View: 626|Reply: 0

HCIE- security LAB pass

[Copy link]

1

Threads

1

Posts

5

Credits

L1-Private

Rank: 1

Credits
5
Post time 8-11-2022 18:43:32 | Show all posts |Read mode
Lab Problem: Lab-A mixed with B, just three hours to finish writing, all the phenomena come out.
(1) Build two virtual walls on FW3

(2) Configure VRRP on FW1 only 10.1.5.254/24, ip-link monitors E0/0/1 (that is, 10.1.40.11), and binds to HRP on FW1. NAT at headquarters is implemented on R1R2, and FW3 does not test NAT Server.

2,
(1) ipsec at the headquarters needs to perform NAT traversal. sa trigger-mode auto is configured. The IPSec policy permits UDP-500 and 4500. The test can be switched between active and standby, and 3 to 4 packets are lost during the switch.

(2) Configure SSLVPN on FW3. You need to configure the IP address of virtual-if 0 (10.1.123.23 is configured for me). WEB access is not required. Configure two policies under the root wall to allow access to SSLVPN (untrust- >local). Access policy from 10.1.24.0/24 to 10.1.22.104 for untrust<-- >trust). Configure a permit policy (untrust<-- >trust, virtual-if 0 access policy for 10.1.22.104) on vfw2.

3, content security test anti-virus, content filtering, URL filtering, IPS.

(1) The anti-virus configuration may not be cleared before, and the push page can see Chinese, which is exactly the same as the title requirements. If I modify the push content by myself, it will become garbled. Finally, I use the original push configuration, it is not clear whether there will be a penalty here

(2) Content filtering On vfw1 of FW3, the password and account are checked, and the action is block. The configuration does not take effect immediately. You need to wait for about 10 minutes for the configuration to take effect.

(3) URL filtering to *.bt.com, p2p, gambling and betting

(4) The IPS matches SQL injection attacks, and the handling action is an alarm. The configuration does not take effect immediately. During the PC1 test, no log is generated. The configuration takes effect only after about 10 minutes.

4. BGP needs to be configured to divert DDoS traffic, but inbound alarm policy is not checked

5. WAF full test, because FW3 did not test NAT Server, so the question asks to use PC3 to test. The configuration does not take effect immediately. PC3 will not be intercepted during the test. The configuration takes effect only after about 10 minutes. After cache acceleration and anti-tamper are configured, the signature database matching will be temporarily invalid. In this case, the attack test of PC3 will not be intercepted, and the effect takes about 10 minutes

6. FH full test, consistent with the question bank, the question will give a screenshot of FH detected virus attachment, you can refer to, here the configuration will not take effect immediately, wait for about 10 minutes

7. Only the synchronization between portal and AD domain is tested. SW3 is configured with dot1x and portal

Essay (about 2 hours and 5000 words) :

The essay questions test such as protection, IPS, DDoS mixed

1. VPN, database firewall, IPS, terminal antivirus, IAM, agile controller, Security controller, Log audit Center, situational awareness flow probe (remember all written)) i$B/ S5 A$u2 m4 Y

2. IPS is basically the same as the question bank, but some signature actions are different and have little change, so you need to read the question carefully to judge the actions (the four actions here are alarm, alarm, release, and alarm). The second question is that IPS is deployed, but wannacry still has attack behavior on the Intranet.

PS: In the second question, I added a case that the IPS has logs and the logs are blocked. In this case, the IPS is deployed in off-line mode and the received traffic is mirrored. Even if the IPS performs the interception, the service traffic cannot be affected.

3. DDoS has a slight change. The first question is from the first question of DDoS 1, which has no change. The second question is from the second question of DDoS 2, but the method of the question is different. It asks the administrator to detect TCP attacks and deploy TCP source authentication on the AntiDDoS, but the effect is not good. What is the cause? In this case, the answer of UDP Flood and HTTP Flood cannot be answered, and only the other three answers can be answered.

Reply

Use magic Report

You have to log in before you can reply Login | Register Now

Points Rules