Short answer questions

Student Assessment Pack

Student and Trainer/Assessor Details

Course and Unit Details

Assessment Submission Method

Student Declaration

Assessment Plan

To demonstrate competence in this unit, you must be assessed as satisfactory in each of the following assessment tasks.

Assessment Conditions

This unit describes the skills and knowledge required to mitigate security threats to a wireless local area network (WLAN) by implementing security standards and policies.

It applies to individuals with advanced information and communications technology (ICT) skills who are working as wireless help desk support technicians, wireless network support specialists and wireless network engineers.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

· Plan to implement wireless network security

· Design, implement and test guest access services

· Design, implement and test the security of wireless client devices

· Design, implement and test the integration of wireless network with organisational network admission control systems

· Evaluate and plan secure wireless connectivity services

· Manage the requirements to integrate the WLAN with advanced security platforms

The student will have access to the following:

· Learner guide

· PowerPoint presentation

· Unit Assessment Pack (UAP)

· Access to other learning materials such as textbooks

The resources required for these assessment tasks also included:

· A site or prototype where network installation may be conducted

· Hardware and software

· Organisational guidelines

· Live network

· Stand-alone and lightweight WLAN controllers and access points (AP)

· Hardware and software WLAN site survey tools

· Hardware and software IDS and IPS.

Your trainer/assessor will confirm assessment submission details for each assessment task.

Academic Integrity

Academic Integrity is about the honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas.

As a student, you are required to:

· undertake studies and research responsibly and with honesty and integrity

· ensure that academic work is in no way falsified

· seek permission to use the work of others, where required

· acknowledge the work of others appropriately

· take reasonable steps to ensure other students cannot copy or misuse your work.

Plagiarism

Plagiarism means to take and use another person's ideas and or manner of expressing them and to pass them off as your own by failing to give appropriate acknowledgement. This includes material sourced from the internet, RTO staff, other students, and from published and unpublished work.

Plagiarism occurs when you fail to acknowledge that the ideas or work of others are being used, which includes:

· Paraphrasing and presenting work or ideas without a reference

· Copying work either in whole or in part

· Presenting designs, codes or images as your own work

· Using phrases and passages verbatim without quotation marks or referencing the author or web page

· Reproducing lecture notes without proper acknowledgement.

Collusion

Collusion means unauthorised collaboration on assessable work (written, oral or practical) with other people. This occurs when a student presents group work as their own or as the work of someone else.

Collusion may be with another RTO student or with individuals or students external to the RTO. This applies to work assessed by any educational and training body in Australia or overseas.

Collusion occurs when you work without the authorisation of the teaching staff to:

· Work with one or more people to prepare and produce work

· Allow others to copy your work or share your answer to an assessment task

· Allow someone else to write or edit your work (without rto approval)

· Write or edit work for another student

· Offer to complete work or seek payment for completing academic work for other students.

Both collusion and plagiarism can occur in group work. For examples of plagiarism, collusion and academic misconduct in group work please refer to the RTO’s policy on Academic integrity, plagiarism and collusion.

Plagiarism and collusion constitute cheating. Disciplinary action will be taken against students who engage in plagiarism and collusion as outlined in RTO’s policy.

Proven involvement in plagiarism or collusion may be recorded on students’ academic file and could lead to disciplinary action.

N/A

· This unit is not graded and the student must complete and submit all requirements for the assessment task for this cluster or unit of competency to be deemed competent.

· Students will receive a 'satisfactorily completed' (S) or 'not yet satisfactorily completed (NS) result for each individual unit assessment task (UAT).

· Final unit result will be recorded as competency achieved/competent (C) or competency not yet achieved/not yet competent (NYC).

Unit Assessment Task (UAT) -1

Assessment Task 1 - Unit Knowledge Test (UKT)

Assessment type:

· Written Questions

Instructions:

· This is an individual assessment.

The purpose of this assessment task is to assess the students’ knowledge required to ensure secure file encryption is selected, implemented and monitored on a computer network or local environment.

· To make full and satisfactory responses you should consult a range of learning resources, other information such as handouts and textbooks, learners’ resources and slides.

· All questions must be answered in order to gain competency for this assessment.

You may attach a separate sheet if required.

You must include the following particulars in the footer section of each page of the attached sheets:

· Student ID or Student Name

· Unit ID or Unit Code

· Course ID or Course Code

· Trainer and assessor name

· Page numbers

You must staple the loose sheets together along with the cover page.

You must attach the loose sheets chronologically as per the page numbers.

· Correction fluid and tape are not permitted. Please do any corrections by striking through the incorrect words with one or two lines and rewriting the correct words.

Resources required to complete the assessment task:

Learner guide

PowerPoint presentation

Unit Assessment Pack (UAP)

Access to other learning materials such as textbooks

Access to a computer, the Internet and word-processing system such as MS Word.

Question 1: Answer the following questions:

A. What do you understand VLAN is and also relate its advantages? Write your answer in 100-150 words.

B. What are the steps involved in the configuration, verification and troubleshooting for virtual local area (VLAN) switching?

Question 2: Answer the following questions.

A) What is VLAN Trunk and what protocol is used in VLAN Trunk? Answer in 70-100 Words.

B) Briefly explain the basic commands to configure, verify and troubleshoot VLAN Trunk.

Question 3: Answer the following questions:

A) What is routing and list three types of routing?

B) Briefly explain the basic router configuration procedure. Answer in 30-50 words.

C) Briefly explain the router troubleshooting and verification procedure. Answer in 50-100 words.

Question 4: Summarise the following each in 150-200 words.

A. iDevice operating system (iOS)

B. Internet Protocol (IP) Networking Model

Question 5: Summarise the following security protection mechanisms:

A. Intrusion Prevention System (IPS)

B. Intrusion Detection System (IDS)

Write 100-150 words for each.

Question 6: What are four (4) network threat mitigation strategies? Write 30-70 words for each.

Question 7: Answer the following questions:

A. Briefly explain two regulations you need to follow in Australia related to ICT sector? Write your response in 150-200 words.

B. What are the three (3) mostly used Wireless Standards? Write your answer in 100-150 words.

C. Explain CCNA and CCNP wireless certifications each in 50-80 words.

Question 8: What are the six (6) wireless network deployment schemes? Write your response in 150-200 words.

Question 9: Explain the following wireless network security technologies each in 100-150 words:

A. WEP - Wired Equivalent Privacy

B. Wi-Fi Protected Access (WPA)

Question 10: What are the two (2) wireless network topologies? Write 50 -100 words for each.

Question 11: Answer the following questions:

A. Explain two (2) Wireless Network Architectures and its characteristics? Write your response in 100-150 words for each.

B. Summarise six (6) Wireless Network Elements each in 40-80 words.

Question 12: Briefly explain the following wireless network technologies? Answer in 30-60 words each.

a. Wireless Personal Area Network (WPAN)

b. Wireless Local Area Network (WLAN)

c. Wireless Metropolitan Area Network (WMAN)

d. Wireless Wide Area Network (WWAN)

Question 13: What are the three (3) wireless network protocols? Write 30-70 words for each.

Question 14: Answer the following questions:

A. Explain how can firewalls provide advanced security platform for WLAN? Write your response in 50-100 words.

B. What are the ten (10) features to consider in a firewall as an advanced security platform for WLAN? Write your answer in 100-150 words.

C. Explain how antivirus (Security platform) can help to improve wireless network? Answer in 30-50 words.

Question 15: List three (3) WLAN devices along with their specifications and uses? Write 50-100 words for each device.

Question 16: Summarise the following:

A. What are the WLAN Radio frequency characteristics? Write your response in 150-200 words.

B. Explain the two (2) measuring techniques of WLAN Radio frequency each in 80-120 words.

Question 17: Answer the following questions:

A. What are the three (3) types of security policies to ensure organisational and regulatory standards? Write 100-150 words for your response.

B. What are the two (2) benefits of Network Security Compliance Regulations? Write 50-100 words for each benefit.

Question 18: Answer the following questions:

A. What are the benefits of Wireless Network Access Services? Write your answer in 150-200 words.

B. What is a Wireless LAN Controller and what are its features? Write 150-200 words for your response?

C. Explain Auto Anchor Mobility Mode in 100-150 words.

D. List the ten (10) steps involved in troubleshooting guest access issues.

Question 19: Answer the following.

A. What is management frame protection and how does it help to secure the wireless infrastructure? Write your response in 100-150 words.

B. Explain integration of Network Access Control with network security tools in 100-150 words.

C. Explain Client Certificates and Server Certificates each in 80-120 words.

Question 20: Answer the following questions:

A: Summarise two (2) causes and their solutions for slow wireless connections? Write your response in 150-200 words

B: What are the seven (7) factors to consider for Work Health and Safety in network installation operations? Write 30-70 words for each in your answer.

Question 21: Answer the following questions:

A. What are the features of Cisco Network Admission Control Solution? Write your answer in 100-150 words.

B. Explain four-factor authentication in 50-100 words.

Question 22: Answer the following Questions:

A. What are the features of WLAN Controllers? List any five.

B. What are the capabilities of Network Access Control? Write your response in 50-100 words.

Question 23: Answer the following questions:

A. What are the five (5) elements of wireless network security solution? Write 30-50 words for each solution.

B. What are the factors to consider while configuring firewall for wireless network? Write your answer in 100-150 words.

Unit Assessment Task (UAT)-2

Assessment Task 2 – Unit Project (UP)

Assessment type:

Unit Project (UP)

Instructions to complete this assessment task:

· Please write your responses in the template provided.

· You may attach a separate sheet if required.

· You must include the following particulars in the footer section of each page of the attached sheets:

· Student ID or Student Name

· Unit ID or Unit Code

· Course ID or Course Code

· Trainer and assessor name

· Page numbers

· You must staple the loose sheets together along with the cover page.

· You must attach the loose sheets chronologically as per the page numbers.

· Correction fluid and tape are not permitted. Please do any corrections by striking through the incorrect words with one or two lines and rewriting the correct words.

· The premise of the project must be closely related to the previous assessment task.

· This submission must be well presented and follow the guidelines and instructions provided.

· Please follow the format as indicated in the template section below.

· One of the most important steps that you can take: proofread your project.

· Project must be of 500-800 words in length, using 11-point font, double-spaced, and must include a cover page, table of contents, introduction, body, summary or conclusion, and works cited.

· Appropriate citations are required.

· All RTO policies are in effect, including the plagiarism policy.

Scenario: -

Devon Technical College is a private Registered Training Organisation (RTO) with a campus based in Western Melbourne. It offers over 40 certificate and diploma level qualifications in the Vocational Education and Training (VET) sector for a large number of subject areas including business, community services, education, information technology, health, hospitality, and many others.

Students select from one of two study shifts (morning or afternoons) to undertake study which is self-directed in nature or trainer led, and to undertake assessments. With the self-directed courses, trainers/assessors are on hand to handle student’s queries, while other courses are trainer led.

There are currently 450 students that attend the institute across a wide range of classrooms.

The RTO has basic Wi-Fi for the students, staff and visitors. Stakeholders use different devices like phones, tablets and laptops. The current Wi-Fi has the following issues:

· No security for Wi-Fi

· Some areas do have Wi-Fi access

· Access point is not setup properly

· Slow or no internet

The wireless network setup including the Access Points-AP are all handled and managed by the IT department of the RTO. The IT department is responsible for not only providing the Wireless Access to the customers and the staff members but also responsible for the management of the whole IT and the Network infrastructure of the RTO.

The IT network itself is comprised of the Servers, Computers, Printers, Scanners, Online CCTV camera setup along with the wireless access point. This IT infrastructure is all connected with an efficient and sophisticated Local Area Network. As highlighted earlier while establishing the Access Point the IT department has already segmented into multiple access control parameters ensuring the segregation of customers, staff of different shops and the IT staff of the account.

IT department needs to design and implement a wireless network security solution of the RTO. The IT department is headed by the ICT Manager Steve who is responsible for the management and the administration of the whole IT setup of the RTO while Smith the Network Security Engineer works in coordination with the ICT Manager to manage and setup the network infrastructure of the RTO. The job responsibilities of both the key IT personal along with the Network Diagram of the RTO to illustrate the network infrastructure and Wireless access points are given below:

Job description of the ICT Manager:

· Analysing information needs and specifying technology to meet those needs

· Formulating and directing information and communication technology (ICT) strategies, policies and plans

· Directing the selection and installation of ICT resources and the provision of user training

· Directing ICT operations and setting priorities between system developments, maintenance and operations

· Overseeing the security of ICT systems

· Running regular checks on network and data security

· Identifying and acting on opportunities to improve and update software and systems

· Developing and implementing IT policy and best practice guides for the organisation

· Designing training programs and workshops for staff

· Conducting regular system audits

· Running and sharing regular operation system reports with senior staff

· Overseeing and determining timeframes for major IT projects including system updates, upgrades, migrations and outages

· Managing and reporting on allocation of IT budget

· Providing direction for IT team members

· Identifying opportunities for team training and skills advancement

Job description of the Network Engineer:

· Planning, engineering, and monitoring the security arrangements for the protection of the network systems.

· Identifying, monitoring, and defining the requirements of the overall security of the system. Creating different ways to solve the existing threats and security issues.

· Configuring and implementing intrusion detection systems and firewalls.

· Testing and checking the system for weaknesses in software and hardware.

· Maintaining firewalls, virtual private networks, web protocols, and email security.

· Creating virus and threat detection systems.

· Configuring and installing security infrastructure devices.

· Investigating intrusion and hacking incidents, collecting incident responses, and carrying out forensic investigations.

· Determining latest technologies and processes that improve the overall security of the system.

· Using industry-standard analysis criteria to test the security level of the firm.

· Developing tracking documents to note system vulnerabilities.

· Reporting the security analysis and monitoring findings.

· Supervising the configuration and installation of new software and hardware.

· Implementing regulatory systems in accordance with IT security.

· Informing the company about the security incidents as soon as possible.

· Modifying the technical, legal, and regulatory aspects of the system security.

· Defining and maintaining security policies.

· Occasionally replacing the security system protocol and architecture.

· Maintaining switches and servers.

Network diagram of the RTO to give illustration of all the all the computers, printers, scanners, servers, Wi-Fi access points, switches, routers

Activity 1:

Task 1: Wireless Network Security Plan

The IT department is keen to design and implement wireless network security for Devon Technical College to ensure efficient and more secured usage of network resources for the students, staff members and visitors. For the design and the implementation of the wireless network security the IT department needs to draft and document a wireless network security plan. This security plan will help to understand both the requirements of the security parameters and the implementation mechanism to be followed for the wireless network security.

The student will act as the Network Security Engineer and will prepare the wireless network security plan as per the requirements specified by the ICT Manager and the management of Devon Technical College. The Network Security Engineer will prepare the security plan under the assistance of the ICT Manager and as per the network infrastructure of the RTO. Also, the Network Security Manager needs to ensure that the plan is according to continuous growth of the IT setup and as per the security needs and that can also be used for the future correspondence.

The Wireless Network Security Plan must include the following and also the student needs to complete the template for the security plan given below:

· Review given organisational and regulatory policies to identify security standards

· Review RTO stakeholders issues and requirements against WHS and security compliance requirements

· Develop a wireless network security plan including the following

· Purpose of the plan

· Define stakeholder

· Issues with the current wireless system

· Hardware and software required

· Wi-Fi protection (Security)

· Security threats and risks

· Firewall requirements of wireless security

Template for Wireless Network Security Plan

Task 2: Analysis of Guest Access Services

For the design and implementation of the guest access services, you need to discuss with the ICT Manager about different architectures of guest access services and need to elaborate each and select one in consultation with the ICT Manager as per your requirements.

The trainer/assessor will act as the ICT Manager and will discuss and sort out all the queries relating the guest access service. The guest access service will help to define the mechanisms of granting access to the different users including the permanent and the guest users. Also, complete the minutes of meetings given below for the analysis of the guest access services.

You need to complete this task in 10-15 minutes and your trainer may provide you additional time if required.

You are required to complete the following meeting minute’s template and submit to your trainer/assessor.

Performance criteria checklist for unit assessment task:

Task 1: Design a wireless local area network (WLAN) site security plan

In this task you need to produce a map for wireless network for the RTO. In the map you need to include:

· Access points

· Devices

· Guest access

· Switch

· Router

You are required to prepare a map in a packet tracer software and provide IP address to the relevant devices.

You need to submit you network map to your trainer and assessor. You need to complete this task in 1-2 hours. Trainer may provide you additional time if required.

Task 2: Implement and test a wireless local area network (WLAN) site security plan

Note: This activity is continuing of a previous activity.

Reference to the wireless network security plan developed in the previous activity, you are being the Network Security Engineer needs to implement the WLAN security plan. You need to implement the plan in coordination with the ICT Manager which will be acted by the trainer/assessor. For the implementation of the network security, you need to perform the tasks in the environment of a Live Network environment provided by the trainer/assessor.

The trainer/assessor will act as a supervisor and will guide you through the initial process of implementation the network security plan on the network infrastructure.

You need to complete this task in 6-8 hours. Your trainer may provide you additional time if required.

Note: For This activity RTO/Assessor will provide you the following:

· A site or prototype where network installation may be conducted

· Hardware and software (Included in the security plan)

· Organisational guidelines (Scenario)

· Live network

· Stand-alone and lightweight WLAN controllers and access points (AP)

· Hardware and software WLAN site survey tools

· Hardware and software IDS and IPS.

The student needs to perform the WLAN security implementation including the following:

· Setup and configure guest access accounts

· Set the Guest Username Policy

· Set the Employee Name Policy

· Create a self-registered portal

· Manage guests account

· Manage Employee Accounts

· Configure WLAN controller authorisation

· Configure DHCP

· Configure Virtual Gateway IP

· Use Broadcast SSID

· Enable Local Client Profiling

· Configure the anchor and internal controllers

· Configuration of the authentication of clients and management frame protection on clients and controllers

· Restrictions for Management Frame Protection

· Viewing the Management Frame Protection Settings (GUI)

· Debugging Management Frame Protection Issues

· Configure access control servers for integration with wireless network

· Configure client- and server-side digital certificate services

· Test, verify and troubleshoot the following:

· Guest Access Issues

· Wireless Connectivity Services

· IP Connectivity Failure

Performance criteria checklist for unit assessment task:

Unit Assessment Task (UAT)-3

Assessment Task 3 – Unit Project (UP)

Assessment type:

Unit Project (UP)

Instructions to complete this assessment task:

· Please write your responses in the template provided.

· You may attach a separate sheet if required.

· You must include the following particulars in the footer section of each page of the attached sheets:

· Student ID or Student Name

· Unit ID or Unit Code

· Course ID or Course Code

· Trainer and assessor name

· Page numbers

· You must staple the loose sheets together along with the cover page.

· You must attach the loose sheets chronologically as per the page numbers.

· Correction fluid and tape are not permitted. Please do any corrections by striking through the incorrect words with one or two lines and rewriting the correct words.

· The premise of the project must be closely related to the previous assessment task.

· This submission must be well presented and follow the guidelines and instructions provided.

· Please follow the format as indicated in the template section below.

· One of the most important steps that you can take: proofread your project.

· Project must be of 500-800 words in length, using 11-point font, double-spaced, and must include a cover page, table of contents, introduction, body, summary or conclusion, and works cited.

· Appropriate citations are required.

· All RTO policies are in effect, including the plagiarism policy.

This activity is continuing from the previous assessment task.

You will prepare the report under the supervision of the trainer/assessor and needs to complete the template given below. The report will not only help to strengthen the wireless network security but will also help to update network security plan in order to mitigate wireless network vulnerabilities for the security and the integrity of the network:

The report must include the following and you are also required to complete the template of the report given below:

· Purpose of the report

· Stakeholders

· Analyse end to end Wireless network Security solution

· Research end to end security solutions (Internet)

· Write security procedures or steps you will follow to implement end to end security

· Analyses given network architecture and identify the feasibility of the network

· Overview of network admission control

· Identify additional servers and/or services required

· Evaluate high level authentication process to ensure integration of the network

· Check different authentication levels and security of current network

Template for Report on Analysis of the END to END wireless security solution

Performance criteria checklist for unit assessment task:

Activity 2: Testing of Wireless Controllers and IDPS Solutions

You need to complete this activity in 6-8 hours. Your trainer may provide you additional time if required.

Note: For This activity RTO/Assessor will provide you the following:

· A site or prototype where network installation may be conducted

· Hardware and software

· Organisational guidelines (Given in the scenario)

· Live network

· Stand-alone and lightweight WLAN controllers and access points (AP)

· Hardware and software WLAN site survey tools

· Hardware and software IDS and IPS.

You need to perform the testing of wireless controllers and the IPDS solution as per the following:

· Wireless controllers

· Configure wireless controllers

· Test the functionality of wireless controller

· Configure the IDS to prevent malicious activities

· Configuring Rogue Detection (GUI)

· Configuring Rogue Detection (CLI)

· Classifying Rogue Devices

· Configuring Rogue Classification Rules (GUI)

· Configuring Rogue Classification Rules (CLI)

· Viewing and Classifying Rogue Devices (GUI)

· Troubleshoot the integration issues with access control

· Configure and test the WLAN controllers for wired and wireless IPDS network security

· Configuring IDS Signatures

· Viewing IDS Signature Events

· Configuring SNMP

· Changing the SNMP Community String Default Values

· Configuring Real Time Statistics

· Configuring SNMP Trap Receiver

· Check firewall configuration

· Review the inbound and outbound security

· Check the firewall setting is aligned with the organisational firewall requirements

· Use network tools (at least two tools)

· Test wireless controllers

· Test IPDS solutions at least two tools

· Review report produced by IDS related to network threats

· Update the security plan based on IDS, firewall and SNMP configuration to reduce wireless vulnerabilities

Performance criteria checklist for unit assessment task:

End of the Assessment

ICTNWK607- Student Assessment Pack V1.0 March 2019