Infrastructure Scenario Tests

The database server's data partition fills to 100% due to an unrotated slow query log. PostgreSQL can no longer write WAL files. All database writes fail. Application is read-only.

A web server is compromised via an unpatched vulnerability. Crypto mining malware is consuming 100% CPU across all cores, making the web application unresponsive for legitimate users.

A production Java application server runs out of heap memory due to a memory leak in a recent deployment. The OOM killer terminates the JVM process, bringing down the application for all users.

A UniFi controller update introduces a bug that causes all APs to lose their management connection. APs continue serving clients with last-known config, but cannot be managed, updated, or monitored.

The MPLS PE-CE link at a remote branch office fails. The branch is completely isolated from the WAN. No backup link exists. 30 employees cannot access any corporate resources.

The primary MPLS circuit at a branch office goes down. SD-WAN fails over to the backup broadband link. Voice quality degrades due to higher jitter on the broadband path.

A Nutanix Controller VM (CVM) crashes on one node of a 4-node cluster. All VMs on that node lose local storage access. The cluster attempts to serve I/O from surviving CVMs but performance degrades significantly.

An attacker spoofs a MAC address to bypass network access control. Port security detects the violation and shuts down the port, but not before the attacker exfiltrates data for 30 seconds.

An OSPF adjacency between two core routers drops due to a unidirectional fiber failure. Routes are withdrawn, causing a major routing blackhole for half the campus network.

A FortiGuard web filter update incorrectly categorizes a critical SaaS application as malware. All employee access to the application is blocked by the UTM policy.

The primary FortiGate in an HA pair crashes due to a firmware bug, triggering failover to the secondary unit. All active VPN tunnels drop and need to re-establish.

Two devices on the same VLAN have been assigned the same IP address. Both are sending gratuitous ARPs, creating an ARP storm that degrades network performance for the entire subnet.

A compromised workstation is flooding the network with spoofed MAC addresses, overflowing the switch CAM table and causing unknown unicast flooding across all VLANs.

A fiber SFP is failing on the uplink between access and distribution layer switches. The port flaps every 30-90 seconds, causing MAC table instability and intermittent connectivity for 200+ users.

A user plugs a personal switch into an access port configured with BPDU Guard. The switch sends BPDUs, triggering err-disable on the port and a topology change notification across the network.

An employee connects an unmanaged switch creating a Layer 2 loop. No spanning tree on the VLAN. Broadcast storm takes down all services on VLAN 10.