Competence: IT Network and system administration. Training program for a participant in the championship "young professionals" in the competency "network and system administration" material on the topic Presentation of the competency to visitors and journalists

The first all-Russian competition of professional skills

"National Championship WorldSkills Russia 2013"

Competence: IT Network and system administration

Test task

Practical part

Section 1.

1 Dear participant, congratulations on your appointment to the position of chief IT infrastructure specialist at WSR-Russia. We hope that our cooperation will be productive and mutually beneficial. First of all, we would like you to complete one important task for us. The fact is that we recently opened a new branch in Tolyatti, and we would like to send you there to create the necessary IT infrastructure in the company’s new office. In Tolyatti, the company's offices are located in two buildings. You will be provided with all the necessary equipment and materials to complete this difficult mission. First of all, it is necessary to build a SCS in the office and install the equipment in the wiring closet.

a Install the equipment into the wiring closet in the following order:

■ WSR_R1;

■ WSR_R2;

■ Patch panel;

■ Cable organizer;

■ WSR_SW1;

c Extend the cable (twisted pair) into RJ-45 data sockets and the patch panel, into ports 1, 2, and 3, respectively. The wires must be laid in a corrugated pipe. Use to connect to the console port of the equipment.

d To connect workstations, lay the required number of cables in a separate corrugated pipe.

e Secure the corrugated pipe to the plasterboard block with clips.

f Terminate the wires with RJ-45 connectors for connecting equipment in accordance with TIA/EIA 568 standard. The correct cable types must be used for the connection (straight-through or crossover).

g Switch network equipment and workstations in accordance with the specified topology.

2 Configure all network equipment.

a Set the cisco password to enter the privileged mode of all network equipment.

b Set the name of the network equipment according to the topology.

c To make it easier to manage network equipment, configure the ability to connect remotely:

■ Create a WSR user with a password of 2013 and the highest level of privileges;

■ Set local authentication as default;

■ The WSR user should be automatically placed in privileged mode.

d On the switch:

■ Disable dynamic trunk negotiation on all switch ports;

■ Configure the WSR VTP domain in a mode that does not distribute information from the VLAN database, with the password wsr_2013;

■ Create virtual local networks (VLANs) in accordance with Appendix 1.2;

■ Configure a Layer 3 virtual interface for remote management of the switch on the management subnet.

■ Configure trunk (trunk) ports according to the topology; On trunk ports, allow only VLANs necessary for this topology.

■ Sometimes, when connected to a network, computers cannot obtain an IP address using the DHCP protocol for a long time (according to users’ statements). Please provide a solution to this problem on ports f0/1 and f0/2.

e Routers:

■ Set the domain name of the device *****;

■ Configure the FastEthernet0/0 interface of each router using subinterfaces for each VLAN. Configure IPv4 addresses on the router interfaces according to the topology diagram;

■ Configure logical interfaces;

■ Setting up virtual terminal lines:

● Set up synchronous output of events to the terminal;

● Set exec process timeout to 3 minutes.*

■ Configure the SSH protocol:

● Protocol version - 2;

● Number of authentication attempts - 5;

● Specify the minimum key length required for the SSHv2 protocol to work.

■ Set the login block for 2 minutes in case of 3 unsuccessful attempts within 20 seconds. The exception to blocking should be Management VLAN addresses.

■ Set the entry delay to 5 seconds.

■ Create a root user with the password toor. This account should be automatically deleted after the first successful login.

3 As you know, our security policy requires the creation of a dedicated management network for all network equipment. You need to create and secure a control network. All user traffic is prohibited on the control network. On router interfaces connected to the management network:

a Outgoing traffic is allowed only to addresses from the management network, to ports five

b Incoming traffic is allowed only from addresses from the management network to the router address from the same network, to ports five basic protocols for remote management of network equipment.

4 To ensure communication between the two offices, we purchased two dedicated communication lines and tried to secure them as much as possible from unauthorized access. To ensure security, we asked providers to limit the possible IP addresses of senders only to the IP addresses of the corresponding router interfaces (see diagram) You need to configure the dynamic routing protocol RIPv2 between two routers. To exchange routing information, you must use only segments 172.16.1.0 and 172.16.2.0. RIP packets should not be propagated through interfaces connected to other networks.

a To check the functionality of a leased line, it is planned to use IP SLA technology in the future. For IP SLA to work, you need to ensure the ability to successfully send ICMP requests and receive ICMP responses between each pair of router interfaces connected to the same segment (without taking into account the management VLAN).

5 Each office has its own IPv6 subnet, but the provider does not support IPv6. The router interfaces connected to segments 172.16.1.0 and 172.16.2.0 should not have IPv6 addresses.

6 To exchange routing information about IPv6 networks, you need to configure the OSPFv3 dynamic routing protocol. Correct execution of the task will allow workstations to exchange IPv6 traffic. You need to provide fault tolerance for IPv6 connections between two offices using the IPv4 routing protocol.

a Router interface WSR_R1 connected to WSR_HOST1 should be placed in OSPFv3 zone 1.

b Place the WSR_R2 router interface connected to WSR_HOST2 in OSPFv3 zone 2.

c Place the virtual interface between routers WSR_R1 and WSR_R2 in the OSPFv3 backbone.

7 Office No. 1 will house the workstation of our only employee. As an OS, he prefers Windows 7.

■ During installation, you need to create two partitions on your hard drive

● Partition for the operating system (30% of disk space);

● Partition for user data (70% of disk space).

■ Create a wsr_user account and add it to the local administrators group*;

■ Install additional operating system components: Telnet service client;

■ Configure the IPv6 address on the PC network interface according to the addressing scheme.

8 Our FreeBSD server will be located in the second office. When installing FreeBSD:

a Partition the hard drive as follows:

■ / - 10GB;

■ /var - 10GB;

■ /usr - 20GB;

■ swap - 4GB.

b Configure the IPv6 address on the network interface according to the developed addressing scheme.

c To comply with corporate security policy, disable Telnet access and configure SSH access only through port 65022;

d Also, you need to configure a password policy:

■ The password must consist of characters belonging to at least 3 classes (for example, upper and lower case, numbers);

■ The password length should not be less than 8 characters and exceed 15 characters;

■ An ordinary user cannot create a password that contradicts the specified rules; the administrator can, but must receive a warning;

■ Users should not log into the system console as administrators, but should be able to switch to root using su;

■ When creating a user, the default settings should generate a random password that meets the criteria of this policy;

■ After creating a user, the first time the user logs in (either locally or via SSH), the system should prompt you to change the password. The new password must also meet the criteria of this policy.

e Configure an IPv6 DNS server (using BIND) for the wsr zone. local:

■ Create two zones: forward and reverse, where to register all devices (including network ones);

■ Using the ping and nslookup utilities, check the operability and availability of the server.

f IPF setting:

■ Allow access for DNS queries;

■ Allow access via SSH via port 65022;

■ Allow ICMP ECHO;

■ Deny all other requests;

■ IPF should start automatically when the system starts.

9 Checking the functionality of the network infrastructure:

a The router table should contain only directly connected networks and information from dynamic routing protocols;

b All devices can send ICMP ECHO requests to each other by name and receive ICMP ECHO replies.

10 Update the operating system of the WSR_R1 router by downloading it from the TFTP server.

Appendixes to section 1.

Appendix 1.1 IPv6 addressing scheme

Segment	Net	Knot	Address
WSR_R1<->WSR_HOST_1	FEC0:1:C1C0::0/124		FEC0:1:C1C0::1/124
WSR_R1<->WSR_HOST_1	FEC0:1:C1C0::0/124		FEC0:1:C1C0::C/124
WSR_R2<->WSR_HOST_2	FEC0:2:C1C0::0/124		FEC0:2:C1C0::1/124
WSR_R2<->WSR_HOST_2	FEC0:2:C1C0::0/124		FEC0:2:C1C0::C/124
WSR_R1<->WSR_R2	FEC0:12:C1C0::0/124		FEC0:12:C1C0::A/124
WSR_R1<->WSR_R2	FEC0:12:C1C0::0/124		FEC0:12:C1C0::B/124

Appendix 1.2 Creating a VLAN on a layer 3 switch

Appendix 1.3 Addressing the control subnet

Device	Address
	172.16.252.1 /24
	172.16.252.2 /24
	172.16.252.3 /24

Section 2

LETTER

To the Chief Administrator

LLC “Best Technologies”

from the General Director

Dear friend, you are faced with the important task of creating an information infrastructure in the new central office of our company. You will have access to the best equipment and software from the world's leading manufacturers. I hope you will justify my trust and rationally manage the resources available to you. Please pay attention to the need to ensure a high level of information security in the information infrastructure you create. In order for you to begin fulfilling your duties as soon as possible, I have compiled a small action plan for you:

1 Since the network infrastructure is the foundation of the entire information infrastructure, it is important to lay this foundation correctly. In order to ensure the proper level of information security on the network, on all network equipment:

a Configure remote syslogging on the Fedora Linux server:

■ Configure logging of successful and unsuccessful login attempts;

■ Log all error messages.

b Provide protection against failure of network equipment by deleting the Cisco IOS operating system file and then rebooting.

2 Create a VLAN on all switches in accordance with Appendix 2.1.2;

3 On all workgroup switch ports, with the exception of Switch-to-Switch and Switch-to-Router ports

a Configure Port security:

■ Frames that cause a security violation should be discarded, a violation notification should not be generated, and the port should remain active;

■ Use automatic addition of secure MAC addresses to the configuration file.

4 VLAN 300 will be used to transmit data critical to our business. It is very important to configure the switches correctly to minimize latency when changing the L2 topology:

■ Use the STP protocol on switches, which, on the one hand, provides calculation of the spanning tree for each VLAN separately, and on the other hand, allows switches to directly exchange BPDUs with each other;

■ Switch WSR_SW3 must be the root of the spanning tree in VLAN 300;

■ If switch WSR_SW3 fails, switch WSR_SW2 should become the new spanning tree root in VLAN 300;

■ If switch WSR_SW2 fails, switch WSR_SW1 should become the new spanning tree root in VLAN 300;

■ From a fault tolerance point of view, all switches are connected in a double ring. Please use the inner ring for data transmission in VLAN 300 (i.e. for WSR_SW1 and WSR_SW3 switches, port 0/11 should be blocked, and port 0/12 should transmit data, etc.). It is prohibited to change the spanning tree protocol path cost parameter while the job is running.

5 Unfortunately, layer 3 switches are still on the way, I hope that you can organize routing between VLANs using just one router interface. Use the last available IP address from the VLAN subnet as the IP address for the corresponding interfaces.

6 Our organization has only one physical server, and since to solve business problems we will need several servers with different operating systems, such as Windows Server and Fedora Linux, we will need some virtualization capabilities. Install the VMware ESXi 5.0 Update 2 hypervisor on our physical server:

a Assign a password for root – P@ssw0rd;

b Set a static IP address on the management interface;

c We want to be sure that our hypervisor will not let us down at the most crucial moment, so set the resource reservation parameters for the hypervisor service console:

■ Processor time: 600 Mhz;

■ RAM: 768 Mb.

d Create a Port Group on the virtual switch according to Appendix 2.2;

e Our main administrator prefers to manage the hypervisor from the command line using the putty client, so configure ssh access;

f Safety must be safe! Configure the hypervisor firewall according to Appendix 2.3;

g For our organization, time is very valuable and we cannot afford to waste a single minute. Configure the NTP client of the service console.

7 Create a virtual machine and install Fedora Linux OS

8 Create a virtual machine (VM) DC 01. Install Windows Server 2008 R2 on the VM in accordance with Appendix 2.6.

a Perform network configuration, set the server name to DC01;

b Since our company is developing dynamically, it is expected that a large number of users and a fleet of machines will soon appear, and therefore centralized management and control over them will be required, so it was decided to use the capabilities of the MS AD Active Directory. Deploy the Active Directory domain (*****) on the dc01 server, install and configure the DNS server role in the process;

c You have been entrusted with taking care of two of our new departments - the IT Department and the Sales Department. Create OU “IT Department” and “Sales Department”;

d Create security groups “IT” and “Sales” respectively;

e Create an account. user records in the domain ***** acc. with application 2.7.

9 Install and configure the DHCP server; Issue IP addresses to employee workstations from VLAN 300 and from network 10.10.0.0/18.

10 Configure laptop 1, name the machine WS-IT01, network parameters - automatically. Enter the computer into the ***** domain.

11 Configure laptop 2, name the machine WS-Sales01, network parameters - automatically. Enter the computer into the ***** domain.

12 For reliable and convenient storage of all user data in the organization, we decided to entrust you with the deployment of a file server.

a Create a virtual disk in accordance with Appendix 2.6 and connect it to VM DC 01;

b Format the new disk as an NTFS volume and assign the logical drive letter to E:

c Install the file server role, create network folders in accordance with Appendix 2.8;

d Because our organization's computing resources are limited, you have been tasked with taking control of the file server's disk space usage. Set up quotas and filtering for network folders in accordance with Appendix 2.9.

13 To work with heavy applications, our company will use terminal access mode. To do this, create a VM - T erm01 in accordance with Appendix 2.6.

a Configure the OS network settings;

b Add the server to the ***** domain.

14 On the server ***** Install and configure the Terminal Server role

■ Deploy a terminal server with per-computer licensing (use a temporary license);

■ Configure RemoteApp web access to the server's Terminal Services;

■ Publish the “Wordpad” program on the RemoteApp web portal for all IT department employees;

■ Publish the “Calc” program on the RemoteApp web portal for User1;

■ Create MSI RemoteApp packages for W ordpad and Notepad applications, you will need them later.

15 Having such a powerful tool as AD at our disposal, we simply must use it to increase the level of automation and control over our organization’s IP. Configure and apply group policies to domain users and client workstations:

■ In order to instill in all users in our organization a desire to protect corporate data, we will tighten some security policies. Create an account policy for all domain users according to Appendix 2.10 (WSR_Policy);

■ Our organization is constantly thinking about how to improve the usability of internal services for company employees, as well as how to increase efficiency and the level of security, so it would be nice to provide the ability for each user, depending on his tasks, to run only the set of software he needs on the terminal server, right from his computer's Start menu. Deploy, using domain Group Policy, MSI packages of remote RemoteApp applications on user computers (wordpad for users of the IT Department (Deploy_RA_IT) and notepad for users of the Sales Department (Deploy_RA_Sales));

■ System administrators of our organization are directly interested in being able to fully manage all user computers in the domain. Using domain group policies, add IT department users to the local administrators group for all computers (laptops) in the domain (IT_Rest_Group);

■ In order for our employees to finally start using our file server, it is necessary to connect network drives for them. Using domain group policies, connect network folders from the file server as disks (Net_Share_Sales, Net_Share_IT);

■ To increase the stability and security of the IS on the terminal server *****, prohibit the use of any user policies (Term_Loopback);

■ We have a very friendly and close-knit team, so all employees should be aware of the latest news from our company. Using domain group policies, configure the start page in the IE browser for all employees on the company website wsr.ru (IE_StartPage);

■ Our support team does not like to move around the building much, and increasingly solves user problems over the phone. Using domain group policies, enable remote desktop on all computers of domain users (RDP_ON);

■ The mobility of users and the safety of their data is one of the priorities of our organization, therefore, using domain group policies, enable folder redirection for users user1 and user2 to the file server (Desktop, My Documents) (Folder_Redirect);

■ The corporate style in our company must be preserved in everything. Using domain group policies, prohibit the “Recycle Bin” on the desktop, prohibit changing the desktop theme and picture, and disable the screen saver for all domain users except Sales_Desk_Theme.

16 Unfortunately, our organization has not yet allocated funds for a reliable uninterruptible power supply system, and at night there are often power outages; we should make sure that all our services, including virtual machines, are working in the morning. On the hypervisor, configure VM autostart in the desired order;

17 The safety of information services and user data is very critical for our business, so we simply have to be on the safe side and have a backup system. On server *****, set up a backup schedule to the Fedora Linux server via SMB and configure the backup schedule:

■ The backup must include the file server's directory files, as well as the system state including directory services. The backup period is once an hour*;

■ check the operation of client-side backup*;

■ check that server-side backup is working and that backups are available in the Backup* directory.

Appendixes to section 2.

Appendix 2.1.1 Addressing the control subnet

Device	Address

Appendix 2.1.2 Table of VLAN switches

No. VLAN		Net
		192.168.100.0/24
		192.168.101.0/24
		192.168.102.0/24
		192.168.103.0/24
		192.168.252.0/24
		192.168.255.0/24

Appendix 2.2

Virt. Switch	Port group, Vlan.	Purpose/Type		NicTeam Policy
		Console Management		Active adapters: vmnic0; In standby Switch notification – enabled; Shaper is disabled.
				Active adapters: vmnic1; In standby Balancing based on vPortID. Switch notification – enabled; Break detection based on Link state. Shaper is disabled.
		Group of ports for VMs consisting of 101 Vlans Type: Virtual Machine		Balancing based on vPortID. Switch notification – enabled; Break detection based on Link state. Shaper disabled
		Group of ports for VMs of 102 Vlan Type: Virtual Machine		Active adapters: vmnic0, vmnic1; Balancing based on vPortID. Switch notification – enabled; Break detection based on Link state. Shaper disabled

Appendix 2.3

Rule name	Port (protocol)
Incoming connections
CIM Secure Server
vSphere Web Access	80, 443 (UDP, TCP)
Outgoing connections
VMware vCenter Agent

Appendix 2.5

Name for Datastore	Size	Block size	File system	Purpose
				ISO images

Appendix 2.6

VM	VM parameters	OS	Network configuration
fedora01	1 vCPU 1 GB RAM 60GB HDD 1 vNIC PortGroup - 101	Fedora Linux	192.168.101.1 255.255.255.0 192.168.101.254 192.168.102.1
dc01	2 vCPU 2 GB RAM 100 GB HDD 500 GB HDD 1 vNIC PortGroup - 102	Windows Server 2008 R2 64 bit RU	192.168.102.1 255.255.255.0 192.168.102.254 192.168.102.1
term01	4 vCPU 3 GB RAM 100 GB HDD 1 vNIC PortGroup - 102	Windows Server 2008 R2 64bit RU	192.168.102.2 255.255.255.0 192.168.102.254 192.168.102.1

Appendix 2.7

Uch. record	Limited units	Full name	Tel.	Member of groups
User1	Sales department	Irina Petrova		Domain Users Sales
User2	IT department	Ilya Lapshin		Domain Users

Appendix 2.8

The path to the folder	Network path
E:\Folders\Desktops	\\dc01\Desktops$
E:\Folders\Documents	\\dc01\Documents$
E:\Folders\Sales	\\dc01\Sales
E:\Folders\IT	\\dc01\IT

Appendix 2.9

Folder	Groups of files to block	Quotas
E:\Folders\Sales	Executable files; System files; Audio and video files;	Hard quota Threshold: 150MB with 50MB extension
E:\Folders\IT	No	No

Appendix 2.10

Attribute	Meaning
Keep a password log
Maximum password validity
The password must meet the complexity requirements	included
Minimum password length lock counter

Section 3

1 Dear participant, congratulations on your appointment to the position of chief IT infrastructure specialist at WSR-Russia. We hope that our cooperation will be productive and mutually beneficial. First of all, we would like you to complete one important task for us. The fact is that we recently opened an additional branch in Tolyatti, and we would like to direct you there to create a secure wireless WiFi network, as well as to simplify the printing process in our branch. First of all, you need to deploy a domain controller in the CO. Add a workstation to the domain. Domain name *****

2 You are given a network 10.0.0.0 /24, you need to develop an addressing scheme in accordance with the given topology. The router address is the last available address in the subnet, the laptop and phone addresses must be obtained via DHCP, the server address is the first available address in the subnet, the access point address is the penultimate available address in the subnet. For addressing between routers, use odd addresses on WSR_R1 and even addresses on WSR_R2.

3 Configure on network equipment:

a Device names (according to topology);

b Encrypted password cisco to enter privileged mode;

c Create a WSR user with password 2013 and highest privilege level;

d The WSR user should be automatically put into privileged mode.

4 To ensure the connection between the central office and the branch, configure the IPsec VPN tunnel in such a way as to ensure the ability to operate any dynamic routing protocols (RIPv2, OSPF, EIGRP):

a Use a shared key authorization scheme (wsr_key);

b Use 3DES and SHA-1 to encrypt traffic and exchange key information;

c Diffie-Hellman group 16.

5 Ensure dynamic exchange of routing information between the central center and the branch using the EIGRP routing protocol with autonomous system number 1.

a At any branch, the network of another branch must be available;

b EIGRP should detect the failure of a neighboring router 2 times faster when operating through an IPsec VPN tunnel, compared to standard parameters;

c When calculating the metric, the EIGRP protocol must take into account the load and reliability of the interfaces;

d By default, the router should not send updates to interfaces other than the tunnel one;

e When configuring EIGRP, specify exact network addresses using a reverse mask.

6 To authenticate mobile users, configure the RADIUS server role on the DC domain controller.

7 On the branch LAN, configure the wireless router in bridge mode with WPA2 PSK authentication, AES CCMP encryption. The DHCP server for the wireless network must be a domain controller. According to corporate security policy, wireless clients must have access to the corporate network and the Internet. However, access to corporate resources is possible only after installing a PPTP tunnel with authentication through a RADIUS server. If the RADIUS server is unavailable, you must use local authentication of mobile users.

a On the WSR_R1 router, configure the PPTP server;

b Client machines must receive an IP address from the range 10.0.0.X /25;

c Set MPPE as the encryption protocol, the key length should be selected automatically;

d Set the sequence of authorization protocols CHAP, MS-CHAP, MS-CHAPv2;

e For communication between mobile users and the central office, add the redistribute connected command to the EIGRP routing protocol.

8 Provide telephone communication between offices using Cisco Call Manager Express:

a On router WSR_R1:

■ Provide the ability to connect a Cisco IP Communicator softphone with number 202 from a laptop via PPTP VPN;

■ Configure a call route for 2xx numbers to the WSR_R2 router.

b On router WSR_R2:

■ Provide the ability to connect a Cisco hardware phone with number 101;

■ Create an appropriate DHCP pool on the router;

■ Configure a call route for 1xx numbers to the WSR_R1 router.

9 Install Cisco IP Comminicator software:

a To install on a laptop, use the installation from an executable “exe” file.

10 Branch employees have the opportunity to call the central office from number 202 to 101 and vice versa.

Regional state budget

Professional educational institution

"Smolensk Academy of Vocational Education"

I APPROVED

Director of OGBPOU SmolAPO

I.P. Tatarinova

" " 2016

PROGRAM

preparing young workers and regional teams for participation in championships

WorldSkillsRussia

according to competence

"Network and system administration"

Smolensk2016

The training program was developed on the basis of the WorldSkillsRussia Project Charter, the WorldSkillsRussia Championship Regulations and the Technical Documentation for Competencies.

Organization-developer: OGBPOU SmolAPO

Developers (compilers):

Kudryavtseva T.V. - expert in the “Network and system administration” competency, teacher.

Explanatory note

The purpose of the WSR championships is the professional guidance of Russian citizens aged 12 to 22 years, as well as the introduction into the system of domestic professional education of the best international developments in the following areas:

• professional standards;
• training of experts;
• updating of production equipment;
• education quality assessment system;
• WSI qualification characteristics;
• adjustment of educational programs;
• identifying the best representatives of professions (competencies) aged 18 to 22 years to form a regional WSR team to participate in interregional and national championships of Russia.

With the help of WSR championships, the task of popularizing working professions is being solved, attracting young enterprising people into working professions and specialties, increasing their prestige in society, and attracting the target audience (schoolchildren, parents, representatives of the business community, representatives of regional education authorities) as spectators.

The key values ​​of Worldskills International are integrity, that is, the competitive part for all competencies is held at the same time and geographically in one place, information openness, fairness, partnership and innovation.

Preparation of young workers and regional teams for participation in the WorldSkillsRussia championships is carried out in professional educational organizations, specialized qualification centers, and in educational organizations of the Smolensk region. The organization of practical classes at an advanced (Olympiad) level is carried out on the basis of OGBPOU SmolAPO under the guidance of teachers of the educational organization, as well as trainers-teachers with sufficient professional competence (knowledge and experience in the “Network and System Administration” competency) for the professional training of participants.

In preparation for the championship, the terms and definitions of the WorldSkillsRussia championship, the regulations of the WSR championship, competition tasks and evaluation criteria are studied.

The aspects of organizing the preparatory stage of the participants’ work, the requirements for organizing the workplace, and preparing the workplace are considered. Equipment, rules and safety standards are studied.

During the preparation process, practical training is organized at workplaces in accordance with the competence Network and system administration:

PC hardware;

Windows operating systems

Cisco Network Devices;

Server OS Windows;

Network protection;

Linux operating systems.

Expected results:

1. Carrying out the preparatory stage of the work of the team members.
2. Compliance with the Championship Rules and Code of Ethics.
3. Compliance with the Rules and Standards of Occupational Health and Safety (OHS) adopted in the Russian Federation.
4. Professional competencies that correspond to the characteristics of the “Network and System Administration” competency and technical descriptions.

Objective of the program:

• formation of new practical skills within the competence of Network and system administration.

Tasks:

• familiarization with the organization and production technologies of modern production within a certain competence;
• providing the opportunity to take practical part in production processes in modern enterprises.
• familiarization with the requirements, rules, conditions and basic concepts of WSR.

Place of classes:

• professional educational organizations,

• training base of the specialized qualification center “Network and system administration”.

Forms of organizing the educational process, group and individual:

• lectures;
• laboratory workshop – a practical lesson using technology, equipment, tools, etc.;
• group or individual consultations.

Category of listeners: students of secondary vocational educational organizations and young working professionals who have achieved high results in their work at the age of 16 to 22 years.

Training period : during school in the amount of 330 hours

Full-time form of education

Lesson mode : 6 academic hours per day.

SYLLABUS

preparing young workers and regional teams for participation in WorldSkillsRussia championships

No.	Name of educational modules	Total	lectures	practice	Job Simulation
	Workspace organization and workflow
	Module 1: PC Hardware				2 times
	Module 2: Windows Operating Systems				2 times
	Module 3: Cisco Networking Devices				5 times
	Module 4. Windows Server OS				2 times
	Module 5: Network Security				2 times
	Module 6: Linux Operating Systems				2 times
	Total:

No.			Type of activity		Number of hours
Workspace organization and work process -18 h
	Familiarity with the regulatory documents of the WSR movement. Study the requirements, rules, conditions and basic concepts of WSR		lecture
	Introduction to the assessment system for competition assignments: subjective and objective assessment.		lecture
	Features of working with Cisco equipment		lecture
	Learning software for working with Cisco equipment		practice
	Familiarization with the operating system interface of Cisco equipment		practice
	Preparing the workplace and completing each task within the given time. Existing safety rules and sanitary standards. Work in accordance with safety regulations. Possible risks associated with the use of various tools and electrical equipment. Compliance with legal, moral and ethical standards, requirements of professional ethics.		practice
	Total:		Lek/Prak		8/10
PC hardware
		Installation and configuration of operating systems according to the manufacturer’s instructions and user requirements	lecture
		Installing drivers, application software, updating software according to user needs	practice
		Partition and format hard drives	lecture practice
		Data backup	lecture practice
		Installing virtualization tools on servers	lecture practice
		Total for the PC Hardware section	Lek/Prak	10/14
Windows operating systems
		The simplest tasks using various operating systems, command line functions and utilities for operating the operating system, syntax and keys	lecture
		Boot process and boot methods, boot disk creation algorithm	lecture practice
		Procedures for adding/removing devices. Error codes and system messages issued during the boot process. Algorithm for fixing problems during the OS boot process	lecture practice
		Ways to optimize the functioning of the OS and its main subsystems Using basic diagnostic utilities	practice
		Setting IP Address, Subnet Mask and Default Gateway on PC	practice
		Total for the section Windows operating systems	Lek/Prak	8/16
Cisco Network Devices
		Access to the router via the console and via telnet Configuring usermode, privilegedmode, and telnet login passwords	lecture practice
		Setting the IP address, subnet mask and description of their purpose (interfacedescription) on the Ethernet and wide area network (WAN) interfaces. Checking that the router is configured correctly using the show and debug commands	lecture practice
		Setting up a network connection on network client devices Connecting client computers to the network using appropriate cables. Checking functionality using ping, traceroute and telnet commands	lecture practice
		Working with the Cisco IOS file system: specifying the IOS boot path, backing up and updating IOS, backing up the configuration file to a TFTP server	lecture practice
		Security of communication using access control lists (ACL, accesslist) on Cisco routers Standard ACLs for filtering data transmitted over IP	lecture practice
		Using extended ACLs to filter data transmitted over IP Monitoring ACL functionality on a router	lecture practice
		Check network functionality Configure variable subnet mask (VLSM) addressing	lecture practice
		Monitor data transmission on the network using sniffers (packet analysis utilities)	practice
		Monitor network devices using SNMP. Detecting network problems using ping, traceroute and telnet	lecture practice
		Specify the basic parameters required to set up a wireless network	lecture practice
		Configuring STP on Cisco Switches	lecture practice
		Configuring VTP on Cisco Switches	practice
		Ensuring high throughput when using Cisco switches in local networks Ensure maximum performance of Cisco switches	lecture practice
		Configuring and testing VLAN functionality on Cisco switches	lecture practice
		Configuring inter-VLAN routing on Cisco routers Configuring NAT and PAT on Cisco Routers	lecture practice
		Configuring PPP, HDLC and FrameRelay channel protocols on Cisco routers	lecture practice
		Configuring FrameRelay on various types of subinterfaces	practice
		Configuring routing of IPv4 and IPv6 protocols over various communication channels	lecture practice
		Configuring the VoIP subsystem with registration of SIP and SCCP phones on the router Setting up a dial plan and call routing system	lecture practice
		Configuring telephone user interface settings Configuring codec and transcoding parameters for voice streams	lecture practice
		Basic settings of CiscoASA firewalls. Configuring a firewall policy on CiscoASA. Configuring IPSecVPN tunnels on CiscoASA	lecture practice
		Configuring Basic Settings for Standalone Wireless Access Points Setting up communications in the 2.4 GHz and 5 GHz wireless bands using IEEE 802.11a/b/g/n technologies	lecture practice
		Configuring an access policy for a wireless environment with simultaneous operation of several SSIDs with different access policies	lecture practice
		Control of power parameters of transceiver devices and antennas	lecture practice
		Total for Cisco Network Devices section	Lek/Prak	44/100
Server Windows OS
		Setting up local, roaming and mandatory user profiles Creating user, computer, and group accounts in ActiveDirectory Setting up access to shared folders (sharedfolders) Setting file and folder attributes and access rights to them	lecture practice
		Install Terminal Services and configure it for remote administration. Installing Terminal Services and allowing thin clients to access applications through it	practice
		Create a policy to control user desktop settings and ensure security. Policy enforcement management. Deploying software using policies	practice
		Web server setup and support. Setting up website access authentication. Deployment and configuration of mail services	lecture practice
		Setting up backup. Server recovery after hardware failure. System Restore on the Server	lecture practice
		Setting up a DNS server. Setting up RAID. Remote management of network storage (networkattachedstorage)	lecture practice
		Deployment of virtualization software, recovery of a system running in a virtual environment	lecture practice
		Setting up auditing and working with logs (auditlog). Setting up a policy server	lecture practice
		DHCP setup. Checking the binding of IP addresses to MAC addresses when assigning an address via DHCP	lecture practice
		Installing operating system images	practice
		Total for the section	Lek/Prak	14/28
Network protection
		Configuring traffic encryption parameters in the IPSec and L2TP protocols	lecture practice
		Configuring VMWare virtual interface communication	practice
		Setting up Radius or TACACS+ servers	lecture practice
		Setting up AAA authentication. Setting up PEAP authentication	practice
		Setting up secure wireless networks. Configuring protection at the network data link level, incl. protection against unauthorized connections and attempts to change the STP topology	lecture practice
		Total for the Windows Server OS section	Lek/Prak	6/12
Linux operating systems
		Installation of common Linux distributions according to requirements. Installing and configuring Apache, MySQL services, etc.	practice
		Marking according to plan. Setting up file systems. Working with packages after system installation.	practice
		Mounting and unmounting various file systems	lecture practice
		Selecting suitable network protocols and setting up the connection	lecture
		Setting up peripheral devices. Organization of secure user access to storage media	lecture
		Creating and modifying files and directories. Search by directory and content (commands find, whereis). Creating links to files. Changing the attributes of files and directories and access rights to them, changing information about the owner of files and directories	practice
		Optimizing resource usage by Linux services and processes. Using system run-level modes, initialization process	lecture practice
		Working with the print queue	practice
		Control the system remotely. Work with simple command line scripts - create, edit and apply. Restoring packages and scripts	lecture practice
		Working with user and group accounts - creating, changing and deleting	practice
		Assigning scheduled execution of tasks using system daemons. Working with processes - define, start, terminate (kill).	lecture practice
		Configuring network and network services on client devices. Setting up elementary routing, subnetting.	lecture
		System setup, editing assembly instructions (makefile) of application software and drivers	practice
		Working with files that determine how disks and partitions are mounted	practice
		Deploying DNS. Setting up network adapters, printing using Linux, printer access	practice
		Setting up logging (logfile)	practice
		Setting up the X WindowSystem. Working with Environment Variables	lecture
		Ensuring the protection and integrity of the operating system and data on servers and workstations. Working with environment files that define security settings	lecture practice
		Setting up encryption according to security requirements	practice
		Use the appropriate privilege level when working with the system. Working with Process Attributes, Permissions, and Special Attributes	practice
		Configuring a firewall (IPtables/chains) according to protection requirements	practice
		Setting up OS protection at the user level	lecture
		Setting up removable storage media. Setting up RAID	practice
		Deployment and configuration of mail services. Working with mail queues (mailqueue)	practice
		Total for the section Linux operating systems	Lek/Prak	20/40
TOTAL				110/220

Final control form:

Participation in regional qualifying championships.

1. WorldSkills Russia. Project Charter
2. WorldSkills Russia Championship Regulations
3. Terms and definitions WorldSkills Russia
4. Technical documentation (Test items, Technical descriptions, Infrastructure sheets, Evaluation criteria, Workplace diagrams, Safety precautions)
5. http://worldskills.ru/

Educational and methodological support:

In accordance with the technical description of the competence and the infrastructure sheet.

1. Introduction

1.1 Name and description of the type of professional activity

1.1.1Name of the type professional professional activities

System network administration

1.1.2 Description

System administration involves a wide range of knowledge and skills. This is a fast-growing branch of computer technology, requiring constant professional growth from specialists. To skills specialists include :

-installation of the complex, setting up the system, searching for network solutions, consulting users;

-use of various operating systems and programs;

-implementation of business networks on servers, debugging of workstations and network devices;

-debugging communications, Internet access and other business network devices and equipment;

-installation and debugging of wireless network devices, switches, routers, information security devices;

-ensuring the security of information and providing access to it to the right user groups;

-providing system documentation and scheduling;

-installing, maintaining and troubleshooting Voice over IP systems - protocol;

-installation and debugging of systems IPv 4 and IPv6, tunneling;

-installation and debugging of the virtual environment.

1.2 Documentation

1.2.1 All experts and competitors must know the technical description.

1.3 Additional information

1.3.1 The technical description concerns only professional matters. It must be studied together with the following documents:

• • WSI – competition rules;
  • WSI - online resources specified in this document;
• Regulations on occupational safety and health adopted in the Russian Federation.

2. Professional skills and scope of work

The competition is a demonstration of professional skills. Tests consist of practical tasks only.

2.1 Determination of professional level:

The competitor must know and be able to:

-installation of the operating system on the computer according to the requirements of the user and manufacturer;

-determining system requirements for installing an operating system;

-configuring the operating system at the user's request;

-installation of programs and drivers;

-installation of applications;

-upgrade of computer programs at the user's request;

-partitioning and formatting the hard drive;

-installation of updated software to improve system performance;

-creating backup copies of important information;

-installation of virtual software on servers.

Operating system:

-use of various operating systems to perform standard operational tasks;

-recognition of names, locations, tasks and contents of file systems;

-Demonstration of the ability to use command functions and utilities to manage operating systems, including switching options and syntax;

-recognize basic concepts and procedures for creating, viewing, and managing disks, directories, and files;

-management of various operating systems through installation, configuration and upgrade to meet the functional needs of clients;

-determining the procedures necessary to install the operating system and their implementation;

-determination of boot sequences and methods, including step-by-step creation of an emergency boot disk;

-Determine the necessary procedures, including downloading, adding and configuring drivers and required programs;

-identification of actions necessary to optimize operating systems and subsystems;

-installation, configuration and upgrade of operating systems;

-recognizing and identifying common errors and boot messages from a boot system;

-Determine the actions needed to correct boot problems;

-adequate use of common loading tools and devices;

-determining the need for common diagnostic utilities and tools;

-identifying common operational and user problems and resolving them;

-configuration IP -addresses, subnet masks and default routes.

Cisco Internetworking Devices :

-connecting the router using a console cable and remote access;

-configuring user mode, setting privileges and passwords for remote access;

-configuration of Ethernet interfaces with IP address, subnet mask and interface description;

-configuring network clients (hosts) to create a network;

-connecting user computers to a network using cables;

-connection testing using ping, traceroute and telnet;

-configuring routers using services and routing protocols;

-Cisco IOS file system management;

-creating backup copies of software for iOS;

-creating backup copies of configurations on a TFTP server;

-managing access lists (ACLs) for a Cisco router to ensure network security;

-checking network functionality;

-detecting network problems using ping, traceroute and telnet utilities;

-determination of basic parameters for configuring wireless networks;

-configuring wireless network components;

-configuring STP protocols in Cisco switches;

-configuring VTP protocols in Cisco switches;

-configuring switching modes to ensure the operation of a high-speed computer network;

-configure Cisco systems for high speed;

-configuring and checking VLANs in Cisco switches;

-configuring inter-VLAN routing on a Cisco router;

-Configuring Network Address Translation (NAT) on a Cisco router;

-configuring data transfer subinterfaces;

-DHCP protocol configuration;

Server operating systems

-creating permissions for file systems;

-creation and management of web servers;

-management of the procedure for creating backup copies;

-manage deleted files;

-saving configurations;

-installing an operating system image;

-creating a network protocol server.

Network Security

-creation of a closed wireless network;

-creating access lists for address authentication;

-switched network security configuration;

-broadcast storm protection configuration.

2.2 Theory

2.2.1 Theoretical knowledge is necessary, but is not subject to separate testing.

2.2.2 Knowledge of rules and regulations is not subject to testing.

2.3 Practicetechnical work:

-installation, management and configuration of virtual services;

-installation and configuration of voice data transmission systems in medium-sized networks;

-recognizing and solving hardware and software problems;

-carrying out standard procedures: planning and creating backup archives, installing and configuring anti-virus systems;

-development and configuration of security and data storage systems;

-installation and configuration of operating systems at the request of users;

-installation of software packages for PC;

-installation of remote launch programs;

-installation and configuration of wireless networks, including local networks;

-installation and configuration of the network interface;

-setting up wired communication for LAN ;

-installation and configuration of network management systems;

-installation and configuration of protocols and clients of network management systems;

-installation and configuration of special network devices and services, email, anti-virus systems and anti-spam systems;

-control LAN / WAN (including options for advanced users, software, network security and hardware environment);

-solving network problems, including monitoring network operation;

-creating and maintaining a high-quality network;

-use of diagnostic devices for software;

-creating and updating documentation and schedules as required by the user;

-creating and updating a network environment;

-installing and configuring software for device collaboration for Windows , Linux and Cisco ;

-managing router and firewall collaboration modes with IEEE ;

-setting up network security systems, including a password system;

-implementation of servers and services into the network.

Simulations and Scenarios

Competition scenarios may include a selection of various elements of working with equipment and the network environment.

3. Competition project

3.1 Project format

1 task for 1 day of the competition, as shown in the table:

Period	Stage	Exercise
	Linux	Installation, configuration, upgrade
	Windows
	Net

3.2 Design requirements

Competition tasks must include:

-compliance with the professional level of competitors;

-ability to meet deadlines;

-skills in working with network equipment within the scope of the CCNA certification level;

-Linux administration;

-files with diagrams, detailed technical description;

-operating systems used in the competition can be supplied in English;

-New programs and services must be approved by the forum before being allowed to use them in the preparation of test items.

3.3 Rdevelopmentcompetition project

-the competitive project must be completed in accordance with all requirements

-Text documents must be in the format Word , graphic in DWG .

3.3.1 Job developers

All experts

3.3.2 Where and how tasks are developed

Tasks for the test project should be developed by individual experts or groups of experts.

Each expert can provide 30% pre-competition changes for already developed tasks.

There will be 4 closed sections created on the forum to discuss tasks for each day of the competition.

Each person assigned to a team continues to develop a competitive program in this team until the end of the preparation period. Experts will have the opportunity to choose their teams. However, in cases of unbalanced teams, a senior expert may recommend that the developer move to another team

3.3.3. Development team leaders

Development team leaders with experience in judging and developing competition items should be introduced to the senior expert and the chairman of the competition jury.

The team leader is responsible for developing assignments, writing technical descriptions, checking that the assignment matches the description, and developing evaluation criteria.

The tasks developed by team leaders must be unique and not repeat the tasks of other teams and tasks of previous competitions.

All competition entries must follow a pre-agreed judging scheme.

The current chairman of the jury has unlimited access to participate in all development of competition tasks and their discussion.

3.4 Test project development scheme

Assignments must be accompanied by a judging scheme based on the criteria given in section 5.

3.4.1 The judging scheme is developed by experts.

3.4.2 The judging scheme must be made public before the competition.

3.5 Job check

The task must be feasible using the tools, materials, and equipment provided at the competition, taking into account the knowledge of the competitors and the time to complete it. After completing the work, you must take a screenshot indicating the completion time of the task.

3.6 Changing the task at the competition

Development groups make a 30% change/addition to the task before the competition (see clause 3.5).

Acceptable areas of change:

Topology,

Operation,

OS,

Software and hardware.

On the first day of the competition, modified and supplemented projects are presented to experts and translators. Test projects are discussed by experts and competitors. General evaluation criteria are also provided to the experts for discussion with the competitors.

3.7 Material Features and Manufacturing Details

No

4. COMMUNICATION AND NOTIFICATION

4.1 Forum

All pre-competition discussions take place in a special forum. Changes are accepted only after preliminary discussion on the forum. The senior expert is the forum moderator. The deadlines allocated for information interaction and requirements for the development of the competition are available in the Competition Rules.

4.2 Information for competitors

Information for competitors is available at

Information includes:

Competition rules,

Technical description,

Additional information.

5. ASSESSMENT

This paragraph provides a description of the principles for assessing competition items by experts, including whether the process and result meet the necessary requirements.

5.1 Evaluation criteria

This paragraph defines the evaluation criteria and the number of points (subjective and objective) awarded to the competitor. The total number of points is 100.

Paragraph	Criterion	Grade
		Subjective	Objective	General
	Linux
	windows
	networks
	Integration and network security
Total

5.2 Subjective assessment

No

5.3 Assessing the level of proficiency in a professional skill

Proficiency in a professional skill is assessed in several categories.

Task development teams for each competition day also develop criteria for evaluating the work of the competitors.

Below is a rough list of aspects assessed:

-Linux installation and configuration

-assignment of IP addresses

-assigning names

-creating users

-backups are updated on a schedule;

-backups are updated every day at noon;

-installation Linux is complete;

-PC assembly according to specified parameters

-Windows installation and configuration

-assignment of IP addresses

-assigning names

-Creating Users

-change system settings on demand

-setting up Pre-installed operating systems according to requirements

-installation and configuration of the FTP service

-creating quotas on file systems

-change system settings on demand

-design and creation of a cable network

-creating network addressing

-wire crimping

-connection of devices according to project requirements

-creating a wireless network

-SSID configuration

-binding to clients' mas addresses

-setting up encryption on a wireless network

-setting up wireless network authentication

-router configuration

-assigning IP addresses to interfaces

-RIPv2 routing protocol configuration

-creating access lists according to specified parameters

-switch configuration

-VLAN configuration

-VTP configuration

-STP configuration

-trunk configuration

-portsecurity configuration

-broadcast storm protection

5.4. Work evaluation

Each task is an imitation of an island (team work is assumed). If one of the group of experts who prepared the “island” is a compatriot of the competitor, then on this “island” the competitor passes the first stage of the competition. Otherwise, the order is determined by voting. Competition entries are not subject to changes after completion of tasks, except in cases where changes are provided for in the marking scheme. All experts must use only the pre-agreed scoring system.

Each Test Project is assessed upon completion. The full scoring scheme can only be viewed by experts as it may inadvertently provide clues to competitors. The points for each task should not exceed 2.5, as this constitutes 10% of the total points.

Evaluation procedure

Experts must jointly determine the evaluation system and the level of acceptable clearances when developing criteria for subjective evaluation, objective evaluation and issuing evaluation sheets.

6. Special safety requirements

Complied with in accordance with the legislation of the Russian Federation in the field of health and occupational safety.

Observe the following safety rules:

When the contestants finish the task, the computers can be turned off.

Computers must have fuses.

7. MATERIALS AND EQUIPMENT

7.1 Equipment list

Infrastructure elements, equipment and materials are provided by the competition organizer. The list of infrastructure is available at the address by clicking on the corresponding item in the technical description.

The infrastructure list includes everything that is necessary to complete the competition tasks. The competition organizer supplements the list with the exact quantity of required materials, their features, models and brands. The infrastructure provided by the organizer is included in a separate list.

Before each competition, experts are required to check and adjust the list, as well as coordinate it with the technical director.

At each competition, the technical supervisor must take inventory of the infrastructure elements. The list should not include items that experts or competitors have requested to include, or prohibited items.

7.2 Materials and equipment for competitors (description of one set):

1. Laptop - without operating system (to install)
2. PC assembly + additional accessories. Network card for installing a Linux-based server on it
3. Disassembled computer (to assemble and install software) + monitor, keyboard, mouse

• Frame
• power unit
• HDD
• DVD-rom
• Motherboard
• CPU
• CPU cooler
• memory

1. Cable channels for creating SCS
2. Adhesive tape for fastening
3. Coil of twisted pair cable
4. Cable tags
5. RJ-45 -100 pcs
6. Cable crimping kit
7. Screwdriver Set
8. flipchart
9. flipchart paper set
10. markers
11. Thermal paste

BY:

• Windows XP
• Linux Ubuntu Server 12.04 LTS
• Cisco Packet Tracer

7.3 Materials and equipment for experts

Prohibited.

Cell phones, media players, recording devices.

8. VISITORS AND PRESS

8.1 Attracting the maximum number of visitors and press

To attract the maximum possible number of visitors and press, you must have:

-video description;

-IT Web cameras for demonstration on the large screen of the assembly hall to monitor the work of the competitors;

-job fair;

-daily reports on the progress of the competition.

1.2 Ecology and ergonomics

Workstations are divided into 4 islands, according to competition days. Competitors are divided into 4 groups to reduce the number of required network devices

1.3 Recycling

-recycling;

-use of environmentally friendly materials;

-use of works after the competition.