incident-response-trainer
Mock scenarios · Rule-based grading
CatalogOverviewSnapshot
← Back to catalog
Cloud InfrastructureeasyExposed Cloud Management PortHigh asset
Scenario

Admin/SSH/RDP port open to the internet on a production instance

A easy Cloud Infrastructure scenario on Exposed Cloud Management Port.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 2 templates in this Track + Difficulty pool.

catalog id · cloud-exposed-cloud-management-port

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains
  • Restrict internet-exposed management ports
  • Confirm no unexpected login before remediating
MITRE ATT&CKmitre-attack
  • External Remote Services · Initial AccessT1133 · TA0001
    MappedHigh confidence

    Trains triage of a management port exposed to the internet and the brute-force pressure it attracts.

MITRE D3FENDmitre-d3fend
  • Network Traffic FilteringD3-NTF
    MappedHigh confidence

    Trains restricting the security group so admin ports reach only the bastion or VPN range.

  • Network Traffic AnalysisD3-NTA
    MappedMedium confidence

    Trains reviewing access patterns to the exposed service.

NIST CSF 2.0nist-csf-2
  • Identity Management, Authentication, and Access Control · ProtectPR.AA · PR
    MappedHigh confidence

    Trains access-control posture that limits who can reach management ports.

  • Continuous Monitoring · DetectDE.CM · DE
    MappedHigh confidence

    Trains detection of the exposure and of any successful login from auth logs.

NIST SP 800-61r3nist-sp-800-61r3
  • IR lifecycle phaseContainment, Eradication & Recovery
    MappedHigh confidence

    Trains restricting the security group to known ranges as the containment action.

  • IR lifecycle phaseDetection & Analysis
    MappedHigh confidence

    Trains separating failed guessing from any successful login in the auth log.

CISA Cybersecurity Performance Goalscisa-cpg
  • No Exploitable Services on the Internet2.W
    MappedHigh confidence

    Trains the baseline that keeps management services off the public internet.

  • Phishing-Resistant MFA2.E
    MappedMedium confidence

    Trains the MFA baseline that limited impact on the management API.

CIS Controls v8cis-controls
  • Secure Configuration of Enterprise Assets and SoftwareControl 4
    MappedHigh confidence

    Trains the secure-configuration control the exposed rule violated.

  • Network Monitoring and DefenseControl 13
    MappedMedium confidence

    Trains the network-monitoring control behind safe ingress restriction.