WSC2019 39 IT Network Systems Administration Marking Scheme

39 IT Network Systems Admi
WorldSkills Standards Specif

Section WSSS Marks
1 Work organization and management
2 Communication and interpersonal Skills
3 User support and consultancy
4 Troubleshooting
5 Design
6 Install, up-grade, and configure operating systems
7 Configuring networking devices
Criteria
ID Name
A Linux Environments
B Windows Environments
Sheet: CIS Marking Scheme Import Version:

File: WSC2019_39_IT_Network_Systems_Administration_marking_scheme.xlsx Date: 1 of 26
C Cisco Environments
D Troubleshooting and secret challenges
Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
A1 fw.skill39.net
M Basic Configuration
M OpenVPN: Site-to-site VPN
M OpenVPN: Remote access VPN
M DHCP: DDNS A record update
M DHCP: DDNS PTR record update
M iptables: Default chains policy
J iptables: NAT Rules
0
1
2
3
J iptables: Packet filtering
0
1
2
3
A2 file.skill39.net
M DHCP: Static lease
M LDAP: OpenLDAP database
M RAID
M LVM
M NFS share
M DNS: Forwarders
M DNS: necessary records
M DNS: 192.168.1.0/24 PTR records
M DNS: 192.168.2.0/25 PTR records
A3 client1.skill39.net
M DHCP: Address assignment
M PAM: LDAP authentication
M PAM: Local user login restriction
M SSH: Private key authentication
M NFS client: /mnt/documents
M NFS client: /home
M NFS client: /data/home permissions
M SAMBA share
M Icinga2: Monitor fw.skill39.net
M Icinga2: Monitor intranet.skill39.net
M SSH on internet.skill39.net
M Mail client: Send & receive mail
M Mail client: Send mail to [email protected]
A4 janes-pc
M Mail client: Send & receive mail
M Mail client: Send mail to [email protected]
M Mail client: Send email to skill39.net
M FTP client: Directory creation
M FTP security
M FTP Fail2Ban
M nginx reverse proxy: public.worldskills.org
M nginx reverse proxy: www.worldskills.org
M OpenVPN: Remote access VPN client
M OpenVPN: Same access as office network
M OpenVPN: HTTPS traffic flow
M systemd: /last-boot unit

A5 private.skill39.net
M SSH on internet.skill39.net
M Apache2: Security Measure
M Mail server: STARTTLS
M MySQL: Restored database from dump
M Apache2: intranet.skill39.net
M Backup: rsync script
M Backup: cron job
A6 fw.worldskills.org
M iptables: Default chains policy
J iptables: NAT Rules
0
1
2
3
J iptables: Packet filtering
0
1
2
3
A7 public.worldskills.org
M CIFS client
M VPN tunnel
M Apache2
A8 srvpv01.fast-provider.net
M DNS: Forward zone
M DNS: necessary records
M Mail server: STARTTLS
A9 srvpv02.fast-provider.net
M DNS: Secondary
M Backup: Network restriction
M Backup: Permission preservation
M Backup: rsync daemon

Aspect
Sub Type
ID Meas
J = Judg
B1 INTCLIENT
M Setup: TCP/IP configured, Domain-joined
M Web: Access "https://www.wsc2019.ru"
M Web: Access "https://intra.wsc2019.ru"
M Web: Access "https://extra.wsc2019.ru"
M File: Test "\\dc1\Public" access permission
M File: Access WorkFolder "https://work.wsc2019.ru"
M GPO: Login Banner
M GPO: Automatic configuration of WorkFolders for expert group
M File: Home folder exists
M File: Home Folder access
M File: Home Disk quota
M File: Test "\\dc2\WSC\Junior Skills" access permission for full-acc
M File: Test "\\dc2\WSC\Junior Skills" access permission for read-o
M File: Test "\\dc2\WSC\Junior Skills" access permission for non-au
M File: Test "\\dc2\WSC\Secret Challenges" access permission
M File: Test access-based enumeration
M File: DFS configured
M GPO: Auto enrollment for manager group
B2 REMCLIENT
M RAS: Device tunnel configured and connected
M RAS: Log on as domain user via device tunnel
M Bitlocker: Volume encrypted
B3 PUBCLIENT
M File: Test WorkFolders authentication configured
M File: Test WorkFolders authentication working
M Firewall: Test the FIREWALL
M Web: IP address restriction of "https://intra.wsc2019.ru"
M Web: Access "https://www.wsc2019.ru"
M Web: Authentication page of "https://extra.wsc2019.ru"
M Web: Access "https://extra.wsc2020.ru"
M ADCS: Test Certificate enrollment policy via Web Application Pro

M ADCS: Test Key-based renewal
M RAS: Test VPN connection and NPS policy
B4 DC1
M ADDS: Imported users from the excel file
M ADDS: Imported users from the excel file in correct OU
M All properties in imported users?
M ADDS: Group membership of the imported users
M DNS: PTR records
M DNS: CNAME records
M DNS: Root hint
M DHCP: Scope with option values
M DHCP: Failover scope
M DHCP: Scope Protection
M WDS Installed
M WDS: WDS image configured
M WDS: Web installed via WDS
M NPS: Client configured
B5 DC2
M ADDS: Configured as a domain controller
M DNS:zone active directory integrated?
M ADFS: Federation service configured
M ADFS: Certificate
M File: WorkFolders configured
M File: Group share
M File: Witness share
M Backup: Backup job created
M Backup: Backup job working
M Storage: RAID configured
M Storage: G:\ drive mounted correctly
M Storage: Deduplication configured
B6 CERT
M ADCS: CA installed and configured
M ADCS: CDP and AIA configured
M ADCS: Certificate issued by INET?
M ADCS: Templates created?
B7 WEB
M Setup: OS installed, TCP/IP configured, Domain-joined
M IIS: "Default Web Site" configured
M IIS: "Extranet" configured

M IIS: "Public" configured
M ADCS: Certificate Enrollment Web Service installed
M ADCS: Certificate Enrollment Policy Web Service installed and co
B8 STORAGE
M Storage: E:\ drive mounted correctly
M Storage: iSCSI target configured
M Storage: iSCSI virtual disk created
B9 FIREWALL
M DNS: A records
M DNS: SOA records
M RAS: RRAS installed and configured
M RAS: NPS authentication configured
M RAS: testing webapp publishing
B10 HYPERV1
M HV1- is core server
M Storage: iSCSI disk configured correctly
M Cluster: Configured as HYPERV-CLUS.wsc2019.ru
M Cluster: Quorum witness
M Cluster: The "WEB" VM exists
M Cluster: Test live migration
Aspect
Sub Type
ID Meas
J = Judg
C1 CAMPUS AND BRANCH LAN
M VLAN provisioning
M STP
M LAG
M FHRP
J VLAN provisioning implementation
0
1
2
3
J STP implementation
0

1
2
3
J LAG implementation
0
1
2
3
J FHRP Implementation
0
1
2
3
J Overall campus and branch LAN implementation
0
1
2
3
C2 PUBLIC INTERNET
M Public internet access: random Router
M Public internet access: random ASA
M Public website access available
M Private website access restricted
J Public internet implementation
0
1
2
3
J Internet security implementation
0
1
2
3
C3 ENTERPRISE ROUTING DOMAIN
M Connectivity: Yakutsk-Tyumen
M Connectivity: Kirov-Tyumen
M Connectivity: Yakutsk-Tomsk
M Connectivity: Kirov-Tomsk
M IPsec: Tyumen-Moscow

M IPsec: Tyumen-Yakutsk
M IPsec: Tyumen-Kirov
M IPsec: Tyumen-Tomsk
M Stateless failover: Tyumen
M Remote access VPN: connectivity
M Private WAN failover: Yakutsk
M Private WAN failover: Kirov
J Routing implementation
0
1
2
3
J IOS VPN implementation
0
1
2
3
J IPsec implementation
0
1
2
3
J Private WAN security implementation
0
1
2
3
J Stateless failover: Tyumen
0
1
2
3
C4 SERVICES INTEGRATION
M NTP
M DHCP
M SNMP
M Network configuration backup
M Centralized authentication for management
J NTP implementation

0
1
2
3
J SNMP implementation
0
1
2
3
C5 UNIFIED COMMUNICATIONS INFRASTRUCTURE
M System message
M Local Directory
M Conferencing
M Call Park/Pickup
M Intercom
M Paging
M SpeedDial
M Music on park
M Remote softphone operation
Aspect
Sub Type
ID Meas
J = Judg
D1 Troublesshoot 1 4
J Ticket 1
0
1
2
3
J Ticket 2
0
1
2
3

J Ticket 3
0
1
2
3
J Ticket 4
0
1
2
3
J Ticket 5
0
1
2
3
J Ticket 6
0
1
2
3
J Ticket 7
0
1
2
3
J Ticket 8
0
1
2
3
J Ticket 9
0
1

2
3
J Ticket 10
0
1
2
3
D11 Secret PT 4
M PT Points 1
M PT Points 2
M PT Points 3
M PT Points 4
M PT Points 5
M PT Points 6
M PT Points 7
M PT Points 8
M PT Points 9
M PT Points 10
M PT Points 11
M PT Points 12
M PT Points 13
Aspect
Sub Type
ID Meas
J = Judg
Aspect
Sub Type
ID Meas
J = Judg

Aspect
Sub Type
ID Meas
J = Judg
Aspect
Sub Type
ID Meas
J = Judg
Aspect
Sub Type
ID Meas
J = Judg

inistration
fication
WSSS Aspect
Variation
Marks Marks
5.00 5.00 0.00
10.00 10.20 0.20
10.00 10.00 0.00
25.00 23.65 1.35
5.00 6.40 1.40
25.00 24.15 0.85
20.00 20.60 0.60
Total Variation 4.40
Mark
25.00
25.00

25.00
25.00
Extra Aspect Description (Meas or Judg) Requirement

WSSS
Calculation
Max Total
OR (Measurement Row Criterion A 25.00
Judgement Score Description (Judg only) Only)
Section
(Export only)
Mark
Mark
2 0.10
4 0.50
4 0.40
4 0.40
4 0.40
4 0.20
4 0.30
No NAT rules implemented
SNAT/MASQUERADE and DNAT implemented but not lim
DNAT all traffic limited to one host
DNAT restricted to port and protocol
4 0.50
No firewall implemented or any/any
Firewall implemented for all services: Allow 192.168.1.0/24
Service port and protocols specified
Extra features added e.g. comments, extra chains or loggi
2 0.10
4 0.30
4 0.60
4 0.40
4 0.30
4 0.40
4 0.30
4 0.30
4 0.20
4 0.20
2 0.10
4 0.30
4 0.30
4 0.50
4 0.40
4 0.30
4 0.30
4 0.40
4 0.40
4 0.30
4 0.30
4 0.60
2 0.50
2 0.40
4 0.40
2 0.10
2 0.50
2 0.50
2 0.40
4 0.60
4 0.20
4 0.40
4 0.50
4 0.50
4 0.50
4 0.50
4 0.50
4 0.40

1 0.10
6 0.20
6 0.20
2 0.50
2 0.40
6 0.50
4 0.30
4 0.30
2 0.10
6 0.50
6 0.20
5 0.30
No NAT rules implemented
SNAT/MASQUERADE and DNAT implemented but not lim
DNAT all traffic limited to one host
DNAT restricted to port and protocol
4 0.50
No firewall implemented or any/any
Firewall implemented for all servicesAllow 10.10.10.1/32 to
Service port and protocols specified
Extra features added e.g. comments, extra chains or loggi
2 0.10
6 0.30
5 0.30
6 0.40
1 0.10
6 0.30
5 0.30
2 0.50
2 0.10
6 0.30
6 0.40
5 0.50
6 0.30

WSSS
Calculation
Max Total
OR (Measurement Row Criterion B 25.00
Section
(Export only)
Mark
Mark
1 0.10
6 0.20
6 0.40
6 0.20
6 0.20
6 0.30
2 0.20
6 0.30
6 0.10
6 0.30
6 0.30
6 0.10
6 0.10
6 0.10
6 0.15
6 0.15
6 0.30
6 0.30
6 0.90
6 0.70
6 0.40
6 0.60
6 0.80
6 0.60
6 0.30
6 0.10
6 0.60
6 0.80
6 0.90

6 0.90
6 0.40
4 0.35
4 0.20
4 0.50
4 0.20
6 0.10
6 0.20
6 0.10
6 0.20
6 0.20
6 0.40
6 0.10
6 0.20
6 0.20
7 0.20
6 0.10
6 0.20
6 0.60
6 0.30
2 0.40
2 0.10
6 0.10
6 0.10
6 0.20
6 0.30
6 0.20
6 0.30
1 0.20
6 0.20
6 0.20
6 0.20
1 0.30
2 0.30
2 0.30

2 0.20
6 0.20
6 0.50
2 0.30
6 0.40
6 0.20
6 0.10
6 0.20
6 0.30
7 0.20
7 0.20
1 0.20
6 0.45
6 0.30
6 0.20
6 0.50
6 1.00

WSSS
Calculation
Max Total
OR (Measurement Row Criterion C 25.00
Section
(Export only)
Mark
Mark
Create random VLAN from normal and extended range o atleast normal rang 7 0.50
On DSW-01, DSW-02, ASW-01, AWS-02 show span root No root ports must 7 0.50
On any distribution switch show etherchannel summary Ports are bundeled 7 0.25
Check which is the primary Switch (DSW-01), check preemIs it VRRP, HSRP 7 0.50
5 0.25
Not implemented
VTPv1
VTPv2
VTPv3
5 0.25
Not implemented

Default configuration
RPVST+
MST
5 0.25
Not implemented
Static (L2)
Static (L3)
PAgP or LACP
5 0.25
Not implemented
HSRP or VRRP
Preemptive configuration or tracking the uplink to ASA
Preemptive configuration and tracking the uplink to ASA
5 1.00
0
1+
4+
6+
From client virtual machine open http://87.250.250.1, chec Should see a webp 7 0.50
From client virtual machine open http://87.250.250.1, chec Should see a webp 7 0.50
From Boris, disconnect remote access and open observium Should see a webp 7 0.50
From Boris, disconnect remote access and open rosatom. Should not see a w 7 0.50
5 0.25
Not implemented
Static\Default
IGP
BGP
5 0.25
Not implemented
Implemented ACL that works without any any
Statefull ACL
Zone based Firewall
From Ivan ping DC 172.16.40.1 Ping must be succe 7 0.50

From Yuri ping DC 172.16.40.1 Ping must be succe 7 0.50
From Ivan ping Rosatom 172.16.30.1 Ping must be succe 7 0.50
From Yuri ping Rosatom 172.16.30.1 Ping must be succe 7 0.50
Ping from Tyumen internal (172.20.40.254) to Moscow inteESP packets are tr 7 0.75

Ping from Tyumen internal (172.20.40.254) to Yakutsk int ESP packets are tr 7 0.75
Ping from Tyumen internal (172.20.40.254) to Kirov intern ESP packets are tr 7 0.75
Ping from Tyumen internal (172.20.40.254) to Tomsk inte ESP packets are tr 7 0.75
From Observium server ping Yandex server (87.250.250. Ping should work a 7 1.25
From Boris ping Observium server (172.16.40.3), after tha ping should not wo 7 1.25
On Ivan start ping to 8.8.8.8 and to any random client, con ping must return ba 7 0.75
On Yuri start ping to 8.8.8.8 and to any random client, conf ping must return ba 7 0.75
5 0.50
Not implemented
There is some routes
some of the routes using dynamic routing
All of the routes using dynamic routing
5 0.50
Not implemented
partial or Full-mesh
DMVPN Phase 1 or Hub-and-Spoke
DMVPN Phase 2 or 3 \ FlexVPN
5 0.25
Not implemented
IKEv1+PSK
IKEv1+RSA or IKEv2+PSK
IKEv2+RSA+ESP
5 0.25
Not implemented
PAP
CHAP (only one side)
CHAP (Both ends)
5 0.25
Not implemented
In case of internet interface is down onTJM-01 either ping
1+both should work
2+ VPN is working (Yakutsk or Kirov)
show ntp status on random device Must be synchroniz 7 0.75

On random client machine issue ipconfig /all Must contain DHCP 7 0.50
Check on the observium server There is MOW rout 7 0.75
Do wr on MOW router and Check on the observium serverThere should be a 7 0.50
Check on TJM-01 router Login with usernam 7 0.75
5 0.50

Not implemented
single NTP server with no authentication
Hierarchical NTP infrastructure or authentication atleast on
Hierarchical NTP infrastructure + authentication atleast on
5 0.25
Not implemented
SNMPv1
SNMPv2 or SNMPv3 without auth and priv
SNMPv3 with auth or priv
Check system message on Kremlin, Ivan and Yuri On each phone sys 7 0.25
On Kremlin, Ivan and Yuri check local directory first name Must be available 7 0.25
From any working phone call any other working phone, theAll three phones m 7 0.50
From any working phone call any other working phone, theCall must be picked 7 0.50
On Kremlin push second-line button Intercom with Ivan 7 0.25
From any working phone call 888 KGB and Kremlin m 7 0.50
On Yuri push second-line button Ivan must ring 7 0.25
From any working phone call Kremlin or KGB (optionally a Kremlin or KGB (or 7 0.75
While connected via remote access VPN call any working Call must be estab 7 0.75

WSSS
Calculation
Max Total
OR (Measurement Row Criterion D 25.00
Section
(Export only)
Mark
Mark
3 1.25
No/Incorrect solution to introduced problem with unclear do
Non-optimal solution with unclear documentation OR No s
optimal solution with unclear documentation OR non-optim
optimal solution to introduced problem with clear documen
3 1.25

3 1.25
3 1.25
3 1.25
3 1.25
3 1.25
3 1.25
4 1.25

4 1.25
1 2.00
1 2.00
2 2.00
2 2.00
4 2.00
4 1.00
4 0.50
4 0.50
4 0.10
4 0.10
4 0.10
4 0.10
4 0.10

WSSS
Calculation
Max Total
OR (Measurement Row Criterion E 0.00
Section
(Export only)
Mark
Mark

WSSS
Calculation
Max Total
OR (Measurement Row Criterion F 0.00
Section
(Export only)
Mark
Mark

WSSS
Calculation
Max Total
OR (Measurement Row Criterion G 0.00
Section
(Export only)
Mark
Mark

WSSS
Calculation
Max Total
OR (Measurement Row Criterion H 0.00
Section
(Export only)
Mark
Mark

WSSS
Calculation
Max Total
OR (Measurement Row Criterion I 0.00
Section
(Export only)
Mark
Mark
Total
Competition 100.00
Mark


WSC2019 39 IT Network Systems Administration Marking Scheme

Uploaded by

Copyright:

Available Formats

WSC2019 39 IT Network Systems Administration Marking Scheme

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WSC2019 39 IT Network Systems Administration Marking Scheme

Uploaded by

Copyright:

Available Formats

39 IT Network Systems Admi

WorldSkills Standards Specif

1 Work organization and management

2 Communication and interpersonal Skills

3 User support and consultancy

6 Install, up-grade, and configure operating systems

7 Configuring networking devices

Sheet: CIS Marking Scheme Import Version:

D Troubleshooting and secret challenges

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

5.00 5.00 0.00

10.00 10.20 0.20

10.00 10.00 0.00

25.00 23.65 1.35

5.00 6.40 1.40

25.00 24.15 0.85

20.00 20.60 0.60

Total Variation 4.40

Sheet: CIS Marking Scheme Import Version:

Extra Aspect Description (Meas or Judg) Requirement

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Extra Aspect Description (Meas or Judg) Requirement

Sheet: CIS Marking Scheme Import Version:

From Ivan ping DC 172.16.40.1 Ping must be succe 7 0.50

Sheet: CIS Marking Scheme Import Version:

show ntp status on random device Must be synchroniz 7 0.75

Sheet: CIS Marking Scheme Import Version:

Extra Aspect Description (Meas or Judg) Requirement

Sheet: CIS Marking Scheme Import Version:

Sheet: CIS Marking Scheme Import Version:

Extra Aspect Description (Meas or Judg) Requirement

Extra Aspect Description (Meas or Judg) Requirement

Sheet: CIS Marking Scheme Import Version:

Extra Aspect Description (Meas or Judg) Requirement

Extra Aspect Description (Meas or Judg) Requirement

Sheet: CIS Marking Scheme Import Version:

You might also like