54 Cyber Security

WorldSkills Occupational Sta

Section WSOS Marks

1 Work Organization and Management(5)

2 Communication and Interpersonal Skills(10)

3 Secure Systems Design and Creation(10)

4 Secure Systems Operation and Maintenance(15)

5 Secure Systems Protection and Defense(15)

6 Operations and Management(20)

7 Intelligence Collection and Analysis(10)

8 Investigation and Digital Forensics(15)

Criteria
ID Name

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 1 of 16
 A Enterprise Infrastructure Security

B Cyber Security Incident Response, Digital Forensics, Application Security

C CTF Red (Offense)

D CTF Blue (Defense)

Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
A1 AD01 2
M Domain Created
M DNS setting correct?
M Computers joined to domain
M OU's created, contain users
M GPO's created on Accounting OU (0.1 per each policy)
M Settings for GPO's complete (0.1 per each policy setting)
M Account policy is set correctly
M Audit policy is set correctly
M Splunk forwarder installed to forward SIEM01 events
A2 SYSTEM01 2
M user creation
M password creation
M maggie can sudo
Sheet: CIS Marking Scheme Import Version:
File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 2 of 16
 M lionel can sudo yum and rpm only
M dmz is active firewall zone
M 10000 not active for the currently active/running configuration
M 82 and 10000 active for the stored/persistent configurationNOTE:
M http and https services are enabled in firewall in stored/persistent
M SELinux is enforcing and file system is relabeled
M auditd rule
A3 PM-VM50 - VPN 2
M Global VPN setup
M IP Pool set correctly for VPN?
M Certificates set up
M VPN Client installed
M VPN connection made
M RDP and SSH connections work
A4 PM-VM50 - Firewalls 2
M for 3 correctly configured rules
M for 3 correctly configured rules
M for 3 correctly configured rules
A5 Web-01 - Apache Web 2
M "www.shenghai.org" from competitor workstation correctly display
M "www.testshenghai.com" from competitor workstation correctly dis
M Http redirect to https
M MODSecurity is configured to block access to path = /etc/passwd
M MODSecurity is configured to match /etc/passwd in other URL po
M MODSecurity is configured also for testshenghai.com
A6 SIEM01 2
M Splunk installed
M Check if logs for jfrank exists
A7 Coding challenges 2
M Coding Challenge 1
M Coding Challenge 1
M Coding Challenge 2
M Coding Challenge 2

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 3 of 16
 Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
B1 Web Server 1
M Incident analysis - exploit types, URL, commands used
M Incident analysis - date and time of first successful attack
M Incident analysis - filename and absolute path in successful attac
M Incident analysis - webshell code
M Incident analysis - first command after attack in reverse shell
M Incident analysis - username/password of login account
B2 Windows Server 1
M filename and absolute path of malicious autorun
M string for mutex
M registry key value from program and file name
M Process name and parameters
M Registry functions used
M Recovery of Server - Before/after screenshots of bug fixes
B3 Task analysis - dump.vmem 1
M Name of Malicious program
M PID and PPID of Malicious program
M IP addresses of connection attempts
M Which user executed malicious program
M What other malicious program to be deleted
B4 Task analysis - creditcard.pcap 1
M Proper identification of all 3 credit cards
B5 Cryptography 1
M Cryptography - screenshots to support - certificate creation
M Modify the configuration files of the webserver to answer on http a
M Cryptography - screenshots to support - listens on both but http >
B6 IAM 1
M IAM - root user cannot ssh
M IAM - new root password
M IAM - ixia can sudo
B7 Work task code review 1
M Code 1 - Identity of Vulnerability
M Code 1 - Description of why it's not safe
M Code 1 - Explain how to make secure

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 4 of 16
 M Code 1 - Modified code correct?
M Code 2 - Identity of Vulnerability
M Code 2 - Description of why it's not safe
M Code 2 - Explain how to make secure
M Code 2 - Modified code correct?
M Code 3 - Identity of Vulnerability
M Code 3 - Description of why it's not safe
M Code 3 - Explain how to make secure
M Code 3 - Modified code correct?
M Code 4 - Identity of Vulnerability
M Code 4 - Description of why it's not safe
M Code 4 - Explain how to make secure
M Code 4 - Modified code correct?
B8 Theoretical 1
M Vulnerability Detection(12)
M Incidence Response(10)
M Identity and Access management(9)
M Digital forensics(11)
M Crypto and PKI(20)
M PKI (9)
M Code Review(8)

Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
C1 Flags - Day 3 3
M Flag 5 - Flags in any order on D3 - must complete block to get ma
M Flag 10 - Flags in any order on D3 - must complete block to get m
M Flag 15 - Flags in any order on D3 - must complete block to get m
M Flag 20 - Flags in any order on D3 - must complete block to get m
M Flag 25 - Flags in any order on D3 - must complete block to get m
M Flag 30 - Flags in any order on D3 - must complete block to get m
M Flag 35 - Flags in any order on D3 - must complete block to get m
M Flag 40 - Flags in any order on D3 - must complete block to get m
M Flag 45 - Flags in any order on D3 - must complete block to get m
M Flag 50 - Flags in any order on D3 - must complete block to get m

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 5 of 16
 M Flag 55 - Flags in any order on D3 - must complete block to get m
M Flag 60 - Flags in any order on D3 - must complete block to get m
M Flag 65 - Flags in any order on D3 - must complete block to get m
M Flag 70 - Flags in any order on D3 - must complete block to get m
M Flag 75 - Flags in any order on D3 - must complete block to get m
M Flag 80 - Flags in any order on D3 - must complete block to get m
M Flag 85 - Flags in any order on D3 - must complete block to get m
M Flag 90 - Flags in any order on D3 - must complete block to get m
M Flag 95 - Flags in any order on D3 - must complete block to get m
M Flag 100 - Flags in any order on D3 - must complete block to get

Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg
D1 Flags - Day 4 4
M Flag 5 - Flags in any order on D4 - must complete block to get ma
M Flag 10 - Flags in any order on D4 - must complete block to get m
M Flag 15 - Flags in any order on D4 - must complete block to get m
M Flag 20 - Flags in any order on D4 - must complete block to get m
M Flag 25 - Flags in any order on D4 - must complete block to get m
M Flag 30 - Flags in any order on D4 - must complete block to get m
M Flag 35 - Flags in any order on D4 - must complete block to get m
M Flag 40 - Flags in any order on D4 - must complete block to get m
M Flag 45 - Flags in any order on D4 - must complete block to get m
M Flag 50 - Flags in any order on D4 - must complete block to get m
M Flag 55 - Flags in any order on D4 - must complete block to get m
M Flag 60 - Flags in any order on D4 - must complete block to get m
M Flag 65 - Flags in any order on D4 - must complete block to get m
M Flag 70 - Flags in any order on D4 - must complete block to get m
M Flag 75 - Flags in any order on D4 - must complete block to get m
M Flag 80 - Flags in any order on D4 - must complete block to get m
M Flag 85 - Flags in any order on D4 - must complete block to get m
M Flag 90 - Flags in any order on D4 - must complete block to get m
M Flag 95 - Flags in any order on D4 - must complete block to get m
M Flag 100 - Flags in any order on D4 - must complete block to get

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 6 of 16
 Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg

Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg

Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg

Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg

Aspect
Sub Type
Sub Criterion Day of Judg
Criterion M= Aspect - Description
Name or Description Marking Score
ID Meas
J = Judg

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 7 of 16
Sheet: CIS Marking Scheme Import Version:
File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 8 of 16
andards
WSOS Aspect
Variation
Marks Marks

5.00 5.05 0.05

10.00 10.00 0.00

10.00 10.00 0.00

15.00 16.50 1.50

15.00 15.50 0.50

20.00 20.15 0.15

10.00 10.75 0.75

15.00 12.05 2.95

Total Variation 5.90

Mark

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 9 of 16
 25.00

25.00

25.00

25.00

Extra Aspect Description (Meas or Judg) Requirement

WSOS
Calculation
Max Total
OR (Measurement Row Criterion A 25.00
Judgement Score Description (Judg only) Only)
Section
(Export only)
Mark
Mark

Get-WmiObject -Class win32_computersystem|select dom 4 1.00

nslookup -querytype=SRV shenghai.ws 4 0.50
get-adcomputer -filter * | select name 4 0.50
Get-ADUser -filter {name -like "j*"} -properties *| select nam 4 0.50
functional test by experts 3 0.50
functional test by experts 3 0.50
Must have all aspects 3 0.50
3 1.00
Get-WmiObject -Class win32_product 3 0.50

cat /etc/passwd 4 0.50

cat /etc/shadow 4 0.50
sudo -u maggie sudo -l 4 0.50
Sheet: CIS Marking Scheme Import Version:
File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 10 of 16
sudo -u lionel sudo -l 4 0.50
firewall-cmd --list-all | grep default 4 0.25
firewall-cmd --list-ports 4 0.25
systemctl restart firewalldfirewall-cmd --list-all | grep ports 4 0.25
firewall-cmd --list-all 4 0.25
sudo sestatussudo cat /etc/selinux/config 4 0.50
sudo auditctl -l 4 1.00

check config files 3 1.00

4 0.50
4 0.50
4 0.50
4 0.50
4 0.25

4 0.50
4 0.50
4 0.50

On MS-01 visit https://www.shenghai.org with regular brow 6 1.00

On MS-01 visit https://www.testshenghai.com with regular 6 1.00
On MS-01:Visit http://www.shenghai.orgVisit http://www.tes 5 1.00
On MS-01: Visit https://www.shenghai.org/etc/passwd 5 1.00
On MS-01: Visit https://www.shenghai.org/?testparameter= 3 0.75
On MS-01: Visit https://www.testshenghai.com/etc/passwd 4 0.50

netstat -ntlp | grep 8000 In case it is not running, start in /o 5 1.00

index=main jfrank 4 0.50

Will coding solution fix problem 3 1.00

Is coding solution efficient and well written? 2 0.75
Will coding solution fix problem 3 1.00
Is answer not only correct, but according to explanation, is 2 0.75

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 11 of 16
 Extra Aspect Description (Meas or Judg) Requirement
WSOS
Calculation
Max Total
OR (Measurement Row Criterion B 25.00
Judgement Score Description (Judg only) Only)
Section
(Export only)
Mark
Mark

did they document them all? (not sure how many) 3 0.50
3 0.25
3 0.25
8 0.25
3 0.25
8 0.25

8 0.25
8 0.25
8 0.25
8 0.25
8 0.25
not sure how many 6 1.00

8 0.25
8 0.25
8 0.25
8 0.25
8 0.25

8 1.00

Judging on if submission is sufficient to prove configuration 1 0.75

1 0.75
1 0.45

cat /etc/ssh/sshd_config | grep root 4 0.25

looking to assess documentation on how to do this: more t 1 0.60
cat /etc/sudoers | grep ixia 4 0.25

compare against the keysight answer key 8 0.50

compare against the keysight answer key 1 0.50
compare against the keysight answer key 1 0.50

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 12 of 16
compare against the keysight answer key 3 0.50
compare against the keysight answer key 8 0.50
compare against the keysight answer key 1 0.50
compare against the keysight answer key 1 0.50
compare against the keysight answer key 3 0.50
compare against the keysight answer key 8 0.50
compare against the keysight answer key 1 0.50
compare against the keysight answer key 4 0.50
compare against the keysight answer key 3 0.50
compare against the keysight answer key 8 0.50
compare against the keysight answer key 2 0.50
compare against the keysight answer key 2 0.50
compare against the keysight answer key 3 0.50

0.1 mark for each correct answer 7 1.20

0.1 mark for each correct answer 8 0.80
0.1 mark for each correct answer 6 0.90
0.1 mark for each correct answer 8 1.10
0.1 mark for each correct answer 8 2.00
0.1 mark for each correct answer 8 0.90
0.1 mark for each correct answer 7 0.80

Extra Aspect Description (Meas or Judg) Requirement

WSOS
Calculation
Max Total
OR (Measurement Row Criterion C 25.00
Judgement Score Description (Judg only) Only)
Section
(Export only)
Mark
Mark

From Keysight CTF - 20% of total mark for each flag captu 4 1.25
From Keysight CTF - 20% of total mark for each flag captu 4 1.25
From Keysight CTF - 20% of total mark for each flag captu 4 1.25
From Keysight CTF - 20% of total mark for each flag captu 5 1.25
From Keysight CTF - 20% of total mark for each flag captu 5 1.25
From Keysight CTF - 20% of total mark for each flag captu 5 1.25
From Keysight CTF - 20% of total mark for each flag captu 5 1.25
From Keysight CTF - 20% of total mark for each flag captu 5 1.25
From Keysight CTF - 20% of total mark for each flag captu 5 1.25
From Keysight CTF - 20% of total mark for each flag captu 5 1.25

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 13 of 16
From Keysight CTF - 20% of total mark for each flag captu 5 1.25
From Keysight CTF - 20% of total mark for each flag captu 5 1.25
From Keysight CTF - 20% of total mark for each flag captu 5 1.25
From Keysight CTF - 20% of total mark for each flag captu 8 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25

Extra Aspect Description (Meas or Judg) Requirement

WSOS
Calculation
Max Total
OR (Measurement Row Criterion D 25.00
Judgement Score Description (Judg only) Only)
Section
(Export only)
Mark
Mark

From Keysight CTF - 20% of total mark for each flag captu 7 1.25
From Keysight CTF - 20% of total mark for each flag captu 7 1.25
From Keysight CTF - 20% of total mark for each flag captu 7 1.25
From Keysight CTF - 20% of total mark for each flag captu 7 1.25
From Keysight CTF - 20% of total mark for each flag captu 7 1.25
From Keysight CTF - 20% of total mark for each flag captu 7 1.25
From Keysight CTF - 20% of total mark for each flag captu 7 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 6 1.25
From Keysight CTF - 20% of total mark for each flag captu 2 1.25
From Keysight CTF - 20% of total mark for each flag captu 2 1.25
From Keysight CTF - 20% of total mark for each flag captu 2 1.25
From Keysight CTF - 20% of total mark for each flag captu 2 1.25
From Keysight CTF - 20% of total mark for each flag captu 2 1.25
From Keysight CTF - 20% of total mark for each flag captu 2 1.25

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 14 of 16
 Extra Aspect Description (Meas or Judg) Requirement
WSOS
Calculation
Max Total
OR (Measurement Row Criterion E 0.00
Judgement Score Description (Judg only) Only)
Section
(Export only)
Mark
Mark

Extra Aspect Description (Meas or Judg) Requirement

WSOS
Calculation
Max Total
OR (Measurement Row Criterion F 0.00
Judgement Score Description (Judg only) Only)
Section
(Export only)
Mark
Mark

Extra Aspect Description (Meas or Judg) Requirement

WSOS
Calculation
Max Total
OR (Measurement Row Criterion G 0.00
Judgement Score Description (Judg only) Only)
Section
(Export only)
Mark
Mark

Extra Aspect Description (Meas or Judg) Requirement

WSOS
Calculation
Max Total
OR (Measurement Row Criterion H 0.00
Judgement Score Description (Judg only) Only)
Section
(Export only)
Mark
Mark

Extra Aspect Description (Meas or Judg) Requirement

WSOS
Calculation
Max Total
OR (Measurement Row Criterion I 0.00
Judgement Score Description (Judg only) Only)
Section
(Export only)
Mark
Mark

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 15 of 16
 Total
Competition 100.00
Mark

Sheet: CIS Marking Scheme Import Version:

File: WSC2022SE_54_Cyber_Security_marking_scheme.xlsx Date: 16 of 16