worm Adware Ransomware Keylogger Phishing BEST Preventative or Remediation Action Enable DDoS protection Patch vulnerable systems Implement a proxy with sandboxing Disable vulnerable services Change the default system password Update the cryptographic algorithm Change the default application password Implement 2FA using push notification Conduct a code review Implement application fuzzing Implement host-based IDS Disable remote access services Attack Description Target An attacker sends multiple SYN packets from multiple Web Server sources The attack establishes a connection, which allows remote commands to be executed User The attack is self-propagating and compromises a SQL database using well-known credentials as it moves through the network Database Server The attacker uses hardware to remotely monitor a user’s input activity to harvest credentials Executive The attacker embeds hidden access in an internally developed application that bypasses account login Application Attack Identified BEST Preventative or Remediation Action Botnet Enable DDoS protection RAT Implement a hostbased IPS Worm Change the default application password Keylogger Implement 2FA using push notification Backdoor Conduct a code review Simulation #8 Which secure Protocol should be used for these tasks? Drag and drop each keyword next to its defintion Simulation #9 Provide the appropriate multifactor characteristic for each description. Drag and drop each keyword next to its defintion Simulation #10 Match the technology Drag and drop each keyword next to its defintion