TestOut Ethical Hacker Pro Final Review (Labs)
Complete this lab as follows:
Add a file exclusion as follows: In the search field on the
taskbar, enter Windows Defender. Under Best match, select
Windows Defender Security Center. Maximize the window for
easier viewing. Select Virus & threat protection. Select Virus &
threat protection settings. Under Exclusions, select Add or
remove exclusions. Select the + (plus sign) next to Add an
exclusion. From the drop-down lists, select File. Under This PC,
select Data (D:). Double-click Graphics. Select cat.jpg. Select
Open.
Add a process exclusion as follows: Select the + (plus sign) next
to Add an exclusion. From the drop-down lists, select Process.
In the Enter process name field, enter welcome.scr for the
process name. Select Add.
Update protection definitions as follows: In the left menu, select
the shield icon. Select Protection updates. Select Check for
updates.
Perform a quick scan as follows: In the left menu, sel Correct
Answers 9.2.8 You recognize that the threat of malware is
increasing and have implemented Windows Defender on the
office computers.
In this lab, your task is to configure Windows Defender as
follows:
Add a file exclusion for D:\Graphics\cat.jpg.
Add a process exclusion for welcome.scr.
Update protection definitions before performing the scan.
Perform a quick scan.
Complete this lab as follows:
,Begin a Wireshark capture as follows: From the Favorites bar,
open Wireshark. Under Capture, select enp2s0. Select the blue
fin to begin a Wireshark capture.
Apply the net 192.168.0.0 filter as follows: In the Apply a
display filter field, type net 192.168.0.0 and press Enter.Look at
the source and destination addresses of the filtered packets. In
the top right, select Answer Questions. Under Lab Questions,
answer question 1.
Apply the host 192.168.0.34 filter as follows: In the Apply a
display filter field, type host 192.168.0.34 and press Enter.Look
at the source and destination addresses of the filtered packets.
Under Lab Questions, answer question 2.
Apply the tcp contains password filter as follows: In the Apply a
display filter field, type tcp contains password and press Enter.
Select the red box to stop the Wireshark capture. Locate the
password in the captured packet. Under Lab Q Correct Answers
10.1.11 You are the IT administrator for a small corporate
network. You need to find specific information about the
packets being exchanged on your network using Wireshark.
In this lab, your task is to:
Use Wireshark to capture packets from the enp2s0 interface.
Use the following Wireshark filters to isolate and examine
specific types of packets: net 192.168.0.0 host 192.168.0.34 tcp
contains password
Answer the questions.
Complete this lab as follows:
Enable IPS as follows: In the Security Appliance Configuration
utility, select IPS. Under IPS Enable, select Enable IPS
Protection for LAN. Select Enable IPS Protection for DMZ.
Select Apply.
,Update the IPS signature as follows: Under Manual Signature
Updates, select Browse. Browse to and select C:\Signatures\
SBIPS000018.bin. Select Open. Select Upload. Refresh the page
to update the IPS Signatures status. Select Automatically Update
Signatures. In the Cisco.com User Name field, enter
mary.r.brown. In the Password field, enter Upd@teN0w (0 is a
zero). Select Apply.
Configure IPS policies as follows: In the left menu, select IPS
Policy. For each IPS Category, select Detect and Prevent. Select
Apply. Correct Answers 11.1.10 You are enhancing your
network's security, and you want to enable Intrusion Detection
and Prevention on the network security appliance (NSA).
In this lab, your task is to:
Enable the IPS on the LAN and DMZ interface.
Manually update the IPS signature using C:\signatures\
sbips000018.bin
Use the following credentials to configure the NSA to
automatically update the signature in the future: Username:
mary.r.brown Password: Upd@teN0w (0 is a zero)
Set the IPS policies to detect and prevent all known threats.
Complete this lab as follows:
Encrypt the user data into the file to be shared as follows: In the
search field on the taskbar, type OpenStego. Under Best match,
select OpenStego. In the Message File field, select the ellipses at
the end of the field. Select John.txt. Select Open. In the Cover
File field, select the ellipses at the end of the field. Select
gear.png file. Select Open. In the Output Stego File field, select
the ellipses at the end of the field. In the File name field, enter
send.png. Select Open.
, Password protect the file as follows: In the Password field, enter
NoMor3L3@ks! In the Confirm Password field, enter
NoMor3L3@ks! Select Hide Data. Select OK.
Extract the data and open the file as follows: Under Data Hiding,
select Extract Data. In the Input Stego File field, select the
ellipses. Select send.png file with the encryption. Select Open.
In the Output Folder for Message File field, select the ellip
Correct Answers 8.4.11 You are the IT security administrator
for a small corporate network. Recently, some of your firm's
proprietary data leaked online. You have been asked to use
steganography to encrypt data into a file that will be shared with
a business partner. The data will allow you to track the source if
the information is leaked again.
In this lab, your task is to use OpenStego to hide data inside a
picture file as follows:
Encrypt the user data found in John.txt into gear.png.
Save the output file into the Documents folder as send.png.
Password protect the file with NoMor3L3@ks! as the password.
Confirm the functionality of the steganography by extracting the
data from send.png into the Exports folder and opening the file
to view the hidden user data.
Complete this lab as follows:
Find the IP address and MAC address as follows: Right-click
Start and select Windows PowerShell (Admin). At the command
prompt, type ipconfig /all and press Enter. Find the MAC
address and the IP address.
Spoof the MAC address as follows: From the top navigation
tabs, select Floor 1 Overview. Under IT Administration, select
ITAdmin. In the search bar, type SMAC. Under Best match,
right-click SMAC and select Run as administrator. In the New
Complete this lab as follows:
Add a file exclusion as follows: In the search field on the
taskbar, enter Windows Defender. Under Best match, select
Windows Defender Security Center. Maximize the window for
easier viewing. Select Virus & threat protection. Select Virus &
threat protection settings. Under Exclusions, select Add or
remove exclusions. Select the + (plus sign) next to Add an
exclusion. From the drop-down lists, select File. Under This PC,
select Data (D:). Double-click Graphics. Select cat.jpg. Select
Open.
Add a process exclusion as follows: Select the + (plus sign) next
to Add an exclusion. From the drop-down lists, select Process.
In the Enter process name field, enter welcome.scr for the
process name. Select Add.
Update protection definitions as follows: In the left menu, select
the shield icon. Select Protection updates. Select Check for
updates.
Perform a quick scan as follows: In the left menu, sel Correct
Answers 9.2.8 You recognize that the threat of malware is
increasing and have implemented Windows Defender on the
office computers.
In this lab, your task is to configure Windows Defender as
follows:
Add a file exclusion for D:\Graphics\cat.jpg.
Add a process exclusion for welcome.scr.
Update protection definitions before performing the scan.
Perform a quick scan.
Complete this lab as follows:
,Begin a Wireshark capture as follows: From the Favorites bar,
open Wireshark. Under Capture, select enp2s0. Select the blue
fin to begin a Wireshark capture.
Apply the net 192.168.0.0 filter as follows: In the Apply a
display filter field, type net 192.168.0.0 and press Enter.Look at
the source and destination addresses of the filtered packets. In
the top right, select Answer Questions. Under Lab Questions,
answer question 1.
Apply the host 192.168.0.34 filter as follows: In the Apply a
display filter field, type host 192.168.0.34 and press Enter.Look
at the source and destination addresses of the filtered packets.
Under Lab Questions, answer question 2.
Apply the tcp contains password filter as follows: In the Apply a
display filter field, type tcp contains password and press Enter.
Select the red box to stop the Wireshark capture. Locate the
password in the captured packet. Under Lab Q Correct Answers
10.1.11 You are the IT administrator for a small corporate
network. You need to find specific information about the
packets being exchanged on your network using Wireshark.
In this lab, your task is to:
Use Wireshark to capture packets from the enp2s0 interface.
Use the following Wireshark filters to isolate and examine
specific types of packets: net 192.168.0.0 host 192.168.0.34 tcp
contains password
Answer the questions.
Complete this lab as follows:
Enable IPS as follows: In the Security Appliance Configuration
utility, select IPS. Under IPS Enable, select Enable IPS
Protection for LAN. Select Enable IPS Protection for DMZ.
Select Apply.
,Update the IPS signature as follows: Under Manual Signature
Updates, select Browse. Browse to and select C:\Signatures\
SBIPS000018.bin. Select Open. Select Upload. Refresh the page
to update the IPS Signatures status. Select Automatically Update
Signatures. In the Cisco.com User Name field, enter
mary.r.brown. In the Password field, enter Upd@teN0w (0 is a
zero). Select Apply.
Configure IPS policies as follows: In the left menu, select IPS
Policy. For each IPS Category, select Detect and Prevent. Select
Apply. Correct Answers 11.1.10 You are enhancing your
network's security, and you want to enable Intrusion Detection
and Prevention on the network security appliance (NSA).
In this lab, your task is to:
Enable the IPS on the LAN and DMZ interface.
Manually update the IPS signature using C:\signatures\
sbips000018.bin
Use the following credentials to configure the NSA to
automatically update the signature in the future: Username:
mary.r.brown Password: Upd@teN0w (0 is a zero)
Set the IPS policies to detect and prevent all known threats.
Complete this lab as follows:
Encrypt the user data into the file to be shared as follows: In the
search field on the taskbar, type OpenStego. Under Best match,
select OpenStego. In the Message File field, select the ellipses at
the end of the field. Select John.txt. Select Open. In the Cover
File field, select the ellipses at the end of the field. Select
gear.png file. Select Open. In the Output Stego File field, select
the ellipses at the end of the field. In the File name field, enter
send.png. Select Open.
, Password protect the file as follows: In the Password field, enter
NoMor3L3@ks! In the Confirm Password field, enter
NoMor3L3@ks! Select Hide Data. Select OK.
Extract the data and open the file as follows: Under Data Hiding,
select Extract Data. In the Input Stego File field, select the
ellipses. Select send.png file with the encryption. Select Open.
In the Output Folder for Message File field, select the ellip
Correct Answers 8.4.11 You are the IT security administrator
for a small corporate network. Recently, some of your firm's
proprietary data leaked online. You have been asked to use
steganography to encrypt data into a file that will be shared with
a business partner. The data will allow you to track the source if
the information is leaked again.
In this lab, your task is to use OpenStego to hide data inside a
picture file as follows:
Encrypt the user data found in John.txt into gear.png.
Save the output file into the Documents folder as send.png.
Password protect the file with NoMor3L3@ks! as the password.
Confirm the functionality of the steganography by extracting the
data from send.png into the Exports folder and opening the file
to view the hidden user data.
Complete this lab as follows:
Find the IP address and MAC address as follows: Right-click
Start and select Windows PowerShell (Admin). At the command
prompt, type ipconfig /all and press Enter. Find the MAC
address and the IP address.
Spoof the MAC address as follows: From the top navigation
tabs, select Floor 1 Overview. Under IT Administration, select
ITAdmin. In the search bar, type SMAC. Under Best match,
right-click SMAC and select Run as administrator. In the New
