Room: https://tryhackme.com/room/introtosecurityarchitecture
Summary:
The TryHackMe room ‘Secure Network Architecture’ is a walkthrough for the Security Engineer path and part of the Win Prizes And Learn — 2023 promotion. https://tryhackme.com/room/tickets4!
Task 2: Network Segmentation
- How many trunks are present in this configuration?
4 - What is the VLAN tag ID for interface eth12?
30
Task 3: Common Secure Network Segmentation
3. From the above table, what zone would a user connecting to a public web server be in?
External
4. From the above table, what zone would a public web server be in?
DMZ
5. From the above table, what zone would a core domain controller be placed in?
Restricted
Task 4: Network Security Policies And Controls
6. According to the corresponding ACL policy, will the first packet result in a drop or accept?
Accept
7. According to the corresponding ACL policy, will the second packet result in a drop or accept?
Drop
Task 5: Zone-Pair Policies And Filtering
8. What is the flag found after filling in all blanks on the static site?
THM{M05tly_53cure}
Task 6: Validating Network Traffic
9. Does SSL inspection require a man-in-the-middle proxy? (Y/N)
Y
10. What platform processes data sent from an SSL proxy?
Unified Threat Management
Task 7: Addressing Common Attacks
11. Where does DHCP snooping store leased IP addresses from untrusted hosts?
DHCP Binding Database
12. Will a switch drop or accept a DHCPRELEASE packet?
Drop
13. Does dynamic ARP inspection use the DHCP binding database? (Y/N)
Y
14. Dynamic ARP inspection will match an IP address and what other packet detail?
MAC Address