聽勸,2024年還是建議你學網路安全

原创 heyong BurpSuite实战教程
大家也都看到了,今年IT業的求職難度與之前比是大不一樣。網路上,滿屏都是勸退的聲音,似乎轉行做IT就是自取滅亡。的確,難度前所未有,競爭也前所未有。但身為一名普通打工人,我還是認為學習網路安全是個明智之選。以下是我的幾點心得,僅供參考。
1️⃣安全人才始終是社會剛需雖然市場不景氣,安全公司擴張放緩,甚至虧損一片,但這並非網路安全一個產業,基本上所有的都是。事實上,網路安全產業、科技業、人工智慧等受到的衝擊相對較小,相較於其他產業的求職難度和競爭壓力,好很多,別聽網路上嚷嚷,好的聲音都是沉默的,你聽不到。你所聽到的負面聲音,很大程度上與你所處的資訊環境有關,而非安全產業本身的問題。安全人才始終是社會發展所需,掌握了網路安全熱門技能,你將被市場所需要。注意,我這裡用是安全熱門技能。
2️⃣薪資待遇優厚不管環境如何變化,不管別人都是hu扯。實際上是,很少有哪個行業,相同收入下對學歷的要求這麼低。網路安全專家的薪資始終保持在高水平,遠超普通的行業平均水平。不信你可以打聽打聽,很多行業,特別的二線城市,上了很多年班,工資依然是5000~8000.這個薪資,安全行業水平好的專科生,一畢業是就能拿到的。

3️⃣適合內向性格的人現在都是獨生子女,i人比比皆是。相較於其他工作,網路安全領域的工作更為純粹。很多情況下,都是跟機器(電腦)打交道。如果你不喜歡與人打交道,不擅長社交,做滲透測試就更適合你。天天埋頭對著電腦,吭哧吭哧搬好組長給的的磚就是,沒有那麼多貓三狗四的事。只要你不參與,事不會主動找你。
4️⃣零基礎轉行的絕佳選擇相比其他行業,網路安全算是容易的。比如說程式猿。你至少得學會寫一種程式碼,完成幾個基本的demo開發。基礎要好,手速要快。網路安全就不一樣,學歷和過往工作經驗就不那麼重要。辛苦搞兩個月,熟悉web滲透,成功轉型求職槓槓滴。混口飯吃,還是很容易的。當然,你一定要說進阿里、百度、騰訊、美團這樣的大廠,那都是不容易的。

5️⃣多元、包容的工作環境相較於其他的工作,網路安全崗位還是很多元、包容的。只要你技術好,偽娘、拖鞋、禿頭….都沒人管你。圈子裡,你身邊,都是搞技術的,大家看重的是實力。
誰TM沒事,一天到晚嘀咕別人了。如果你有意向,就勇敢地踏出這一步,這個行業目前還是值得你的投入去幹的。別被網路上那些焦慮的聲音所影響,決定權在你自己手中。

微軟認證考試 SC-100: Microsoft 資訊保護管理員真題每日一練

SC-100:Microsoft Cybersecurity Architect真题练习
1.Your company has a Microsoft 365 ES subscription.The Chief Compliance Ocer plans to enhance privacy management in the working environment.
You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements:
✑ Identify unused personal data and empower users to make smart data handling decisions.
✑ Provide users with notications and guidance when a user sends personal data in Microsoft Teams.
✑ Provide users with recommendations to mitigate privacy risks.What should you include in the recommendation?
A. communication compliance in insider risk management 
B. Microsoft Viva Insights
C. Privacy Risk Management in Microsoft Priva
D. Advanced eDiscovery
答案:C

2.You have an Azure subscription that has Microsoft Defender for Cloud enabled.Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.
You need to recommend a solution to evaluate and remediate the alerts by using workow automation. The solution must minimize development effort.What should you include in the recommendation?
A. Azure Monitor webhooks 
B. Azure Event Hubs
C. Azure Functions apps
D. Azure Logics Apps
答案:D

3.Your company is moving a big data solution to Azure.The company plans to use the following storage workloads: 
✑ Azure Storage blob containers
✑ Azure Data Lake Storage Gen2Azure Storage le shares –
✑ Azure Disk StorageWhich two storage workloads support authentication by using Azure Active Directory (Azure AD)?
Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
A. Azure Storage le shares 
B. Azure Disk Storage
C. Azure Storage blob containers
D. Azure Data Lake Storage Gen2
答案:CD

4.You have a Microsoft 365 E5 subscription and an Azure subscription.You are designing a Microsoft deployment.You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events.What should you recommend using in Microsoft Sentinel?
A. notebooks 
B. playbooks
C. workbooks
D. threat intelligence
答案:C

5.Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity.You are informed about incidents that relate to compromised identities.
You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered.Which Defender for Identity feature should you include in the recommendation?
A. sensitivity labels
B. custom user tags 
C. standalone sensors
D. honeytoken entity tags
答案:D

6.You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases.All resources are backed up multiple times a day by using Azure Backup.You are developing a strategy to protect against ransomware attacks.
You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack.
Which two controls should you include in the recommendation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Enable soft delete for backups. Most Voted
B. Require PINs for critical operations.
C. Encrypt backups by using customer-managed keys (CMKs). 
D. Perform oine backups to Azure Data Box.
E. Use Azure Monitor notications when backup congurations change.
答案:BE

7.Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel.
You plan to integrate Microsoft Sentinel with Splunk.
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk.What should you include in the recommendation? 
A. a Microsoft Sentinel data connector
B. Azure Event Hubs Most Voted
C. a Microsoft Sentinel workbook 
D. Azure Data Factory
答案:A

8.A customer follows the Zero Trust model and explicitly veries each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware.The customer suspends access attempts from the infected endpoints.
The malware is removed from the endpoints.Which two conditions must be met before endpoint users can access the corporate applications again?
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. The client access tokens are refreshed
B. Microsoft Intune reports the endpoints as compliant. Most Voted
C. A new Azure Active Directory (Azure AD) Conditional Access policy is enforced
D.Microsoft Defender for Endpoint reports the endpoints as compliant.
答案:AC

9.You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD).
The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer’s security environment.What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?
A. Azure AD Privileged Identity Management (PIM) Most Voted 
B. role-based authorization
C. resource-based authorization
D. Azure AD Multi-Factor Authentication
答案:D

10.You are designing the security standards for a new Azure environment.You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?
A. Microsoft Security Development Lifecycle (SDL) 
B. Enhanced Security Admin Environment (ESAE)
C. Rapid Modernization Plan (RaMP)
D. Microsoft Operational Security Assurance (OSA)
答案:C

11.A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.
All on-premises servers in the perimeter network are prevented from connecting directly to the internet.
The customer recently recovered from a ransomware attack.
The customer plans to deploy Microsoft Sentinel.You need to recommend solutions to meet the following requirements:
✑ Ensure that the security operations team can access the security logs and the operation logs.
✑ Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.
Which two solutions should you include in the recommendation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. a custom collector that uses the Log Analytics agent
B. the Azure Monitor agent
C. resource-based role-based access control (RBAC)
D. Azure Active Directory (Azure AD) Conditional Access policies
答案:BC

網路工程師指南:交換器如何實現廣播和多播的轉發

原创 晚云浅 晴间多云
本文详细介绍了交换机在广播和多播转发中的角色与实现。首先,阐述了广播和多播的基本概念及其在网络通信中的重要性。接着,解析了交换机处理广播帧和多播流量的工作原理,包括MAC地址表和IGMP协议的应用。

1. 广播和多播的基本概念与重要性
1.1 广播和多播的定义及其在网络通信中的作用广播(Broadcast):广播是一种数据包传输方式,目标地址是网络中的所有设备。广播帧会被发送到网络中的每一个端口,确保所有设备都能接收到。多播(Multicast):多播是一种数据包传输方式,目标地址是一组特定的设备。多播帧只会被发送到那些加入了特定多播组的设备,从而减少不必要的流量。
1.2 广播和多播在资源利用和网络性能优化中的重要性资源利用:广播和多播可以有效减少网络中的重复流量,特别是在大规模网络中,广播和多播可以显著减少带宽消耗。网络性能优化:通过合理使用广播和多播,可以避免网络拥塞,提高网络的整体性能和响应速度。
2. 交换机实现广播转发的工作原理
2.1交换机如何处理广播帧,包括MAC地址表的作用MAC地址表:交换机通过学习每个端口连接设备的MAC地址,构建一个MAC地址表。当交换机接收到一个广播帧时,它会根据MAC地址表将广播帧转发到所有端口,除了接收该帧的端口。广播帧处理:交换机会将广播帧复制并转发到所有端口,确保网络中的每个设备都能接收到该广播帧。
2.2 广播风暴的概念及其对网络的影响广播风暴:当网络中存在大量广播帧时,交换机会不断转发这些广播帧,导致网络带宽被大量占用,最终可能导致网络瘫痪。影响:广播风暴会严重影响网络性能,导致设备响应缓慢,甚至网络中断。3. 交换机实现多播转发的工作原理
3.1 多播地址的定义及其与单播、广播的区别多播地址:多播地址是一种特殊的IP地址,用于标识一组设备。多播地址的范围是224.0.0.0到239.255.255.255。与单播、广播的区别:单播:目标地址是单个设备。广播:目标地址是网络中的所有设备。多播:目标地址是一组特定的设备。
3.2 交换机如何通过IGMP(互联网组管理协议)管理多播流量IGMP:IGMP是一种用于管理多播组成员的协议。设备通过IGMP向交换机报告它们希望加入或离开某个多播组。多播流量管理:交换机会根据IGMP报告,动态调整多播流量的转发路径,确保只有加入了多播组的设备才能接收到多播流量。
4. 如何配置交换机的广播和多播功能步骤详细描述如何在交换机上配置广播和多播相关的设置
1. 配置广播抑制:使用命令行界面(CLI)进入交换机配置模式。配置广播抑制参数,限制广播流量的转发速率。
2. 配置多播路由:启用IGMP Snooping功能,使交换机能够管理多播流量。配置多播路由协议(如PIM),确保多播流量能够正确转发到目标设备。
3. 配置VLAN和组播:创建VLAN,并将设备分配到相应的VLAN中。配置VLAN内的多播组,确保多播流量只在特定VLAN内转发。说明如何使用VLAN和组播配置来优化网络性能VLAN隔离:通过将不同类型的流量划分到不同的VLAN中,可以减少广播域的大小,从而减少广播流量对网络的影响。多播优化:通过合理配置多播组和VLAN,可以确保多播流量只在需要的地方转发,避免不必要的带宽消耗。
5. 广播和多播转发的实战案例案例背景:某公司内部网络中,视频会议系统频繁使用多播功能,导致网络带宽占用过高,影响了其他业务的正常运行。
配置步骤:
1. 分析网络流量:使用网络分析工具(如Wireshark)分析多播流量,确定多播组的成员和流量分布。
2. 配置IGMP Snooping:在核心交换机上启用IGMP Snooping,确保多播流量只转发到加入多播组的设备。
3. 创建专用VLAN:为视频会议系统创建一个专用VLAN,并将相关设备分配到该VLAN中。
4. 配置多播路由:在核心交换机上配置PIM协议,确保多播流量能够正确转发到目标设备。
问题:多播流量仍然占用大量带宽,导致网络拥塞。解决方案:通过进一步分析发现,某些设备未正确配置IGMP,导致多播流量被错误转发。重新配置相关设备的IGMP设置后,网络带宽占用显著降低,网络性能得到恢复。通过以上步骤和案例分析,网络工程师可以更好地理解和配置交换机的广播和多播功能,从而优化网络性能,确保网络的稳定运行。