You are here: Home / Example of Rudimentary Practical Exam for Basic Systems Administrator / SysOps / DevOps

Example of Rudimentary Practical Exam for Basic Systems Administrator / SysOps / DevOps

I recently accepted an intern from Eastern Washington University.

After completing their degree and just needing a 3 months internship,

I thought I would get someone who could help us. Instead I had to train them in everything from scratch. Here is an example of the extremely basic rudimentary tasks they spent three months trying to learn just these basic fundamentals. Unfortunately this is typical of most Bachelors level college graduates I'm seeing, unless they had prior experience. Basically the degrees have been churning out completely useless people from an employers perspective if they only rely on the degree. Be warned, this is only getting worse in the last 5-10 years.

 

Example Tasks:

 

Example Network Environment:

  • T-mobile Wifi and Gateway Router
  • 2 user laptops:
    • 1 running windows with VirtualBox and Linux inside of VM (wifi network connection)
    • 1 running Ubuntu 22.04 (wired and wireless network connections)
  • 1 Dell tower Running Linux (wired ethernet connection)
  • 1-2 Additional network devices or computers brought by test facilitator that the testee does not have physical access to.

 

PART 1: Maximum Time: 5 minutes

Typing test using: tipp10 Exam will be using Lesson 18.

Baseline to compare to is 161 cpm 38 typing errors. (3% error rate) total 1304 characters Duration 5 minutes. Grading for typing will be based on the results of the typing compared to baseline numbers . This portion of the final exam is worth 10% of overall final grade. Duration of this exam is maximum: 5 minutes.

 

PART 2

Practical InfoSec Security Testing Exam will take place using Dell Server Linux GUI to perform tasks.
This portion of the final exam is worth 40% of the total final exam grade.

Before starting this exam, shut down all computers, including both laptops and the Dell server.
Wait 5 minutes, then boot up first the Dell server, then laptop1, then laptop2.
An additional (fourth) device, provided by supervisor, will also be added to the network either via ethernet or Wifi.

 

Part 2.1: Maximum Time: 10 minutes

From laptop2, Determine the following network information and subnet using ifconfig, ip, and netstat, using IPv4, no IPv6 requirements (ignore loopback and non-connected devices, only list devices connected to the active network):
Network interface type (wired or wifi): ____________
Network interface device name: _______________
Network IPv: 192...___
Subnet Mask: 255...___
Subnet Mask CIDR Notation: 192.../
Network Broadcast: ...
Internet Gateway IP: ...
MAC Address: :::::__

In either the Infrastructure Notebook or word processor document saved, write down the above information in an organized
fashion.

 

Part 2.2: Maximum Time: 20 minutes

From the laptop2 (Linux laptop not the windows laptop), scan the network using the nmap command line.
Find all hosts on the network, including getting the following information:

  • IP address of each device on the network (should be at least Wifi/gateway, plus three computers).
  • Mac address of each device on the network.
  • Short summary of Open ports on each device on the network.
  • Attempt OS fingerprint identification of each device on the network.

In either the Administrator's Logbook or word processor document saved, write down the above information in an organized fashion.

 

Part 2.3: Maximum Time: 30 minutes

From the Dell Server, Using nmapsi4 GUI, scan whole network

  • "Discover a network" > Probes Mode "icmp" > IPs range (IPv4) "Range of IP" from 1 to 254

Discover form IP range

  • Save the IP list to a file
  • From the list of devices found, one by one, scan each host for open ports, and attempt to identify the host Operating system and other information. Write down the information found for each host/device on the network in the Logbook
  • From the list of devices found, one by one, run Host Scan with "Default, base nse script" option.
    Get the following information about each host:
    -- IP Address(es)
    -- MAC Address
    -- Device type
    -- Running OS: ______
    -- OS Details: ______
    -- Uptime guess:
    -- Network distance: ___ hop(s)
    -- Service Info: Host: ______ OS: _____ CPE: _______ (include kernel info)
    --- Total scan time in seconds for each host
    -- Services Details: Port, State, Service, and Description
    -- NSE Result summary from "Host results" section

 

Part 2.4: Max 20 minutes

  • Based on the list of services and their version information, use the nmapsi4 tools that
    allow search for looking up service vulnerabilities.
    -- Perform this for the OS kernel version and the main services found.
  • If any CVE's found for the relevant service, list at least one CVE number for each servi
    ce found. If no CVEs found, indicate "no CVE found".
  • Save to Administrators logbook or word processing document in orderly fashion.
 

PART 3 Maximum 20 minutes


Scan external server as provided by supervisor the day of the exam.
During practice, scan the following hosts for practice (it will be different hosts for the final exam):
Practice host 1: www.rpgresearch.com
Practice host 2: www.rpg.llc

Using nmap4si:

  • Scan each targeted Internet host specified
  • Find and document IP address
  • List open ports found
  • List fingerprint OS detection guess results
  • List reverse DNS in-addr-arpa information
  • Perform CVE vulnerability search on found services for vulnerabilities, list at least one CVE per HOST (do not need to list for all services).

For final exam (do not scan before final) scan host 1: <fqdn>
For final exam (do not scan before final) scan host 2: <fqdn>

 

PART 4: Maximum 15 minutes

Practical server Exam tasks will take place using Laptop with VirtualBox running Linux inside VM. This portion of the final exam is worth 50% of the total final exam grade. Intern has maximum time to complete this task of ______________ Intern will be connecting to remote systems with SSH and web browse to perform and verify these tasks. Create new AWS free tier (t2.micro) EC2 instance with public IP. Ports 22 (ssh), 80 (http), and 443 (https) enabled for public access (0.0.0.0/0). Create new SSH keys during creation. When practicing, using keynames: practivekey1, practicekey2, etc. During final exam, name key: finalexamkey1 Save keys to the linux side in /home/<username>/ in the SSH configuraiton directory. Make sure the permissions for the key files are correct, using chmod as needed. Create new AWS free VM using EC2 console with Debian 11 installed Add keys to linux VM laptop for SSH for each VM

Modify SSH config file to add new server entries as short cuts.
Name the practice instances: awspracticeserver1, awspracticeserver2, etc. in the config file with the correct IP addresses of the servers

using ssh config shortcut hostname aliases, connect to each VM using the .pem encryption keys.

perform apt update and apt upgrade on new instances, and reboot instances for updates to take full effect.

Using EC2 web console, assign/allocate a static / elastic IP address to AWS VM instance. (ignore this if it will cost money)

Using Godaddy DNS console (under supervisor's supervision):
For practices Add new DNS entries to each IP for each new VM when practicing:
practice1.(domain.tld)
practice2.(domain.tld)
etc.

For final exam (do not do until final exam):
finalexam1.(domain.tld)

Once DNS is in place:

  • On AWS VM, using apt, install specified simple web server and get it working to publicly serve up default web page, verify before next step.
  • verify that http://<server IP> DOES work
  • verify that http://<servername> DOES work
  • Then create/modify index.html web server to serve up custom index.html page publicly. That states "This is my practice test server number ___" (or for final exam "this is my final exam test ser
    ver")
  • verify that https://<server IP> does NOT work yet.
  • verify that https://<servername> does NOT work yet.
  • Then install and use certbot to create SSL certificates for the public server DNS name
  • Verify that http automatically redirects to https://<servername>
  • Verify that https://<servername> serves up custom index.html page correctly

 

PART 5

Lab clean Up

  • Once everything verified working. shutdown and terminate the test instances to free up resources. This may include separating the EIP network node from the instance before terminating/deleting
    the instance.
  • Verify all AWS practice and test instances in state terminated

Bonus task (if time permits):

 

Navigation