Project report, knowledge test, scenarios, professional discussion.

Assessment Method 3: Scenario & Demonstrations

Scenario & Demonstration Labs

Apprentices must complete 4 scenario demonstrations in which they will demonstrate the KSBs assigned to this assessment method.

The scenarios will be simulated and provided remotely online by the EPAO. The products of each scenario will be submitted to the assessor and these will be assessed.

The scenario outputs will be supplemented by questioning.

The scenario demonstrations as well the questioning component must be completed within 10 days, starting from when the apprentice undertakes their first scenario demonstration.

The apprentice will be presented with scenarios relevant to their normal sphere of work, or sufficiently similar as to be equivalent in complexity, but which may use cyber challenges that are in a different business domain to the one in which they normally work.

The total time permitted for the scenario demonstrations is 7 hours 45 minutes typically over a minimum of 2 consecutive working days. A working day is typically considered to be 7.5 hours long.

Typical Scenario’s & What to Expect

Scenario 1

Looking for vulnerabilities/threats within information assets/operating system/firewall (such as security not enabled/security features not utilised/passwords/permissions/internet access) – This information will then be put in the appendix task sheet provided on Cloudshare Labs.

Scenario 2

Conducting a risk assessment / risk register / risk treatment (this is based on the findings of the vulnerabilities/threats from Scenario 1 – Think about the impact to the organisation and the mitigations/recommendations and the risk matrix used to determine the risk) – This information will also then be put in the appendix task sheet provided on Cloudshare Labs

Scenario 3

Configuring rules on a firewall (PFSense is one of the firewalls within the practice environment) – Such as Blocking Telnet / FTP / Remote Desktop / Social Media Sites etc  – Screenshot your configurations & testing for this and add it into your word document.

Additional PFSense Step By Step Guidance:

INSERT DOCUMENTS HERE – or links to documents – Possibly make pages with this?

Implementing security within VM could be such as:

  • Setting up multifactor authentication
  • Organising for malware scan to run at 01:00am 

Enabling File Level Encryption

Scenario 4

Running a script to look for ports open/closed with/without services running.

You can use NMAP / Zenmap / Python Port Scanning / Powershell etc – Screenshot your configurations & testing for this and add it into your word document.

NMAP Step by Step Guidance

INSERT NMAP GUIDE