CRS180_22334VIC-VU21995-VU21996_AT1of2_LEARNER_V2

CRS180 Revision 101 May 2018 Page 1 Assessment Task 1: Incident Response Report Student Version Section A – Program/Course details Qualification code: 22334VIC Qualification title: Certificate IV in Cyber Security Unit code: VU21995 VU21996 Unit title: Manage network infrastructure for the organisation Evaluate and test an incident response plan for an enterprise Department name: Enter CRN number Section B – Assessment task details Assessment number: 1 of 2 Semester/Year: 1 and 2/2023 Due date: Ongoing Duration of assessment: Ongoing Assessment method Assessment task results ☒ Ungraded result ☐ Other: Click here to enter text. Section C – Instructions to students Task instructions: T HIS A SSESSMENT H AS T WO P ARTS P ART A – I NCIDENT R ESPONSE R EPORT P ART B – K NOWLEDGE T ASK NOTE: I F ANY STUDENT WISHES TO WORK INDIVIDUALLY FOR P ART A, THEY MUST OBTAIN PRIOR PERMISSION FROM THE A SSESSOR AND FOLLOW THE GUIDELINES PROVIDED BY THEM . I N SUCH CASES , THE STUDENT MAY COLLABORATE WITH A FRIEND , PARTNER OR COLLEAGUE WITH THE APPROVAL OF THE ASSESSOR . P ART A: I NCIDENT R ESPONSE R EPORT T HIS I S A G ROUP T ASK . G ROUPS A RE T O B E B ETWEEN 3 – 5 M EMBERS A ND S UBMITTED T O T HE I NSTRUCTOR . E ACH M EMBER W ILL S UBMIT A C OPY O F T HE ASSESSMENT TASKS . BY UPLOADING THE COMPLETED TASK TO B RIGHTSPACE WITH THEIR ATTACHED COVER SHEET . G ROUP ’ S W ORK . Y OUR W ORK I S T O B E S UBMITTED I N R EPORT F ORMAT R EFER T O T HE S CENARIO I N S UPPORTING D OCUMENTS U NDER S ECTION F ORM Y OUR I NCIDENT R ESPONSE T EAM (I RT ) B ASED O N T HE S CENARIO E STABLISH Y OUR O WN I NCIDENT R ESPONSE T EAM (I RT ). D ETERMINE T HE P OSITIONS O F T HE I NCIDENT R ESPONSE T EAM –Y OU M AY I NCLUDE T HE F OLLOWING P OSITIONS : • I NCIDENT A NALYSTS (T IER 1) • I NCIDENT R ESPONDERS (T IER 2) – M INIMUM O F 2 P ER T EAM • I RT M ANAGER (S) • C OMMUNICATION L IAISONS (O PTIONAL ) D EVELOP A G ENERALIZED I NCIDENT R ESPONSE P LAN (IRP) B ASED O N T HE S CENARIO . E.G. D ENIAL OF S ERVICE A TTACK , M ALWARE , P HISHING E TC . T HE N UMBER O F I NCIDENTS Y OU C HOOSE I S D IRECTLY P ROPORTIONAL T O T HE N UMBER I N Y OUR G ROUP . OFFICIAL Holmesglen: PN/CAIT 7-Mar-2022 L:\CAIT\Teaching\T&L\202210\22334VIC-Re Registration pre\Registration Prep 2022\PN\VU21995-VU21996\Oncampus\CRS180_22334VIC-VU21995-VU21996_AT1of2_MASTER_ v1.1.docx

CRS180 Revision 101 May 2018 Page 2 Assessment Task 1: Incident Response Report Section C – Instructions to students Y OUR R EPORT S HOULD C ONSIST O F A LL R ELEVANT I NCIDENT R ESPONSE F ORMS . Y OU W ILL B E P ROVIDED WITH S OME OF T HE F ORMS . E ACH I NDIVIDUAL W ILL T HEN D EVELOP AN IRP B ASED O N T HE I NCIDENT A SSIGNED T O Y OU B Y T HE G ROUP . B ELOW I S A D ETAILED R EPORT S TRUCTURE D IALOGUE . Y OUR T EAMS ’ R EPORT I S R EQUIRED TO A DDRESS A LL A REAS D ETAILED I N T HE S TRUCTURE D IALOGUE B ELOW . M AKE S URE Y OU R EFERENCE A NY W ORK (I N R EFERENCES S ECTION ) T HAT Y OU U SE I N Y OUR R EPORT . 1. I NTRODUCTION 1.1 C ONTEXT 1.2 P URPOSE 1.3 A UTHORITY 1.4 R EVIEW 2. C OMMON C YBER I NCIDENTS AND R ESPONSES 2.1 P OTENTIAL T HREAT V ECTORS 3. R OLES A ND R ESPONSIBILITIES 3.1 I NCIDENT M ANAGEMENT T EAM 4. I NCIDENT R ESPONSE P ROCESS 4.1 I NCIDENT 1 S TEP 1: D ETECTION AND A NALYSIS S TEP 2: C ONTAINMENT A ND E RADICATION S TEP 3: C OMMUNICATIONS A ND E NGAGEMENT S TEP 4: R ECOVER S TEP 5: L EARN A ND I MPROVE 5. IRP S UPPORT F ORMS A PPENDIX A. S ITUATION U PDATE (T EMPLATE ) A PPENDIX B. I NCIDENT L OG (T EMPLATE ) A PPENDIX C. R ESOLUTION A CTION P LAN (T EMPLATE ) A PPENDIX D. E VIDENCE R EGISTER (T EMPLATE ) A PPENDIX E. A SSETS AND K EY C ONTACTS (T EMPLATE ) [U PDATE AS A PPROPRIATE ] A PPENDIX F. I NCIDENT C ONTACTS L IST A PPENDIX G. I NCIDENT C OMMUNICATIONS L OG A PPENDIX H. I NCIDENT R ECOVERY C HECKLIST A PPENDIX I. I NCIDENT H ANDLING C HECKLIST Y OU M UST I MPLEMENT V ERSION C ONTROL ON T HE R EPORT T O S HOW W HO H AS W ORKED O N W HICH P ARTS O F T HE P ROJECT . PART B – KNOWLEDGE TASK T HIS IS AN INDIVIDUAL TASK . A LL ANSWERS MUST BE IN YOUR OWN WORDS , YOU CAN RESEARCH INFORMATION FROM THE INTERNET , BUT YOU MUST NOT COPY AND PASTE DIRECTLY FROM INTERNET . -S OME OF THESE QUESTIONS ARE MORE TECHNICAL AND ASK LEARNERS TO DISCUSS OR EXPLAIN TECHNOLOGIES OR TERMINOLOGIES WHILE OTHER QUESTIONS ARE MORE HOLISTIC OR BIGGER PICTURE FOCUSED . -P ROVIDE A LIST OF REFERENCES YOU HAVE SOURCED IN THE R EFERENCE URL LINK SECTION -O NCE LEARNER HAS COMPLETED ALL THE QUESTIONS , THE ASSESSMENT MUST BE UPLOADED AND SUBMITTED ALONG WITH THE SIGNED ASSESSMENT COVERSHEET VIA B RIGHTSPACE . -I F A SUPPLIED ANSWER IS INCORRECT OR REQUIRES FURTHER INFORMATION , THE LEARNER WILL BE REQUESTED TO CORRECT THE ISSUES AND RESUBMIT THE WHOLE ASSESSMENT VIA B RIGHTSPACE WITHIN 7 DAYS OF RECEIVING FEEDBACK . -O NCE COMPLETED YOU MUST CONTRIBUTE TO AND ABIDE BY ORGANIZATIONAL STANDARDS INCLUDING INTELLECTUAL PROPERTY AND PRIVACY LAWS . OFFICIAL Holmesglen: PN/CAIT 7-Mar-2022 L:\CAIT\Teaching\T&L\202210\22334VIC-Re Registration pre\Registration Prep 2022\PN\VU21995-VU21996\Oncampus\CRS180_22334VIC-VU21995-VU21996_AT1of2_MASTER_ v1.1.docx

CRS180 Revision 101 May 2018 Page 4 Assessment Task 1: Incident Response Report Section D – Conditions for assessment • The learner is required to access information and ideas from the assessor, industry, the Holmesglen Learning Centre, and other reliable sources and technologies located on the internet, such as Packet Tracer,Netlab,NetAcad,VMware workstataion pro,Kali Linux. • To be deemed competent and compliant for this assessment task, the learner must demonstrate all of the tasks, skills or knowledge outlined • If not successful within the enrolment period as per Holmesglen assessment procedure, you will be requested to resubmit within seven days of receiving feedback. You are permitted two resubmissions per assessment task. Equipment/resources students must supply: Equipment/resources to be provided by the RTO: PC computer or laptop with the following minimum specification: -Quad-Core CPU,16GB of RAM, 250GB of Storage, 2 GHz or faster processor -Access to an internet connection (ADSL or cable connection desirable) -PC Monitor 24" (dual monitor optional but preferred) -Headset/earphone with microphone (webcam optional but preferred) -Windows 10 - available free from https://developer.microsoft.com/en-us/windows/downloads/v irtual-machines/ or https://www.microsoft.com/enus/ evalcenter/evaluate-windows-10-enterprise -Packet Tracer - free to download -NETLab - free, accessed via web Holmesglen url -NetAcad - free, Register through Cisco learning academy -VMware workstation Pro - available free through Holmesglen OnTheHub -Kali Linux - free to download -LinkedIn Learning - free access via Holmesglen url -Microsoft Office Suite - free access through Holmesglen MyHorizon -WebEx - free to download -Storage - free via Holmesglen OneDrive or student can access free storage offered by google drive or dropbox, alternatively, a student can purchase an external SSD hard disk with a minimum of 250GB (prices vary). -7Zip or an equivalent compression utility - free to download -Google Chrome – recommended web browser PC computer or laptop with the following minimum specification: -Quad-Core CPU,16GB of RAM, 250GB of Storage, 2 GHz or faster processor -Access to an internet connection (ADSL or cable connection desirable) -PC Monitor 24" (dual monitor optional but preferred) -Headset/earphone with microphone (webcam optional but preferred) -Windows 10 - available free from https://developer.microsoft.com/en-us/windows/down loads/virtual-machines/ or https://www.microsoft.com/enus/ evalcenter/evaluate-windows-10-enterprise -Packet Tracer - free to download -NETLab - free, accessed via web Holmesglen url -NetAcad - free, Register through Cisco learning academy -VMware workstation Pro - available free through Holmesglen OnTheHub -Kali Linux - free to download -LinkedIn Learning - free access via Holmesglen url -Microsoft Office Suite - free access through Holmesglen MyHorizon -WebEx - free to download -Storage - free via Holmesglen OneDrive or student can access free storage offered by google drive or dropbox, alternatively, a student can purchase an external SSD hard disk with a minimum of 250GB (prices vary). -7Zip or an equivalent compression utility - free to download -Google Chrome – recommended web browser. OFFICIAL Holmesglen: PN/CAIT 7-Mar-2022 L:\CAIT\Teaching\T&L\202210\22334VIC-Re Registration pre\Registration Prep 2022\PN\VU21995-VU21996\Oncampus\CRS180_22334VIC-VU21995-VU21996_AT1of2_MASTER_ v1.1.docx

CRS180 Revision 101 May 2018 Page 5 Assessment Task 1: Incident Response Report Section E – Marking Sheet - Student Answer Sheet Unit code: VU21995 VU21996 Unit title: Manage network infrastructure for the organisation Evaluate and test an incident response plan for an enterprise Error: Reference source not found Knowledge task Questions to be answered by the student Q1. List and explain two (2) methods to protect your own data and privacy. The explanation of each method should be approximately 50 words. Satisfactory response Yes ☐ No ☐ Answer: Comment: OFFICIAL Holmesglen: PN/CAIT 7-Mar-2022 L:\CAIT\Teaching\T&L\202210\22334VIC-Re Registration pre\Registration Prep 2022\PN\VU21995-VU21996\Oncampus\CRS180_22334VIC-VU21995-VU21996_AT1of2_MASTER_ v1.1.docx

CRS180 Revision 101 May 2018 Page 7 Assessment Task 1: Incident Response Report For electronic submissions: By typing your name in the student signature field, you are accepting the above declaration. Section F – Feedback to Student Has the student successfully completed this assessment task? Yes No ☐ ☐ Additional Assessor comments (as appropriate): Resubmission allowed: Yes ☐ No ☐ Resubmission due date: Assessor name: Assessor signature: Date Assessed: OFFICIAL Holmesglen: PN/CAIT 7-Mar-2022 L:\CAIT\Teaching\T&L\202210\22334VIC-Re Registration pre\Registration Prep 2022\PN\VU21995-VU21996\Oncampus\CRS180_22334VIC-VU21995-VU21996_AT1of2_MASTER_ v1.1.docx

CRS180 Revision 101 May 2018 Page 1 Assessment Task 1: Incident Response Report Supporting document ABC Widget Cyber Hygiene Scenario Unit code : VU21995 VU21996 Unit title: Manage network infrastructure for the organisation Evaluate and test an incident response plan for an enterprise ABC Widgets is an Australian company that sells children clothes online and from their six stores in Melbourne. Equipment and Operation:  All stores have EFTPOS terminals which accept credit and debit card payments.  EFTPOS are connected through WiFi using WPA to file servers locally installed in each branch.  EFTPOS machines are using Windows XP, which has been updated and patched to the latest version.  EFTPOS machines have paypass contactless payment facility enabled.  Barcode scanners are used by staff to scan the inventory items to directly input data into the inventory database which is located on the same file server as the customer data. Electronic Security Concerns:  IT Administrator has some concerns but he has been told that although the data is part of the same database, they're two different tables.  Users/Employees are sharing their login details with each other and the password policy does not enforce strong passwords and periodic passwords renewal.  Each file server is using FTP to handle and serve the customer data.  Aging equipment with limited security features Current Equipment  ABC Widgets PL are currently running their virtualisation platform with VMWare vSphere Client 5.5. This platform houses all required services for ABC.  ABC Widgets are also using Cisco 1941 series router with IOS licensing of 12.1 version with no security package. Their switch infrastructure also requires potential upgrades. They are currently using two Cisco Catalyst 2960 with Cisco IOS Release 12.2 with no security pack. Physical Security:  There is a security guard at each store who does random inspections of people coming in and leaving the store.  Stores are kept locked after hours Wireless Network:  There are wireless access points in different areas of each store to allow the EFTPOS machines to connect to the financial institution's network for authorizations.  An employee has raised some concerns that the wireless networks are available from the car park to anyone with a WiFi enabled device. OFFICIAL Holmesglen: PN/CAIT 7-Mar-2022 L:\CAIT\Teaching\T&L\202210\22334VIC-Re Registration pre\Registration Prep 2022\PN\VU21995-VU21996\Oncampus\CRS180_22334VIC-VU21995-VU21996_AT1of2_MASTER_ v1.1.docx