Contoh soalan temuduga kerja untuk jawatan Jurutera Keselamatan Rangkaian (Network Security Engineer).
Sila rujuk kepada network diagram dan logs dalam rajah di bawah.
1. Kenapa PC01 boleh access website pada PC03 sedangkan PC03 tak boleh access website pada PC01?
2. Apa solusinya?
Berdasarkan jawapan anda, penemuduga bukan sahaja dapat menilai tahap pengetahuan, tetapi juga sikap (attitude) yang merupakan faktor besar yang akan menentukan keputusan temuduga tersebut.
Jadi, ambillah peluang ini untuk menjawab seperti temuduga yang sebenar.
Semoga berjaya.
Pembelajaran berterusan, membina generasi pakar IT masa hadapan, InsyaAllah.
UPDATE 11 Ogos 2017
Konfigurasi penuh tembok api Cisco ASA (abaikan default password dalam config)
*Walaupun tanpa maklumat ini, soalan di atas sebenarnya masih boleh dijawab berdasarkan maklumat sedia ada.
ciscoasa# show running-config
: Saved
:
ASA Version 8.0(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 172.16.0.2 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.0.0.2 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/5
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot config disk0:/.private/startup-config
ftp mode passive
pager lines 24
logging enable
logging timestamp
logging monitor alerts
logging buffered informational
logging trap informational
logging history informational
logging asdm informational
logging device-id ipaddress inside
no logging message 402128
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route inside 10.0.0.0 255.255.255.0 172.31.255.3 1
route inside 172.16.0.0 255.255.255.0 172.31.255.3 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:1c1ddf152e19810efbc6900b7f491c23
: end
ciscoasa#
No comments:
Post a Comment