Question No. 1

Blue thanks you for your plan and design and took it into consideration. You are then informed that Orange has gone ahead and made a new plan, which will incorporate some of your suggestions, but is going to build the network a bit differently. In Testbed and in each remote office there will be a single self-sufficient CA hierarchy, one that is designed to directly integrate with the existing network. Orange mentions that the hierarchy is only to go two-levels deep, you are not to make an extensive hierarchy in any location. This means a distinct CA hierarchy in six locations, inclusive of the Testbed headquarters. Using this information, choose the solution that will provide for the proper rollout of the Certificate Authorities in the network.}

AIn each location, you recommend the following steps: 1.Harden a system to function as the Root CA
2.Harden a system to function as the Registration Authority 3.Configure CATool on the Root CA
4.Configure CATool on the Registration Authority, as a subordinate to the Root CA 5.Once the Subordinate CA is active, take the Root CA offline
6.Configure users for the CAs 7.Configure each Root CA to trust each other Root CA via cross certification 8.Test the CA hierarchy 9.Have the local administrative staff inform and train each user how to connect to the Registration Authority through their browser and request a certificate

BIn each location, you recommend the following steps: 1.Harden a system to function as the Root CA
2.Harden a system to function as a Registration Authority
3.Configure a Windows Enterprise Root CA
4.Configure each Enterprise Root CA to trust each other Enterprise Root CA via cross certification 5.Configure a Windows Stand-Alone Subordinate Enrollment Authority to function as the Registration Authority
6.Once the Stand-Alone Subordinate is installed, take the Enterprise Root CA offline
7.Test the CA hierarchy 8.Have the local administrative staff inform and train each user how to connect to the Registration Authority through their browser and request a certificate

CIn each location, you recommend the following steps: 1.Harden a system to function as the Root CA
2.Harden a system to function as the Registration Authority
3.Configure a Windows Enterprise Root CA
4.Configure each Enterprise Root CA to trust each other Enterprise Root CA via cross
certification
5.Configure a Windows Enterprise Registration Authority, as a subordinate to the Enterprise Root CA
6.Once the Subordinate CA is active, take the Enterprise Root CA offline
7.Test the CA hierarchy7.Test the CA hierarchy 8.Have the local administrative staff inform and train each user how to connect to the Registration Authority through their browser and request a certificate

DIn each location, you recommend the following steps:
1.Harden a system to function as the Root CA
2.Harden a system to function as the Registration Authority
3.Configure a Windows Enterprise Root CA
4.Configure each Enterprise Root CA to trust each other Enterprise Root CA via cross certification
5.Configure a Windows Registration Authority, as a subordinate to the Enterprise Root CA
6.Test the CA hierarchy 7.Have the local administrative staff inform and train each user how to connect to the Registration Authority through their browser and request a certificate

EIn each location, you recommend the following steps:
1.Harden a system to function as the Root CA
2.Harden a system to function as the Registration Authority
3.Configure CATool on the Root CA
4.Configure CATool on the Registration Authority, as a subordinate to the Root CA
5.Configure users for the CAs
6.Configure each Root CA to trust each other Root CA via cross certification
7.Test the CA hierarchy
8.Have the local administrative staff inform and train each user how to connect to the Registration Authority through their browser and request a certificate

Show Answer

Correct Answer: D

Question No. 2

Although you feel that you have taken solid steps in the security of MegaCorp, you would like to have some more analysis and documentation of the state of the network, and the systems in place protecting MegaCorp resources. The CEO wants to know what MegaCorp should be spending on securing these resources, and wants justification for the numbers that you provide. You inform the group that you will be able to provide them with a Risk Analysis on the defined resources, and you also suggest that MegaCorp perform a full business Risk Analysis, and that they make it part of their policy to perform ongoing analysis. During the first meeting after the agreement on analysis, a sales manager tells you the following; "We are rolling out a new online sales component to our organization. It will be up to you to design the system for this, but we anticipate it being up and running next month and are looking to have initial revenues of around $1,000 per day through that component." "All right," you respond "If the initial revenues are going to be around $1,000 per day, what are you projecting will be the daily revenue through this in 6 and 12 months?" The CEO answers this question, "Our projections are to have an average of about $2,000 per day in six months and $3,000 per day within a year." "And, what is this system going to be responsible for? By that I mean, is this just an order taking machine, is it tied into inventory, is it tied into shipping, and so on?" you ask. "Right now, and as far as the current plan goes, this is an order taking system. It will not be tied into any of our other systems." "Are we going to get a new Internet connection for this server, or is it going to run off the current connection we have? I recommend a new connection, but am curious to know if that has been considered." "I think we can stick with our current connection for the time being. If it seems like there is a need in the future for the expenses of a new connection, we can discuss it then. Anything else?" "Not right now, as issues come up I will talk to you about them." The rest of the meeting does not require your attendance, so you head back to your office. Based on your knowledge of the MegaCorp environment, select the solution that best allow you to justify the expense of protecting the new server.}

AYou decide to perform a Quantitative Risk Analysis on the server. You meet with the sales director to find out that the server will only hold a copy of the catalog. You estimate that since the system will be directly connected with a public IP Address, and since it will hold customer data that it is a likely target for attack. You know that you have solid security systems in place, but you think there will be a legitimate attack to compromise this server at least once per month. Based on this information you decide that the ARO is 12, and the SLE will be one day of operation plus one day to restore the system, therefore $6,000. With an ARO of 12, and with a SLE of $6,000 you determine that the ALE for the system is $72,000. You report to the CEO that although the current security systems in place are solid, this server requires security of it??s own. You identify the $72,000 that could be lost every year due to attacks, and request resources to properly protect the server. B. You decide to perform a Qualitative Risk Analysis on the new server. You organize a short meeting with the sales director to get a better idea of what will be stored on the system. You know the projected sales volumes, and you find out that on the system will be nothing more than a catalog, where people can order MegaCorp products. Since there is nothing of value stored on the server, you decide that the Level of Damage that would happen if this system is compromised is low and that the Likelihood of an Attack to gain access is low. Since the company needs the system for sales, you decide that the threat of a power loss is significant. Your report back to the CEO is that the current security systems in place are adequate for the new system, that it will be protected by the firewall and IDS. You do request to increase the resources for power equipment, specifically a large battery backup for the server.

CYou decide to follow the Facilitated Risk Analysis Process (FRAP) for the server. You sit down in your office by yourself, and you list out the vulnerabilities that might exist for the server. You then categorize those vulnerabilities into High, Medium, and Low. Taking each individual vulnerability that you discovered, you further detail that listing the degree of impact that vulnerability could have, again categorizing them as High, medium, and Low. When you are done, you have a list that shows five vulnerabilities, only one of them High, and that is attempted system compromise. You have identified this vulnerability to have a Low impact, since it will only contain the MegaCorp catalog and no other critical services. You report back to the CEO that the current systems in place are adequate, and your only suggestion is to possibly increase the power backup to a larger model for the server.

DSince this is the only system that you are requested to analyze, and the CEO is looking for numbers, you decide to run a fast Qualitative Risk Analysis. You know that the server is going to generate $6,000 per month, and you think there will most likely be an attack on the server at least twice a month. This means that for this server, you have an SLE of $6,000 and an ALE of 24. With an SLE of $6,000, and with an ALE of 24, you determine that the SRO for the system is $144,000. You report to the CEO that there is a risk of $144,000 to this server every year, and you recommend that for the first year that full risk amount be spent on mitigating the risk, so that in subsequent years you can report the risk has been reduced to zero.

EWith only this one single system to analyze, you decide that a Quantitative Risk Analysis is appropriate. You identify three major threats:
Power Outage, Administrator-level system compromise, and Denial of Service attacks. You assign the power outage a low likelihood, the administrative compromise a medium likelihood, and the DoS a high likelihood. You assign the power outage a high level of damage, you assign the administrative compromise a high level of damage, and you assign the DoS a low level of damage. Since the likelihood of the power outage is low, you do not recommend spending any new money on this in your report to the CEO. Since the level of damage is so high due to the administrative compromise, you recommend new security systems to protect against that threat. You recommend that the systems in place to mitigate the threat of the administrative compromise also be capable of addressing the DoS threat.

Show Answer

Correct Answer: A

Question No. 3

You had been taking a short vacation, and when you come into work on Monday morning, Orange is already at your door, waiting to talk to you. "We're got a problem," Orange says, "It seems that the password used by our Vice President of Engineering has been compromised. Over the weekend, we found this account had logged into the network 25 times. The Vice President was not even in the office over the weekend." "Did we get the source of the compromise yet?" "No, but it won't surprise me if it is our new neighbors at MassiveCorp. I need to you to come up with a realistic plan and bring it to me tomorrow afternoon. This problem must be resolved, and like everything else we do not have unlimited funds so keep that in mind." Based on this information, choose the best solution to the password local authentication problem in the Executive building.}

ASince you are aware of the significance of the password problems, and since you do not have unlimited funds, you plan to address this problem through education and through awareness. You write up a plan for Orange that includes the following points:
1.All end users are to be trained on the methods of making strong passwords
2.All end users are instructed that they are to change their password at a minimum of every 30 days. 3.The administrative staff is to run password-checking utilities on all passwords every 30 days.
4.All end users are to be trained on the importance of never disclosing their password to any other
individual.
5.All end users are to be trained on the importance of never writing down their passwords where they
areclearly visible.

BSince you are aware of the significance of the password problems, you plan to address the problem using technology. You write up a plan for Orange that includes the following points: 1.You will reconfigure the Testbed.globalcorp.org domain to control the password problem. 2.You will configure AD in this domain so that complex password policies are required. 3.The complex password policies will include: a.Password length of at least 8 characters b.Passwords must be alphanumeric c.Passwords must meet Gold Standard of complexity d.Passwords must be changed every 30 days e.Passwords cannot be reused

CSince you are aware of the significance of the password problems, you plan to address the problem using technology. You write up a plan for Orange that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a token-based authentication system.
2.You will install the RSA SecurID challenge-response token system.
3.You will create SecurID user records for each user to match their domain accounts.
4.You will assign each user record a unique token.
5.You will hand deliver the tokens to the correct executive.
6.Users will be required to use tokencodes from the One-Time tokencode list. The tokencodes will be alphanumeric and will be 4 characters long.
7.The tokens will replace all passwords for authentication into each user Windows system.

DSince you are aware of the significance of the password problems, plan to address the problem using technology. You write up a plan for Orange that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a biometric solution.
2.You will install retinal scanners at every user desktop in the executive building.You will install retinal scanners at every user?
desktop in the executive building.
2.You will install retinal scanners at every user desktop in the executive building.You will install retinal scanners at every user? Desktop in the executive building.
3.You will personally enroll each user at each desktop.3.You will personally enroll each user at each desktop.
4.You will instruct each user on the proper positioning and use of the scanner.4.You will instruct each user on the proper positioning and use of the scanner. 5.The biometric system will replace all passwords for authentication into each user Windows system.The biometric system will replace all passwords for authentication into each user?
Windows system. 6.The biometric system will replace all passwords for authentication into each user Windows system.The biometric system will replace all passwords for authentication into each user? Windows system.

ESince you are aware of the significance of the password problems, you plan to address the problem using technology. You write up a plan for Orange that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a token-based authentication system.
2.You will install the RSA SecurID time-based token system. 3.You will create SecurID user records for each user to match their domain accounts. 4.You will assign each user record a unique token. 5.You will hand deliver the tokens to the correct executive. 6.Users will be allowed to create their own PIN, which will be 4 characters long.
7.The tokens will replace all passwords for authentication into each user Windows system.

Show Answer

Correct Answer: E

Question No. 4

For the past month, the employees in the executive building have been getting adjusted to their new authentication systems. There was a large spike in help desk calls the first week, which has gone down daily, and now there are fewer login related calls than there was when the office used passwords alone. During your weekly meeting with Blue, the authentication subject is discussed, "So far, the system is working well. Our call volume has dropped, and it seems that most people are getting used to the tokens. There is one issue, however." "Really, what's that?" you ask. "It seems that the senior executives are not that keen on carrying the new tokens around with them. They are asking for a way to authenticate without carrying anything, but still have it be secure." "All right, do we have a budget?" "Yes, however there are not that many senior executives, so the cost isn the primary issue; although we do want to keep the costs down as much as possible." "So, what limitations do I have?" "Well you need to be sure it easy to use, is unintrusive, won't require too much training, won't be all that expensive, and provides for strong authentication." Blue tells you. Based on this information, choose the best solution to the authentication problem for the senior executives on the fourth floor.}

AYou talk to several of the senior executives on the fourth floor and determine that many of these people are interested in a biometric solution, and that many of them have an interest in voice authentication. They like the fact that they may be able to simply speak to the computer and be authenticated. Since they like this technology, you decide this is what you will implement. You configure each machine with the Anovea software for voice authentication, and configure a microphone at each workstation. You then walk the executive through the process of enrollment, and have each person test his or her system. With the software installed, the microphone installed, and with the voice authentication testing and functional, you uninstall the token software and retrieve their tokens. You verify that everything works, and you move on to the next person system.

BYou talk to some of the senior executives on the fourth floor and determine that many of these people are interested in a biometric solution, and that many of them have aninterest in retinal authentication. They like the fact that they may be able to simply look at the computer and be authenticated. Since they like this technology, you decide this is what you will implement. You configure each machine with the Panasonic Authenticam and authentication software. You then walk the executive through the process of enrollment, and have each person test his or her system. With the software installed, the retinal scanner installed, and with the retinal authentication testing and functional, you uninstall the token software and retrieve their tokens. You verify that everything works, and you move on to the next person system.

CYou talk to two of the senior executives on the fourth floor and determine that these people are interested in a biometric solution, and that they have an interest in retinal authentication. They like the fact that they may be able to simply look at the computer and be authenticated.Since they like this technology, you decide this is what you will implement. You configure each machine with the Panasonic Authenticam and authentication software. You then walk the executive through the process of enrollment, and have each person test his or her system. With the software installed, the retinal scanner installed, and with the retinal authentication testing and functional, you uninstall the token software and retrieve their tokens. You verify that everything works, and you move on to the next person system.

DYou talk to three of the senior executives on the fourth floor and determine that they disliked the tokens therefore you will install a new authentication system. The people you talked to didn say they would have problems with smart cards, so you decide tonew authentication system. The people you talked to didn? say they would have problemswith smart cards, so you decide to implement a smart card solution. You configure each machine with a smart card reader and driver. You then create a local account for each user, and make that account use smart cards. You then assign a smart card to the account and load the user credentials on the card. You then walk the executive through the process of using the smart card, and have each person test his or her system. With the software installed, the reader installed, and with the smart card authentication testing and functional, you uninstall the token software and retrieve their tokens. You verify that everything works, and you move on to the next person system.

EYou talk to several of the senior executives on the fourth floor and determine that many of these people are interested in a biometric solution, and that many of them have an interest in fingerprint authentication. They like the fact that they may be able to simply touch something by the computer and be authenticated. You begin the configuration by installing a BioLink USB mouse, driver, and authentication software. You walk each person through the process of enrollment, and how to best use thescanner, and have each person test his or her system. With the software installed, the mouse and driver installed, and with the fingerprint authentication testing and functional, you uninstall the token software and retrieve their tokens. You verify that everything works, and you move on to the next person's system.

Show Answer

Correct Answer: E

Question No. 5

Now that you have MegaCorp somewhat under control, you are getting ready to go home for the night. You have made good progress on the network recently, and things seem to be going smoothly. On your way out, you stop by the CEO office and say good night. You are told that you will be meeting in the morning, so try to get in a few minutes early. The next morning, you get to the office 20 minutes earlier than normal, and the CEO stops by your office, "Thanks for coming in a bit early. No problem really, I just wanted to discuss with you a current need we have with the network." "OK, go right ahead." You know the network pretty well by now, and are ready forwhatever is thrown your way. "We are hiring 5 new salespeople, and they will all be working from home or on the road. I want to be sure that the network stays safe, and that they can get access no matter where they are." "Not a problem," you reply. "Il get the plan for this done right away." "Thanks a lot, if you have any questions for me, just let me know." You are relieved that there was not a major problem and do some background work for integrating the new remote users. After talking with the CEO more, you find out that the users will be working from there home nearly all the time, with very little access from on the road locations. The remote users are all using Windows 2000 Professional, and will be part of the domain. The CEO has purchased all the remote users brand new Compaq laptops, just like the one used in the CEO's office, and which the CEO takes home each night; complete with DVD\CD-burner drives, built-in WNICs, 17" LCD widescreen displays, oversized hard drives, a gig of memory, and fast processing. wish I was on the road to get one of those, you think. You start planning and decide that you will implement a new VPN Server next to the Web and FTP Server. You are going to assign the remote users IP Addresses:

10.10.60.100~10.10.60.105, and will configure the systems to run Windows 2000 Professional. Based on this information, and your knowledge of the MegaCorp network up to this point, choose the best solution for the secure remote user needs:}

AYou begin with configuring the VPN server, which is running Windows 2000 Server. You create five new accounts on that system, granting each of them the Allow Virtual Private Connections right in Active Directory Users and Computers. You then configure the range of IP Addresses to provide to the clients as:
10.10.60.100 through 10.10.60.105. Next, you configure five IPSec Tunnel endpoints on the server, each to use L2TP as the protocol. Then, you configure the clients. On each system, you configure a shortcut on the desktop to use to connect to the VPN. The shortcut is configured to create an L2TP IPSec tunnel to the VPN server. The connection its lf is configured to exchange keys with the user ISP to create a tunnel between the user ISP endpoint and the MegaCorp VPN Server.

BTo start the project, you first work on the laptops you have been given. On each laptop, you configure the system to make a single Internet connection to the user's ISP. Next, you configure a shortcut on the desktop for the VPN connection. You design the connection to use L2TP, with port filtering on outbound UDP 500 and UDP 1701. When a user double-clicks the desktop icon you have it configured to make an automatic tunnel to the VPN server. On the VPN server, you configure the system to use L2TP with port filtering on inbound UDP 500 and UDP 1701. You create a static pool of assigned IP Address reservations for the five remote clients. You configure automatic redirection on the VPN server in the routing and remote access MMC, so once the client has connected to the VPN server, he or she will automatically be redirection to the inside network, with all resources available in his or her Network Neighborhood.

CYou decide to start the configuration on the VPN clients. You create a shortcut on the desktop to connect to the VPN Server. Your design is such that the user will simply double-click the shortcut and the client will make the VPN connection to the server, using PPTP. You do not configure any filters on the VPN client systems. On the VPN Server, you first configure routing and remote access for the new accounts and allow them to have Dial-In access. You then configure a static IP Address pool for the five remote users. Next, you configure the remote access policy to grant remote access, and you implement the following PPTP filtering:
Inbound Protocol 47 (GRE) allowed Inbound TCP source port 0, destination port 1723 allowed Inbound TCP source port 520, destination port 520 allowed Outbound Protocol 47 (GRE) allowed Outbound TCP source port 1723, destination port 0 allowed Outbound TCP source port 520, destination port 520 allowed

DYou configure the VPN clients first, by installing the VPN High Encryption Service Pack. With this installed, you configure the clients to use RSA, with 1024-bit keys. You configure a shortcut on the desktop that automatically uses the private\public key pair to communicate with the VPN Server, regardless of where the user is locally connected.On the VPN Server, you also install the VPN High Encryption Service Pack, and configure 1024-bit RSA encryption. You create five new user accounts, and grant them all remote access rights, using Active Directory Sites and Services. You configure the VPN service to send the server's public key to the remote users upon the request to configure the tunnel. Once the request is made, the VPN server will build the tunnel, from the server side, to the client.

EYou choose to configure the VPN server first, by installing the VPN High Encryption Service Pack and the HISECVPN.INF built-in security template through the Security Configuration and Analysis Snap-In. Once the Service pack and template are installed, you configure five user accounts and a static pool of IP Addresses for each account.You then configure the PPTP service on the VPN server, without using inbound or outbound filters due to the protection of the Service Pack. You grant each user the right to dial into the server remotely, and move on to the laptops. On each laptop, you install the VPN High Encryption Service Pack, to bring the security level of the laptops up to the same level as the VPN server. You then configure a shortcut on each desktop that controls the direct transport VPN connection from the client to the server.

Show Answer

Correct Answer: C

Free SCP SC0-502 Exam Actual Questions

The questions for SC0-502 were last updated On Feb 19, 2025