Infrastructure Scenario Tests

During a NOC shift handoff, a critical alert for a client's ransomware detection is missed. The outgoing shift marked it as acknowledged but did not brief the incoming shift. The ransomware spreads for 4 additional hours before discovery.

The PSA ticketing system enters an auto-escalation loop where a ticket is escalated, triggers a workflow that reassigns it, which triggers another escalation, creating an infinite loop. The ticket generates 500+ email notifications and consumes the email sending quota.

The IT documentation platform (IT Glue/Hudu) becomes unreachable during a major client outage. Technicians cannot access network diagrams, credential vaults, or runbook procedures needed to resolve the issue. The documentation system is hosted on the same infrastructure experiencing the outage.

A managed client's secondary ISP failover fails to activate when the primary circuit goes down. The SD-WAN appliance detects the primary failure but the secondary circuit is disconnected due to an unpaid bill. The site is completely offline.

The RMM platform generates a false alarm storm after a monitoring agent update pushes incorrect threshold values. 2,000+ alerts fire simultaneously across all managed clients, overwhelming the NOC and masking real issues.

The network TAP aggregating traffic for the IDS/IPS and packet capture system becomes oversubscribed. The 10G TAP is receiving 14Gbps of traffic, causing 28% packet loss on the monitoring feed. The IDS misses attack signatures and the packet capture has gaps.

A switch firmware upgrade resets QoS policies on 12 access switches, removing DSCP marking and priority queuing for voice traffic. VoIP call quality degrades severely during business hours when data traffic competes with voice.

A RADIUS policy change breaks MAC Authentication Bypass (MAB) for IoT devices. Security cameras, badge readers, and building management sensors are all locked out of the network as they cannot perform 802.1X EAP authentication.

The IP Address Management system shows all subnets in the production VLAN are fully allocated. DHCP scopes have no available leases, and new devices cannot obtain IP addresses. Server provisioning and workstation deployment are both blocked.

The primary NTP server loses its upstream time source and begins drifting. As a stratum 1 source for the internal network, all downstream servers inherit the drift. Kerberos authentication begins failing when clock skew exceeds 5 minutes.

The TFTP server used for automated network device configuration backups becomes unreachable after a server migration. Nightly configuration backups for 80 network devices have not run for 7 days, leaving no recent configuration recovery point.

The centralized syslog server cannot keep up with the volume of incoming UDP syslog messages during a network event. UDP packets are dropped at the kernel level, causing critical security and audit log data to be permanently lost.

The RADIUS accounting server becomes unresponsive, causing all network access devices to fail sending accounting records. ISP billing data is lost for 8 hours, and compliance logging for network access events stops.

After a DNS migration, SPF, DKIM, and DMARC records are not properly recreated. Outbound emails are rejected by major providers (Gmail, Microsoft) due to authentication failures, and the company's email reputation score drops rapidly.

The Exchange journaling mailbox reaches its storage quota, causing journal reports to be NDR'd back to the sender. Email journaling stops functioning, creating a compliance gap for regulatory requirements (HIPAA, SEC Rule 17a-4).

A message size limit reduction on the Exchange transport rule causes a bounce storm. Automated systems sending reports with large attachments generate NDRs, which trigger auto-reply rules, creating a feedback loop of bounces and replies that overwhelms the mail system.

An internal SMTP relay is misconfigured as an open relay after a firewall change exposes it to the internet. Spammers discover and abuse it within hours, sending thousands of spam emails through the relay, causing the company's IP to be blacklisted.

Exchange Online Protection (EOP) begins quarantining legitimate business emails from a major client after a policy update. The mail flow disruption goes unnoticed for 6 hours until the client calls to complain about unanswered communications.

After enabling LDAP channel binding and signing enforcement on domain controllers (per Microsoft security advisory), multiple legacy applications that use simple LDAP binds break. Printers, scanners, and legacy ERP systems cannot authenticate against Active Directory.

Active Directory password hash synchronization between on-premises AD and Azure AD breaks after a domain controller is decommissioned. Users who change their on-premises passwords find their Azure AD passwords still use the old value, causing login failures for cloud services.