WSC2019 39 IT Network Systems Administration Marking Scheme
WSC2019 39 IT Network Systems Administration Marking Scheme
WSC2019 39 IT Network Systems Administration Marking Scheme
4 Troubleshooting
5 Design
Criteria
ID Name
A Linux Environments
B Windows Environments
Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
A1 fw.skill39.net
M Basic Configuration
M OpenVPN: Site-to-site VPN
M OpenVPN: Remote access VPN
M DHCP: DDNS A record update
M DHCP: DDNS PTR record update
M iptables: Default chains policy
J iptables: NAT Rules
0
1
2
3
J iptables: Packet filtering
0
1
2
3
A2 file.skill39.net
M Basic Configuration
Sheet: CIS Marking Scheme Import Version:
File: WSC2019_39_IT_Network_Systems_Administration_marking_scheme.xlsx Date: 2 of 26
M DHCP: Static lease
M LDAP: OpenLDAP database
M RAID
M LVM
M NFS share
M DNS: Forwarders
M DNS: necessary records
M DNS: 192.168.1.0/24 PTR records
M DNS: 192.168.2.0/25 PTR records
A3 client1.skill39.net
M Basic Configuration
M DHCP: Address assignment
M PAM: LDAP authentication
M PAM: Local user login restriction
M SSH: Private key authentication
M NFS client: /mnt/documents
M NFS client: /home
M NFS client: /data/home permissions
M SAMBA share
M Icinga2: Monitor fw.skill39.net
M Icinga2: Monitor intranet.skill39.net
M SSH on internet.skill39.net
M Mail client: Send & receive mail
M Mail client: Send mail to [email protected]
M OpenVPN: Site-to-site VPN
A4 janes-pc
M Basic Configuration
M Mail client: Send & receive mail
M Mail client: Send mail to [email protected]
M Mail client: Send email to skill39.net
M FTP client: Directory creation
M FTP security
M FTP Fail2Ban
M nginx reverse proxy: public.worldskills.org
M nginx reverse proxy: www.worldskills.org
M OpenVPN: Remote access VPN client
M OpenVPN: Same access as office network
M OpenVPN: HTTPS traffic flow
M systemd: /last-boot unit
Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
C1 CAMPUS AND BRANCH LAN
M VLAN provisioning
M STP
M LAG
M FHRP
J VLAN provisioning implementation
0
1
2
3
J STP implementation
0
Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
D1 Troublesshoot 1 4
J Ticket 1
0
1
2
3
D2 Troublesshoot 2 4
J Ticket 2
0
1
2
3
D3 Troublesshoot 3 4
Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
fication
WSSS Aspect
Variation
Marks Marks
Mark
25.00
25.00
25.00
2 0.10
4 0.50
4 0.40
4 0.40
4 0.40
4 0.20
4 0.30
No NAT rules implemented
SNAT/MASQUERADE and DNAT implemented but not lim
DNAT all traffic limited to one host
DNAT restricted to port and protocol
4 0.50
No firewall implemented or any/any
Firewall implemented for all services: Allow 192.168.1.0/24
Service port and protocols specified
Extra features added e.g. comments, extra chains or loggi
2 0.10
Sheet: CIS Marking Scheme Import Version:
File: WSC2019_39_IT_Network_Systems_Administration_marking_scheme.xlsx Date: 15 of 26
4 0.30
4 0.60
4 0.40
4 0.30
4 0.40
4 0.30
4 0.30
4 0.20
4 0.20
2 0.10
4 0.30
4 0.30
4 0.50
4 0.40
4 0.30
4 0.30
4 0.40
4 0.40
4 0.30
4 0.30
4 0.60
2 0.50
2 0.40
4 0.40
2 0.10
2 0.50
2 0.50
2 0.40
4 0.60
4 0.20
4 0.40
4 0.50
4 0.50
4 0.50
4 0.50
4 0.50
4 0.40
2 0.10
6 0.50
6 0.20
5 0.30
No NAT rules implemented
SNAT/MASQUERADE and DNAT implemented but not lim
DNAT all traffic limited to one host
DNAT restricted to port and protocol
4 0.50
No firewall implemented or any/any
Firewall implemented for all servicesAllow 10.10.10.1/32 to
Service port and protocols specified
Extra features added e.g. comments, extra chains or loggi
2 0.10
6 0.30
5 0.30
6 0.40
1 0.10
6 0.30
5 0.30
2 0.50
2 0.10
6 0.30
6 0.40
5 0.50
6 0.30
1 0.10
6 0.20
6 0.40
6 0.20
6 0.20
6 0.30
2 0.20
6 0.30
6 0.10
6 0.30
6 0.30
6 0.10
6 0.10
6 0.10
6 0.15
6 0.15
6 0.30
6 0.30
6 0.90
6 0.70
6 0.40
6 0.60
6 0.80
6 0.60
6 0.30
6 0.10
6 0.60
6 0.80
6 0.90
4 0.35
4 0.20
4 0.50
4 0.20
6 0.10
6 0.20
6 0.10
6 0.20
6 0.20
6 0.40
6 0.10
6 0.20
6 0.20
7 0.20
6 0.10
6 0.20
6 0.60
6 0.30
2 0.40
2 0.10
6 0.10
6 0.10
6 0.20
6 0.30
6 0.20
6 0.30
1 0.20
6 0.20
6 0.20
6 0.20
1 0.30
2 0.30
2 0.30
2 0.30
6 0.40
6 0.20
6 0.10
6 0.20
6 0.30
7 0.20
7 0.20
1 0.20
6 0.45
6 0.30
6 0.20
6 0.50
6 1.00
Create random VLAN from normal and extended range o atleast normal rang 7 0.50
On DSW-01, DSW-02, ASW-01, AWS-02 show span root No root ports must 7 0.50
On any distribution switch show etherchannel summary Ports are bundeled 7 0.25
Check which is the primary Switch (DSW-01), check preemIs it VRRP, HSRP 7 0.50
5 0.25
Not implemented
VTPv1
VTPv2
VTPv3
5 0.25
Not implemented
From client virtual machine open http://87.250.250.1, chec Should see a webp 7 0.50
From client virtual machine open http://87.250.250.1, chec Should see a webp 7 0.50
From Boris, disconnect remote access and open observium Should see a webp 7 0.50
From Boris, disconnect remote access and open rosatom. Should not see a w 7 0.50
5 0.25
Not implemented
Static\Default
IGP
BGP
5 0.25
Not implemented
Implemented ACL that works without any any
Statefull ACL
Zone based Firewall
Check system message on Kremlin, Ivan and Yuri On each phone sys 7 0.25
On Kremlin, Ivan and Yuri check local directory first name Must be available 7 0.25
From any working phone call any other working phone, theAll three phones m 7 0.50
From any working phone call any other working phone, theCall must be picked 7 0.50
On Kremlin push second-line button Intercom with Ivan 7 0.25
From any working phone call 888 KGB and Kremlin m 7 0.50
On Yuri push second-line button Ivan must ring 7 0.25
From any working phone call Kremlin or KGB (optionally a Kremlin or KGB (or 7 0.75
While connected via remote access VPN call any working Call must be estab 7 0.75
3 1.25
No/Incorrect solution to introduced problem with unclear do
Non-optimal solution with unclear documentation OR No s
optimal solution with unclear documentation OR non-optim
optimal solution to introduced problem with clear documen
3 1.25
No/Incorrect solution to introduced problem with unclear do
Non-optimal solution with unclear documentation OR No s
optimal solution with unclear documentation OR non-optim
optimal solution to introduced problem with clear documen
3 1.25
No/Incorrect solution to introduced problem with unclear do
Non-optimal solution with unclear documentation OR No s
optimal solution with unclear documentation OR non-optim
optimal solution to introduced problem with clear documen
3 1.25
No/Incorrect solution to introduced problem with unclear do
Non-optimal solution with unclear documentation OR No s
optimal solution with unclear documentation OR non-optim
optimal solution to introduced problem with clear documen
3 1.25
No/Incorrect solution to introduced problem with unclear do
Non-optimal solution with unclear documentation OR No s
optimal solution with unclear documentation OR non-optim
optimal solution to introduced problem with clear documen
3 1.25
No/Incorrect solution to introduced problem with unclear do
Non-optimal solution with unclear documentation OR No s
optimal solution with unclear documentation OR non-optim
optimal solution to introduced problem with clear documen
3 1.25
No/Incorrect solution to introduced problem with unclear do
Non-optimal solution with unclear documentation OR No s
optimal solution with unclear documentation OR non-optim
optimal solution to introduced problem with clear documen
4 1.25
No/Incorrect solution to introduced problem with unclear do
Non-optimal solution with unclear documentation OR No s
4 1.25
No/Incorrect solution to introduced problem with unclear do
Non-optimal solution with unclear documentation OR No s
optimal solution with unclear documentation OR non-optim
optimal solution to introduced problem with clear documen
1 2.00
1 2.00
2 2.00
2 2.00
4 2.00
4 1.00
4 0.50
4 0.50
4 0.10
4 0.10
4 0.10
4 0.10
4 0.10
Total
Competition 100.00
Mark