Simulations
SY0-601
10-23-2022
Simulation #1
Network Security
An attack has occurred against a company. You have been tasked to do the following:
1. Identify the type of attack that is occurring on the network by clicking on the
attacker’s Tablet and reviewing the output.
2. Identify which compensating controls should be implemented on the assets, in order
to reduce the effectiveness of future attacks by dragging them to the correct server.
Instructions: All objects will be used, but not all placeholders may be filled. Objects may
only be used once. If at any time you would like to bring back the initial state of the
simulation, please select the Reset button.
When you have completed the simulation, please select the Done button to submit. Once
the simulation is submitted, please select the Next button to continue.
Mark
Mark
Exhibit (Network Diagram)
Internet
Attacker
Tablet
Anonymiser
Switch A
Firewall
Drag and Drop
Input
Validation
Router
Code Review
Web Server
WAF
URL Filtering
Record Level
Access Control
Attack Type
SQL Injection
Application
Source Code
within Repository
Switch B
Cross Site
Scripting
XML Injection
Session
Hijacking
Buffer
Overflow
CRM Server
Instructions
Reset
Reset
Done
Done
Next
Next
Database
Mark
Mark
Exhibit (Network Diagram)
Internet
Attacker
Tablet
Anonymiser
Switch A
Firewall
Drag and Drop
Input
Validation
Router
Code Review
WAF
Web Server
Code Review
Record Level
Access Control
URL Filtering
Application
Source Code
within Repository
Attack Type
SQL Injection
Cross Site
Scripting
XML Injection
Session
Hijacking
Buffer
Overflow
Input
Validation
WAF
URL Filtering
Switch B
Record Level
Access Control
CRM Server
Instructions
Reset
Reset
Done
Done
Database
Next
Next
Attacker’s Tablet
Company Site
http://company/setup.do
Request Response
Please Login to access your online games
Submit Query
Company Site
http://company/setup.do
Request Response
Welcome your online games. Thanks for logging in
User,cookie-id,login-time
Pete,123511235adf89866eaf,2012-.0-21 15:34:34
Matt,efda836a8321ff23213,2012-03-21 15:37:34
Sara,123e13afd358fa7499d, 2012-03-21 15-39:34
Mark
Mark
Exhibit (Network Diagram)
Internet
Attacker
Tablet
Anonymiser
Switch A
Firewall
Drag and Drop
Input
Validation
Router
Code Review
WAF
Web Server
Code Review
URL Filtering
Record Level
Access Control
Application
Source Code
within Repository
Attack Type
SQL Injection
X
Cross Site
Scripting
XML Injection
Session
Hijacking
Buffer
Overflow
Input
Validation
WAF
URL Filtering
Switch B
Record Level
Access Control
CRM Server
Instructions
Reset
Reset
Done
Done
Database
Next
Next
Simulation #2
192.168.1.10
192.168.1.20
192.168.1.30
192.168.1.30
Active Directory
SECRET
192.168.1.20
WPA2-EAP-PEAP-MSCHAPv2
CORPGUEST
guest01
guestpass
WPA2-ENTERPRISE
Simulation #3
Leveraging
Hostname: the information
ws01
supplied
the
Domain: below, complete
comptia.org
CSR
TLS
IPv4:for the server to setup
10.1.9.50
(https):
IPv4:
10.2.10.50
•Root:
Hostname:
ws01
home.aspx
•DNSDomain:
comptia.org
CNAME:
homesite
• IPv4:
10.1.9.50
Extensions
• IPv4:
10.2.10.50
• Root:
home.aspx
extendedKeyUsage
policyIdentifier
• DNS CNAME: homesite
commonName
Show Question
Reset All
Certificate Signing Request
Extension
Value
subjAltName
INSTRUCTIONS
Drag the various data points to
DNS Name=homesite.comptia.org
the correct
locations within the
CSR. Extension criteria
belong in
serverAuth
the left-hand column and values
URL – http://homesite.comptia.org/home.aspx
belong in the corresponding
Ws01.comptia.org
row in the right-hand
column.
Values
OCSP;URL:http://ocsp.pki.comptia.org
If at any time, you would like to
DNS
Name=*.comptia.org
bring back
the
initial state of
the simulation, please
pick the
clientAuth
Reset All button
DONE
Hostname:
Domain:
IPv4:
IPv4:
Root:
DNS CNAME:
ws01
comptia.org
10.1.9.50
10.2.10.50
home.aspx
homesite
Show Question
Reset
Reset
All
Certificate Signing Request
Extension
Value
Extensions
extendedKeyUsage
policyIdentifier
commonName
subjAltName
Values
DNS Name=homesite.comptia.org
serverAuth
URL – http://homesite.comptia.org/home.aspx
ws01.comptia.org
OCSP;URL:http://ocsp.pki.comptia.org
DNS Name=*.comptia.org
clientAuth
DONE
Hostname:
Domain:
IPv4:
IPv4:
Root:
DNS CNAME:
ws01
comptia.org
10.1.9.50
10.2.10.50
home.aspx
homesite
Extensions
extendedKeyUsage
policyIdentifier
commonName
subjAltName
Values
Show Question
Reset
Reset
All
Certificate Signing Request
Extension
Value
commonName
DNS Name=homesite.comptia.org
subjAltName
DNS Name=*.comptia.org
extendedKeyUsage
serverAuth
policyIdentifier
OCSP;URL:http://ocsp.pki.comptia.org
DNS Name=homesite.comptia.org
serverAuth
URL – http://homesite.comptia.org/home.aspx
ws01.comptia.org
OCSP;URL:http://ocsp.pki.comptia.org
DNS Name=*.comptia.org
clientAuth
DONE
Simulation #4
A security administrator has been tasked with implementing controls that meet management
goals. Drag and drop the appropriate control used to accomplish the account management
goal. Options may be used once or not at all.
Control
Management Goal
1
Easily differentiate between mobile devices and servers in reports
2
Enforce password complexity requirements
3
Determine if devices used by terminated employees are returned
4
Identify which employees have access to sensitive file shares
Standard naming
convention
Permission auditing
and review
Group policy
Group-based
access control
Time of day
restrictions
Usage auditing
and review
Off-boarding
procedures
Reset
Done
A security administrator has been tasked with implementing controls that meet management
goals. Drag and drop the appropriate control used to accomplish the account management
goal. Options may be used once or not at all.
Management Goal
Control
1
Easily differentiate between mobile devices and servers in reports
Standard naming convention
2
Enforce password complexity requirements
3
Determine if devices used by terminated employees are returned
Off-boarding procedures
4
Identify which employees have access to sensitive file shares
Permission auditing and
review
Standard naming
convention
Group policy
Permission auditing
and review
Group policy
Group-based
access control
Time of day
restrictions
Usage auditing
and review
Off-boarding
procedures
Reset
Done
Simulation #5
A security engineer is setting up passwordless
authentication for the first time.
Use the minimum set of commands to set this up
and verify that it works.
Commands cannot be reused
https://www.tecmint.com/ssh-passwordlesslogin-using-ssh-keygen-in-5-easy-steps/
A security engineer is setting up passwordless authentication for the first time.
Use the minimum set of commands to set this up and verify that it works.
Commands cannot be reused
Commands
scp ~/.ssh/id_rsa user@server:.ssh/authorized_keys
chmod 777 ~/.ssh/authorized_keys
ssh-keygen –t rsa
ssh root@server
chmod 644 ~/.ssh/id_rsa
ssh-copy-id –i ~/.ssh/id_rsa.pub user@server
ssh –i ~/.ssh/id_rsa user@server
SSH Client
A security engineer is setting up passwordless authentication for the first time.
Use the minimum set of commands to set this up and verify that it works.
Commands cannot be reused
Commands
SSH Client
scp ~/.ssh/id_rsa user@server:.ssh/authorized_keys
ssh-keygen –t rsa
chmod 777 ~/.ssh/authorized_keys
ssh-copy-id –i ~/.ssh/id_rsa.pub user@server
ssh-keygen –t rsa
ssh –i ~/.ssh/id_rsa user@server
ssh root@server
chmod 644 ~/.ssh/id_rsa
ssh-copy-id –i ~/.ssh/id_rsa.pub user@server
ssh –i ~/.ssh/id_rsa user@server
Simulation #6
INSTRUCTIONS
Click on each firewall to do the following:
1. Deny cleartext web traffic.
2. Ensure secure management protocols are used.
3. Resolve issues at the DR site.
The ruleset order cannot be modified due to outside
constraints.
If at any time you would like to bring back the initial state of
the simulation, please click the Reset All button
Datacenter Router
10.0.0.254/24
Firewall 1
Web Server
10.0.0.1/24
Firewall 2
Email Server
10.0.1.1/24
Internet
DR Router
192.168.0.254/24
Firewall 3
Web Server
192.168.0.1/24
Firewall 1
Rule Name
Source
Destination
Service
Action
DNS Rule
10.0.0.1/24
ANY
DNS
Permit
HTTPS Outbound
10.0.0.1/24
ANY
HTTPS
Permit
Management
ANY
10.0.0.1/24
SSH
Permit
HTTPS Inbound
ANY
10.0.0.1/24
HTTPS
Permit
HTTP Inbound
ANY
10.0.0.1/24
HTTP
Deny
Reset Answer
Reset Answer
Reset Answer
Firewall 2
Rule Name
Source
Destination
Service
Action
DNS Rule
10.0.1.1/24
ANY
DNS
Permit
HTTPS Outbound
10.0.1.1/24
ANY
HTTPS
Permit
Management
ANY
10.0.1.1/24
SSH
Permit
HTTPS Inbound
ANY
10.0.1.1/24
HTTPS
Permit
HTTP Inbound
ANY
10.0.1.1/24
HTTP
Deny
Reset Answer
Reset Answer
Reset Answer
Firewall 3
Rule Name
Source
Destination
Service
Action
DNS Rule
192.168.0.1/24
ANY
DNS
Permit
HTTPS Outbound
192.168.0.1/24
ANY
HTTPS
Permit
Management
ANY
192.168.0.1/24
SSH
Permit
HTTPS Inbound
ANY
192.168.0.1/24
HTTPS
Permit
HTTP Inbound
ANY
192.168.0.1/24
HTTP
Deny
Reset Answer
Reset Answer
Reset Answer
Simulation #7
TEST QUESTION
Attack Description
Select the appropriate attack and
remediation from each drop-down list to
label
the corresponding
attackSYN
with
its
An attacker
sends multiple
packets
from
remediation
multiple sources
The attack establishes a connection, which
allows remote commands to be executed
INSTRUCTIONS:
The attack is self-propagating and compromises
a SQL
database
well-known
credentials
as
Not
all attacks
andusing
remediation
actions
will
it used.
moves through the network
be
Target
Web Server
User
Database
Server
attacker
useswould
hardware
remotely
IfThe
at any
time you
like toto
bring
back monitor Executive
a user’s
activity
to harvestplease
credentials
the
initial input
state of
the simulation,
click
the Reset All button.
The attacker embeds hidden access in an
Application
internally developed application that bypasses
account login
Attack Identified
BEST Preventative or
Remediation Action
Attack Description
Target
An attacker sends multiple SYN packets from
multiple sources
Web Server
The attack establishes a connection, which
allows remote commands to be executed
User
The attack is self-propagating and compromises
a SQL database using well-known credentials as
it moves through the network
Database
Server
The attacker uses hardware to remotely monitor Executive
a user’s input activity to harvest credentials
The attacker embeds hidden access in an
internally developed application that bypasses
account login
Application
Attack Identified
BEST Preventative or
Remediation Action
Attack Identified
Botnet
RAT
Logic Bomb
Backdoor
Virus
Spyware
Worm
Adware
Ransomware
Keylogger
Phishing
BEST Preventative or Remediation Action
Enable DDoS protection
Patch vulnerable systems
Implement a proxy with sandboxing
Disable vulnerable services
Change the default system password
Update the cryptographic algorithm
Change the default application password
Implement 2FA using push notification
Conduct a code review
Implement application fuzzing
Implement host-based IDS
Disable remote access services
Attack Description
Target
An attacker sends multiple SYN packets from multiple Web Server
sources
The attack establishes a connection, which allows
remote commands to be executed
User
The attack is self-propagating and compromises a
SQL database using well-known credentials as it
moves through the network
Database
Server
The attacker uses hardware to remotely monitor a
user’s input activity to harvest credentials
Executive
The attacker embeds hidden access in an internally
developed application that bypasses account login
Application
Attack
Identified
BEST Preventative or
Remediation Action
Botnet
Enable DDoS
protection
RAT
Implement a hostbased IPS
Worm
Change the default
application password
Keylogger
Implement 2FA using
push notification
Backdoor
Conduct a code
review
Simulation #8
Which secure Protocol should be
used for these tasks?
Drag and drop each keyword next
to its defintion
Simulation #9
Provide the appropriate multifactor characteristic for each
description.
Drag and drop each keyword next
to its defintion
Simulation #10
Match the technology
Drag and drop each keyword next
to its defintion