Tuesday 8 August 2017


Contoh soalan temuduga kerja untuk jawatan Jurutera Keselamatan Rangkaian (Network Security Engineer).

Sila rujuk kepada network diagram dan logs dalam rajah di bawah.

1. Kenapa PC01 boleh access website pada PC03 sedangkan PC03 tak boleh access website pada PC01?

2. Apa solusinya?

Berdasarkan jawapan anda, penemuduga bukan sahaja dapat menilai tahap pengetahuan, tetapi juga sikap (attitude) yang merupakan faktor besar yang akan menentukan keputusan temuduga tersebut.

Jadi, ambillah peluang ini untuk menjawab seperti temuduga yang sebenar.

Semoga berjaya.

Pembelajaran berterusan, membina generasi pakar IT masa hadapan, InsyaAllah.

UPDATE 11 Ogos 2017

Konfigurasi penuh tembok api Cisco ASA (abaikan default password dalam config)
*Walaupun tanpa maklumat ini, soalan di atas sebenarnya masih boleh dijawab berdasarkan maklumat sedia ada.
ciscoasa# show running-config
: Saved
:
ASA Version 8.0(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 172.16.0.2 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.0.0.2 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/5
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot config disk0:/.private/startup-config
ftp mode passive
pager lines 24
logging enable
logging timestamp
logging monitor alerts
logging buffered informational
logging trap informational
logging history informational
logging asdm informational
logging device-id ipaddress inside
no logging message 402128
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route inside 10.0.0.0 255.255.255.0 172.31.255.3 1
route inside 172.16.0.0 255.255.255.0 172.31.255.3 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny 
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip 
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:1c1ddf152e19810efbc6900b7f491c23
: end

ciscoasa#
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)