What is isolating a virtual machine from the physical network to allow testing to be performed without impacting the production environment called quizlet?

You have installed Hyper-V on ITAdmin. You're experimenting with creating virtual machines.
In this lab, your task is to create two virtual machines named VM1 and VM2. Use the following settings as specified for each machine:

VM1:
Virtual machine name: VM1
Virtual machine location: D:\HYPERV
Generation: Generation 1
Startup memory: 1024 MB (do not use dynamic memory)
Networking connection: External
Virtual hard disk name: VM1.vhdx
Virtual hard disk location: D:\HYPERV\Virtual Hard Disks
Virtual hard disk size: 50 GB
Operating system will be installed later

VM2:
Virtual machine name: VM2
Virtual machine location: D:\HYPERV
Generation: Generation 1
Startup memory: 2048 MB (use dynamic memory)
Networking connection: Internal
Virtual hard disk name: VM2.vhdx
Virtual hard disk location: D:\HYPERV\Virtual Hard Disks
Virtual hard disk size: 250 GB
Operating system will be installed later
Minimum RAM: 512 MB
Maximum RAM: 4096 MB

Complete this lab as follows:

1. Access the Hyper-V Manager.
a. Select Start.
b. Expand Windows Administrative Tools and then select Hyper-V Manager.

2. Create virtual machines on ITAdmin.
*Use all default settings unless directed otherwise.
a. Right-click ITADMIN and then select New > Virtual Machine.
b. From the Before You Begin dialog, select Next.
c. In the Name field, enter VM_name and then select Next.
d. Make sure Generation 1 is selected and then select Next.
e. In the Startup memory field, enter size.
f. Set the Use Dynamic Memory for this virtual machine appropriately and then select Next.
g. Use the Connection drop-down menu to select connection_type and then select Next.
h. In the Size field, enter disk_size and then select Next.
i. Make sure Install an operating system later is selected and then select Next.
j. Review your configuration and then select Finish to create the virtual machine.
k. Repeat step 2 to create the second virtual machine.

3. Adjust virtual machine memory for VM2.
a. From the Hyper-V Manager, under Virtual Machines, right-click VM2 and select Settings.
b. From the left pane, select Memory.
c. In the Minimum RAM field, enter 512.
d. In the Maximum RAM field, enter 4096.Select OK.

A virtual network is made up of one or more virtual machines configured to access local or external network resources. Important facts about virtual networks include the following:

> Virtual machines support an unlimited number of virtual networks. Also be aware that an unlimited number of virtual machines can be connected to a virtual network.

- Multiple virtual networks can be associated with a single physical network adapter.
- When a virtual network is created, its configuration is dependent on the configuration and physical hardware (such as the type and number of network adapters) of the host operating system.
- The physical devices are partitioned into one or more virtual devices, depending on the network necessity and the device capability.
- When setting up a new virtual device, the system administrator will define how much of the physical device capability each partition will have. This means that one physical server could act as two or three virtual machines that work separately from one another and have their own specifications.
- The available resources in a network are split up so the available bandwidth is turned into channels. Each channel can be assigned to a particular server or device in real-time. Each channel is independently secured.

> A virtual network includes a virtual Dynamic Host Configuration Protocol (DHCP) server that can provide IP address leases only to virtual machines. Even though the DHCP server is isolated, it assigns unique IP addresses from the range specified.
> Accessing a network and network resources requires that the operating system on the virtual machine be configured as a part of the network.
> Internal network virtualization configures a single system with software containers, or pseudo-interfaces, to emulate a physical network with software. This can improve a single system's efficiency by isolating applications to separate containers or pseudo-interfaces.
> External network virtualization combines one or more LANs into virtual networks to improve a large network's efficiency. Using this technology, systems physically attached to the same local network can be configured to be separate virtual networks. Systems from separate LANs can also be combined into a single VLAN that spans segments of a large network.
> Network virtualization should allow a virtual network, including all of its IP addresses, routes, network appliances, and so on, to appear to be running directly on the physical network. This allows the servers connected to that virtual network to continue to operate as if they were running directly on the physical network, even though multiple virtual networks share the physical network.

SECaaS providers integrate their services into a corporate infrastructure. The applications and software are specific to organizational security. SECaaS is based on the Software-as-a-Service cloud computing model, but is limited to information security services and does not require on-premises hardware. These security services can include authentication, anti-virus, anti-malware, spyware, intrusion detection, penetration testing, and security event management.

SECaaS can sometimes be much more cost effective for an organization than having to pay for all the necessary equipment and personnel to properly protect a network from viruses, malware, and instruction. However, it is still necessary to have an on-site security professional.

Cloud-based services can be hosted externally by third-party service providers or internally on your own virtualization infrastructure. For example, internal private clouds are commonly used to provide a VDI. Using VDI, user desktops are virtualized, running on high-end hardware in the data center instead of on the end user's workstation hardware. The physical workstation is merely used to establish a remote connection to the user's virtualized desktop. This is sometimes called a thin client deployment because most of the computing power is provided by servers in the data center. Traditional deployments, where most of the processing load is handled by the local workstation, are called thick client deployments.

Using VDI provides increased flexibility, enhanced security, efficient management, and better data protection than the traditional workstation-based desktop model. Consider the following advantages:

> Workstation hardware costs are reduced. Only minimal workstation hardware is required to run a Remote Desktop (Windows) or VNC (Linux) client and connect to the private cloud.
> User data on the desktop can be protected centrally by backing up the hypervisors where the virtualized desktops are running. There is no need to back up physical workstations separately.
> If a user's physical workstation fails, no data is lost. The user can access the virtualized desktop from a different workstation while the failed hardware is repaired or replaced.
> If a widespread malware infection hits multiple user desktops, the affected virtual systems can be quickly re-imaged on the hypervisor. There is no need to push large images down to end users' workstations over the network.
> If a user loses a device, such as a notebook or tablet, there is much less of a chance that critical data will be compromised because no data is saved on the device.

SECaaS

Security as a Service (SECaaS) providers integrate their services into a corporate infrastructure. The applications and software are specific to organizational security. SECaaS is based on the Software as a Service (SaaS) cloud computing model. However, it is limited to information security services and does not require on-premises hardware. These security services can include authentication, antivirus, anti-malware, spyware, intrusion detection, penetration testing, and security event management.

IaaS delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments.

PaaS delivers everything a developer needs to build an application.

SaaS delivers software applications to the client over the internet or on a local area network.

A cloud-based firewall is a software network device that is deployed in the cloud. It protects against unwanted access to a private network.

When making a decision about a cloud-based firewall, consider the following.

> Cost
- Liability and damage to your cloud applications and services.
- The cost of a misconfigured firewall. Misconfiguration includes ports left open and other security holes exposed.
- There are cloud-based firewalls available whose fees are based on usage to help lower the cost. The cost of damages and liability may be far higher than the cost of a firewall.

> Segmentation
- Implement internal segmented firewalls (ISFWs) and access control lists to control access to each segment.
- Use segmentation to partition networks into trust zones to limit access.
- Become familiar with networking methods and network segmentation tools provided by your cloud provider to optimize the cloud-based firewall for your organization.
- Use segmentation tools such as firewall rule sets and load balancers to regulate the IP addresses that can access network segments.

> OSI layers
- Application layer firewalls work on the Layer 7 of the OSI model. They are considered to be third-generation firewalls.
- Third generation firewalls work by inspecting inbound and outbound packets and blocking packets that don't meet the rule requirements.
- The application layer firewall protects the stack of layers below it.
- Transport layer (Layer 4) firewalls are considered to be stateful firewalls. They are referred to as second-generation firewalls. These firewalls:
- Log all connections and sort by new connections and existing connections. If traffic is not part of any connection, it's inspected against the firewall rules.
- Block connections that fail to meet the rule requirements.
- Network layer firewalls work on Layer 3. They are considered to be first-generation firewalls. First-generation firewalls:
- Check the network packet's source and destination address, protocol, and destination ports.
- Protect against packets coming from certain IP addresses.

> Secure Web Gateways
- SWGs and firewalls both detect malicious traffic. Firewalls work at the packet level, while SWGs work at the application level in the cloud.
- SWGs are a network security service that filters malware from user-side internet connections. SWGs use URL filtering, application control, data loss prevention, https inspections, and antivirus protection.
- SWGs are proxies between the organization and the internet. They receive requests from clients before deciding if the session is legitimate.
- SWGs can monitor and log all on-premises traffic, as well as traffic in public and private clouds. This helps you understand where your vulnerabilities are, which allows you to implement security and use policies intentionally.

Application control is implemented in a similar manner for most mobile device operating systems.

> For iOS devices, all apps come from Apple's App Store, which uses the following mechanisms to secure apps:
- Running apps are sandboxed. This means they cannot access data stored by other running apps, nor can they access system files and resources.
- All iOS apps must be digitally signed by either Apple or by a third party developer using an Apple-issued certificate. This ensures that apps from the App Store haven't been tampered with.
- App developers can use encryption APIs to protect app data. Data can be symmetrically encrypted using AES, RC4, or 3DES.

> For Windows RT devices, all apps come from Microsoft's Windows Store. The following mechanisms secure apps:

- Windows RT refuses to load modules not digitally signed by Microsoft. This ensures that apps from the Windows Store haven't been tampered with.
- All apps available through the Windows Store use the Windows RT API, which contains significant security enhancements, including:
- Windows anti-buffer-overflow memory restrictions
- Data Execution Prevention (DEP)Address Space Layout Randomization (ASLR)SafeSEH, sacrificial canary values

Be aware, however, that iOS devices can be jailbroken. Jailbreaking allows apps to be installed from sources other than the App Store. Likewise, apps that aren't from the Windows Store can be installed on Windows RT devices using a process called sideloading. Either of these actions can seriously compromise the security of the device and should be avoided.

Apps for the Android operating system are not as tightly controlled as those for iOS and Windows RT. Some Android app stores implement good security and tightly control apps much like the App Store and the Windows Store, but others do not. It is strongly recommended that you use apps that come only from a reputable source, such as the following:

> Google Play Store
> Amazon Appstore for Android
> Samsung Apps

One option you can use instead of Gorup Policy is mobile device management (MDM). Its security settings include the following:
> Security settings can be manually configured on each individual device. This option doesn't require any additional infrastructure to be implemented. However, it can be a time-consuming task for the administrator (especially in a large organization with many mobile devices) and is not recommended.
> For devices running Apple's iOS operating system, security settings can be distributed in a configuration profile for users to install. The profile can be defined so that only an administrator can delete the profile, or you can lock the profile to the device so that it cannot be removed without completely erasing the device. This option also doesn't require any additional infrastructure for implementation. However, it does rely on the end user to actually implement the profile, which can be problematic. Additionally, it is not a dynamic strategy, so making even the smallest change to your mobile device security policies would require a great deal of effort to implement.
> A mobile device management solution that pushes security policies directly to each device over a network connection can be implemented. This option enables policies to be remotely enforced and updated without any action by the end user. Many companies have MDM products, including Apple, Cisco, and Microsoft.

You work as the IT security administrator for a small corporate network. The receptionist uses an iPad to manage employees' schedules and messages. You need to help her secure the iPad because it contains all of the employees' personal information.

In this lab, your task is to:
> View the current iOS version and then answer the applicable question.
> Apply the latest software update and then answer the applicable question.
> Configure Auto-Lock with a five-minute delay.
> Configure Passcode Lock using a passcode of C@sp3r
> Require the passcode after five minutes.
> Configure Data Erase to wipe all data after 10 failed passcode attempts.
> Require unknown networks to be added manually.
> Turn off Bluetooth.

Complete This Lab as Follows:

1. Verify the current version of iOS installed on your iPad.
a. Select Settings.
b. From the Settings pane, select General.
c. From the General pane, select About.
d. In the top right, select Answer Questions.
e. Answer Question 1. Leave the question dialog open.

2. Apply the latest software update.
a. From the About pane's heading, select General. This returns you to the General settings.
b. From the General pane, select Software Update.
c. Select Download and Install.
d. Select Agree.
e. Select OK. The software is downloaded.
f. Select Install.
g. The installation automatically starts after 10 seconds.
h. Slide the arrow to the right to unlock the iPad.
i. Answer Question 2 and then minimize the question dialog.

3. Configure Auto-Lock.
a. From the Settings pane, select Display & Brightness.
b. From the right pane, select Auto-Lock and then select 5 minutes.

4. Configure Complex Passcode Lock and Data Erase.
a. From the left menu, select Touch ID & Passcode.
b. From the right pane, select Turn Passcode On.
c. Enter the new passcode of C@sp3rSelect Next.
d. Re-enter Done.
e. Scroll down and then slide Erase Data to ON.
f. Select Enable.
g. Select Require Passcode.
h. Select After 5 minutes.

5. Require unknown networks to be manually added.
a. From the left menu, select Wi-Fi.
b. Slide Ask to Join Networks to OFF.

6. Turn off Bluetooth as follows:
a. From the left pane, select Bluetooth.
b. Slide Bluetooth to OFF.
c. In the top right, select Answer Questions.
d. Select Score Lab.

You are a network technician for a small corporate network. You need to enable BYOD Guest Access Services on your network for guests and employees that have mobile phones, tablets, and personal computers.

In this lab, your task is to perform the following:
> Access the Wireless Controller console through Google Chrome on http://192.168.0.6.
- Username: admin (case sensitive)
- password: password
> Set up Guest Access Services using the following parameters:
- Name: Guest_BYOD
- Authentication: Use guest pass authentication
- The guest should be presented with your terms of use statement and then allowed to go to the URL he or she was trying to access.
- Verify that 192.168.0.0/16 is on the list of restricted subnets.
> Create a guest WLAN using the following parameters:
- Network name: Guest
- ESSID: Guest_BYOD
- Type: Guest Access
- Authentication: Open
- Encryption Method: None
- Guest Access Service: Guest_BYOD
- Isolate guest wireless clients from other clients on the access point.
> Open a new Google Chrome window and request a guest pass using the BYODAdmin user as follows:
- URL: 192.168.0.6/guestpass
- Username: BYODAdmin (case sensitive)
- Password: P@ssw0rd (0 is a zero)
- Use any full name in the Full Name field.
- Make a note of or copy and paste the key in the Key field.
> Use the key from the guest pass request to authenticate to the wireless LAN Guest_BYOD from the Gst-Lap laptop computer in the Lobby.

Complete this lab as follows:

1. Access and log into the Ruckus ZoneDirector.
a. From the taskbar, select Google Chrome.
b. In the URL field, enter 192.168.0.6 and then press Enter.
c. Maximize the window for easier viewing.
d. In the Admin field, enter admin (case sensitive).
e. In the Password field, enter password as the password.
f. Select Login.

2. Set up Guest Access Services.
a. Select the Configure tab.
b. From the left menu, select Guest Access.
c. Under Guest Access Service, select Create New.
d. Change the Name field to Guest_BYOD.
e. For Terms of Use, select Show terms of use.
f. Expand Restricted Subnet Access.
g. Verify that 192.168.0.0/16 is listed.
h. Select OK.

3. Create a Guest WLAN.
a. From the left menu, select WLANs.Under WLANs, select Create New.
b. Change the Name to Guest.
c. Change the ESSID to Guest_BYOD.
d. Under Type, select Guest Access.
e. For Wireless Client Isolation, select Isolate wireless client traffic from other clients on the same AP.
f. Select OK.
g. Close Google Chrome.

4. Request a Guest password.
a. . Open a new Google Chrome browser window.
b. In the URL field, enter 192.168.0.6/guestpass and then press Enter.
c. Maximize the window for easier viewing
d. .In the Username field, enter BYODAdmin (case sensitive).
e. Enter P@ssw0rd as the password (0 is a zero).
f. Select Log In.
g. In the Full Name field, enter any full name.
h. In the Key field, highlight the key and press Ctrl + C to copy the key.
i. Select Next.

5. Access the wireless Guest Access Service from the guest laptop in the lobby.
a. From the top menu, select Floor 1.
b. Select Gst-Lap in the lobby.
c. In the notification area, select the Network icon.
d. Select Guest_BYOD.
e. Select Connect.
f. Select Yes.
g. After Internet Explorer opens to the Guest Access login page, paste the key from the Key field.
h. Select Log In.

What is virtual machine based isolation?

Which component is most likely to allow physical and virtual machines to communicate with each other?

Which software is used separate the physical resources from the virtual environments?

What is the name of a virtual representation of a physical machine?