Assessment Task 4: Lab Project 2 – Securing the file system. Course code and name ICT40118 Certificate IV in Information Technology Unit code and name ICTSAS418 Monitor and administer security of an...

This is certificate IV information technology which requires screen shot inserrted as requested and report of 1200 plus questions and answers please do it in a nice way


Assessment Task 4: Lab Project 2 – Securing the file system. Course code and name ICT40118 Certificate IV in Information Technology Unit code and name ICTSAS418 Monitor and administer security of an ICT system Due date ….. / ….. / ……Week (Students have 2 weeks to complete this task) Resources required · Learner resource ICTSAS418 · MCSA Windows Server 2016 Complete Study Guide · Access to computer and internet · Virtual Box – computer program can be accessed via Melbourne Polytechnic LMS unit folder ICTSAS418 · Pre-built domain (Server 216) · Stand alone client (Windows 10) (Or a previously built domain) Decision making rules All Questions must be answered correctly to be deemed satisfactory. Instructions to be provided to learners Common Instructions · This assessment is a practical lab and knowledge questions · You will be using the template to complete the assessments and insert the screen shots. · It is to be completed in the learner’s own time · The learners have two weeks to complete this task. · This assessment is an individual open book task · Ensure you have recorded the due date · Ensure you have documented the due date · At this time any learner who require reasonable adjustments can discuss it with the assessor. It is important to ensure the integrity of the assessment is maintained and the intent is not compromised (e.g. extension of time, oral questions and answers etc.). · All questions must be answered satisfactorily · The Learner must agree (via an ‘I confirm’ radio button) with the assessment submission terms and condition in Melbourne Polytechnic LMS prior to the submission. Assessor’s instructions Common Instructions · This assessment is a practical lab and knowledge questions · You will be using the template to complete the assessments and insert the screen shots. · It is to be completed in the learner’s own time · The learners have two weeks to complete this task. · This assessment is an individual open book task · Ensure you have recorded the due date · Ensure you have documented the due date · At this time any learner who require reasonable adjustments can discuss it with the assessor. It is important to ensure the integrity of the assessment is maintained and the intent is not compromised (e.g. extension of time, oral questions and answers etc.). · All questions must be answered satisfactorily The Learner must agree (via an ‘I confirm’ radio button) with the assessment submission terms and condition in Melbourne Polytechnic LMS prior to the submission. Questions & Answers Scenario In this assessment, you are working as a systems technician. Your manager asked you to set up a network operating system for their new business. You need to perform following tasks in virtual environment. You need to create 2 Virtual machines (1 Client CL1 and a Server DC1). (You will be supplied the pre built virtual box images by the instructor or you will have already created the structure in another class). You will need to administer a domain structure on the domain controller controller on the DC1. You will need to create and second user named Jeremy Barton. Jeremy Bartons account datails are, · Full Name: Jeremy barton · Logon Name: jbarton · Password should be changed upon the next logon for Jeremy Barton · Allocate Mork Simmonds with the standard password of P@$$w0rd You will also need to create a global group in Sales Users Organizational Unit and add Jeremy Barton to the group You will need to create a file and folder structure allowing inheritance only when needed. You will need to set up Bit locker drive encryption for all computers that are public facing. You will need to set up a Domain monitoring system to monitor security threats from within and from outside of the system. You will also be required to follow the company’s security policy for computers which is. · Passwords must be at least 9 characters long and contain uppercase, lowercase and symbols. · Passwords must be changed every two months. · There must be a minimum of 24 passwords remembered. · There must be a minimum password age of 1 day. · Users are only to login to the domain between the hours of 9am and 9pm. · Users accounts are to be locked out or disabled while on holidays. · Selected folders are to be audited for access to view who and when they are accessed. · A logon message is to be set to warn users of the access they have and to warn of authorised use only. · All computers must be in an Organizational unit made for the computers and not in the default Computers Orbitational unit. · All public computers must have bit locker drive encryption enabled · All bit locker recovery keys are to be stored on a shared folder on the server DC1 called Bit locker recovery key You need to perform following tasks and attach screenshots as suggested. Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security. 1 On Server’s C: drive create three folders Secure1, Secure2 and Secure3. Have Secure2 inside Secure1 and Secure3 inside Secure2. Answer Satisfactory Unsatisfactory · · 2 Share Secure1 folder to Authenticated users with Full Control permission. Take a screenshot of the Share permissions of Secure 1 Answer Satisfactory Unsatisfactory Share permissions of secure 1 · · 3 You are to perform the following on DC1 - Server: · Disable inheritance of NTFS permissions on Secure1 by removing all inherited permissions. (Do not remove the Inherited permissions just the Convert to explicit.) · In Active Directory.Create a user called Jeremy Barton for testing · Only leave the following groups in the NTFS permissions for Secure1: And add Jeremy Barton · System to have Full Control Permissions. · Administrator to have Full Control Permissions. · Jeremy to have only Read, Read & Execute and List Folder Contents permissions. Take a screenshot of the User Jeremy barton being created in Active Directory Take a Screenshot of NTFS permissions being disabled and the correct users being deleted. Take a screenshot of the NTFS permissions for folder 1 Answer Satisfactory Unsatisfactory User being created · · Disable NTFS permissions for folder 1 · · NTFS permissions for folder 1 · · 4 On DC1, create a Global group account called DOMLOGGERS. Take a screenshot of the global group DOMLOGGERS Answer Satisfactory Unsatisfactory Global group · · 5 On DC1, make Jeremy a member of the DOMLOGGERS group Take a screenshot of the user Jeremy Barton being added to the domloggers group Take a screenshot of the User Jeremy Barton being added to the Domloggers group Answer Satisfactory Unsatisfactory · · Add user to domloggers group · · 6 Disable inheritance and convert the NTFS permissions to explicit on this folder. Remove Jeremy Barton from the permissions. Allow the DOMLOGGERS group the NTFS permission to write to the Secure2 folder. Take a screenshot of the Permission inheritance converted. Take a screenshot of the NTFS permissions tab to prove Jeremy has been removed and Domloggers added. Answer Satisfactory Unsatisfactory Permission inheritance converted · · prove Jeremy has been removed and Domloggers added. · · 7 Allow DOMLOGGERS group the NTFS permission to Modify to the Secure3 folder. Take a screenshot of the NTFS permissions tab to prove Domloggers has modify permissions. Answer Satisfactory Unsatisfactory Domloggers has modify permissions. · · 8 Login as Jeremy on Client-PC and go to shared folder “Secure1” on your server. \\name of server\secure1 Take a screenshot of the secure1 folder Answer Satisfactory Unsatisfactory secure1 folder · · 9 On Client-PC, verify that Jeremy cannot create any files or subfolders within Secure1. Take a screenshot of the error message in secure 1 Answer Satisfactory Unsatisfactory error message in secure 1 · · 10 On Client-PC, perform the following in the Secure2 folder: · Login as Jeremy · Create a text file without renaming it. · Attempt to rename the text file. · Attempt to delete the text file. Take a screenshot of the rename error message in secure 2 Take a screenshot of the delete error message in secure 2 Answer Satisfactory Unsatisfactory rename error message in secure 2 · · delete error message in secure 2 · · 11 On Client-PC, attempt to create, rename and delete the folder in the Secure3 folder as Jeremy. Demonstrate to your teacher. Take a screenshot of the Created folder Take a screenshot of the renamed folder Take a screenshot of the deleted folder Answer Satisfactory Unsatisfactory Created folder · · renamed folder · · deleted folder · · 12 What is the effective special permissions for Jeremy for the following folders? · Secure1 · Secure2 · Secure3 Take a screenshot of the effective access of Secure 1 Take a screenshot of the effective access of Secure 2 Take a screenshot of the effective access of Secure 3 Answer Satisfactory Unsatisfactory effective access of Secure 1 · · effective access of Secure 2 · · effective access of Secure 3 · · 13 Perform the following on Client-PC: · Login as Jeremy · Create a text file called “No Access” in DC1's Secure3 folder. · Deny the administrator user Full Control NTFS permissions to the text file. Take a screenshot of the no access file in secure 3 Take a screenshot of the NTFS tab showing deny to the administrator Answer Satisfactory Unsatisfactory no access file in secure 3 · · NTFS tab showing deny to the administrator · · 14 On DC1, perform the following: · Login as administrator · Verify you can't open the text file “No Access” in the Secure3 folder. · Verify that you can't read the NTFS permissions. Take a screenshot of the Access is denied error message Answer Satisfactory Unsatisfactory Access is denied error message · · 15 On DC1, attempt to take ownership of the file called “No Access”. Take a screenshot of the current owner of the file Take a screenshot of the Administrator as the owner of the file Answer Satisfactory Unsatisfactory current owner of the file · · Administrator as the owner of the file · · 16 On DC1, have the administrator remove the deny permissions set upon that user account by Jeremy. Take a screenshot of the deny permissions removed Answer Satisfactory Unsatisfactory deny permissions removed · · 17 On DC1, verify that you can open the text file “No Access” to demonstrate that the owner is the administrator user. Take a screenshot of the opend file no access on the DC1 server Answer Satisfactory Unsatisfactory file no access on the DC1 server · · 18 On DC1,