Hey all!

I am finishing up the Server+ course and there has been discussions about Active Directory, DNS, DHCP, Backups, Group Policy, Load Balancing etc and even some touching of these technologies in the virtual labs. My question is, is there a place within IT Pro to actually configure these services from scratch? Its good to learn that these exist, but wouldn't it be better to build with these services to really get a full understanding of these technologies?

Thanks!

I work as a process control specialist in mining, part of what I do is OT or operational technology, and I am taking the A+ certification because there is a concept of IT/OT convergence. One thing I will say, for anyone looking to support industrial systems, is that some of them can be quite antiquated. For example, some industrial systems still operate on DOS or Windows XP, and some programs still use VB6. This isn't generally considered an issue as the old philosophy was complete segregation of networks, so these networks will never see the internet and there is no possibility of someone coming in remotely. The reason these industries don't upgrade is because it is very expensive. Why? well if you have an industry that makes $1m a day and you want to upgrade the control network and components you may be down for a week. Then everything has to be tested and essentially recommissioned. The process could take a very long time. Companies won't see the value in that if the system they have, which is old, still works. Upgrades rarely go off flawlessly, and a lot of thought has to go into it on a live process system.

However, modern day systems operate on current OS and there is a great deal to consider when creating paths between a plant LAN and business LAN. One of the main points of IT is security, and the loss of availability of a system can be tolerated in order to keep it secure. On the other hand, in OT the most important point is availability, yes security is a top priority, but imagine if you have a massive industrial boiler and you lock the operator out from it because of a security concern and they lose the ability to shut it down safely or monitor it. Security protocols implemented on the OT system must not interfere with the essential and emergency controls of an industrial automation control system (IACS). So, a lot of care has to be taken when approaching any connection between the two networks.

Another consideration that has to be made is that windows updates on the IACS servers cannot be implemented whenever. The vendors of the control systems thoroughly test the windows patches and create modified version compatible with their control system. These updates must be done in a very planned and deliberate manner. Consider if you did an update and it went south causing the database for the control system to corrupt, and I've seen it happen, then what was supposed to be a short update turns into a week long scramble to get the system back to working condition. seven days at 1 million a day is a lot for a company to swallow.

Anyone going into IT for an industry where control systems are present, and where they will be assisting the control network team, should read more about IT/OT convergence. Understanding that the thought process of an IT specialist and an OT specialist are different will help you in communicating and supporting the OT team. In my case I am on my own in my department and rely heavily on IT for support. In other cases, IT has nothing to do with the OT system. Generally speaking, best practices is that the two are separate, but with modern technology and IT/OT convergence, this may no longer be the case and we must rely on each other and work together for the common goal.

Hello Junaid!

Since Cisco ISE integrates with so many different technologies - you will discover it comes up a lot in our courses. For example, I just searched our video catalog for Cisco ISE and got a full page of courses.

But it sounds like you are looking for the full documentation and perhaps even a practice lab environment.

The complete configuration guides for Cisco ISE are available here:

https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-installation-and-configuration-guides-list.html

Should you want to get hands-on practice with the device - you can do that here:

https://developer.cisco.com/docs/sandbox/#!security/overview

Thanks so much for choosing ACI Learning and we are always standing by to help.

Matthew, The change was intentional. We have decided to take a more modular approach to recording the content. All 3 shows do cover the exam content together. IF it's not completed yet, it should be soon, that if you were to search for SC-200, that it would bring up all 3 courses.

Hello,

I came cross this question on CISSP practice exam and think that the answer is wrong. Any comments?

Which statements do NOT define the requirements of a security kernel?
a. The reference monitor should be verified as correct.
b. The reference monitor should provide process isolation.
c. The security kernel should be verified in a comprehensive manner.
d. A method to circumvent the security should be implemented by the reference monitor.

CyberVista says correct answer is "b and d". But should't it be "d" only? The reference monitor should provide process isolation, isn't it?

Here is what google's ai think about the subject:
Both reference monitor and base and limit registers provide process isolation.
• Reference monitor is a security mechanism that mediates all accesses to objects by subjects. It is a central part of a computer system's security architecture and is responsible for enforcing the system's security policy. Process isolation is one of the security features that the reference monitor provides.
• Base and limit registers are hardware registers that are used to implement memory protection. They are used to define the boundaries of a process's address space. This prevents processes from accessing each other's memory.
Both reference monitor and base and limit registers provide process isolation, but they do so in different ways. The reference monitor is a software mechanism that is responsible for enforcing the system's security policy. The base and limit registers are hardware registers that are used to define the boundaries of a process's address space.
In modern operating systems, both reference monitor and base and limit registers are used to provide process isolation. The reference monitor provides a high-level security policy, while the base and limit registers provide a low-level mechanism for enforcing that policy.
Here are some of the advantages of using both reference monitor and base and limit registers to provide process isolation:
• Increased security: Process isolation is a critical security feature that can help to protect computer systems from malicious attacks. By using both reference monitor and base and limit registers, systems can achieve a high level of process isolation.
• Reduced complexity: Using both reference monitor and base and limit registers can help to reduce the complexity of security mechanisms. This is because the reference monitor can focus on enforcing the system's security policy, while the base and limit registers can focus on providing a low-level mechanism for enforcing that policy.
• Improved performance: Using both reference monitor and base and limit registers can help to improve the performance of security mechanisms. This is because the reference monitor can be implemented in software, while the base and limit registers can be implemented in hardware.
Here are some of the disadvantages of using both reference monitor and base and limit registers to provide process isolation:
• Increased cost: Using both reference monitor and base and limit registers can increase the cost of computer systems. This is because both mechanisms require additional hardware and software.
• Increased complexity: Using both reference monitor and base and limit registers can increase the complexity of computer systems. This is because both mechanisms add additional complexity to the system's architecture.
• Reduced flexibility: Using both reference monitor and base and limit registers can reduce the flexibility of computer systems. This is because both mechanisms can limit the types of applications that can be run on the system.
Overall, using both reference monitor and base and limit registers to provide process isolation can help to improve the security of computer systems. However, it is important to weigh the costs and benefits of using both mechanisms before making a decision.

@Wayne-Ho,

I could be wrong but I believe this is setup for those that would have to run bootcamp with a WindowsOS. I'm not sure if this is still true.

I believe you could disable SIP in recovery mode, then run sudo gpt --vv -r show /dev/disk0 to see it...but I've only got my laptop running Ventura and cannot tell you if things are different now.

Thanks @Myriam-Vézina

We will look into that.

@Daniel-Jones,

As of right now, we do are not planning for it this year. You though can make a course request via the chat bubble on our site. This will ensure that your request is logged officially and forwarded to our content development team for consideration. The more requests there are for this, the more likely it is to be considered for future development.

Thanks for being a member!

@Ronnie-Wong

Thank you for this.

I've been in IT since 2001, but no formal certifications, only an applied science degree (AAS). In January of 2020 I get help in overcoming the performance anxiety of test taking and go after these formal certifications. With IT Pro TV's help I earned ITF+, A+, Network+ Server+, Project+ and most recently Security+. Feel free to use this as a testimonial.

I'm still hungry for more but I need to balance that hunger against return on investment and am always looking for guidance on what to learn and what certifications to work towards to make me a competitive candidate.

@Jeff-Gortney,

Sounds like a great idea. You have to make decisions for dividing up your LUN across your SAN. Do you need larger and fewer LUNs or smaller and more LUNs.

Take a look at VMWare's documentation on this decision and some good considersations: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.storage.doc/GUID-2C8FAE1F-98F7-4E0B-AEA0-83A4FF16A252.html

I've been a long time ESXi user, which is fine but with a SAN, to fully take advantage of the SAN you may also want to consider vSphere to manage ESXi to the fullest capabilities.

When I navigate to /usr/local/bin...
Screenshot 2023-05-11 at 07.02.07.png

@Carol-Williams

For some reason the pdf files from PMI have been changed and the ECO is also referenced as the CAPM Exam Reference Guide. I'll dig back through my older files. Just understand that the reference guide will be slightly off as it refers to the Pilot exam and not the final. The overall content will be still be accurate, just understand it might have some extra references that are unnecessary.

Thanks!