Name: Security Certified Program
Brand: ValidExamDumps
SKU: SC0-502
Price: 20 USD
Availability: InStock
Rating: 4.8 (370 reviews)

Free SCP SC0-502 Exam Actual Questions

The questions for SC0-502 were last updated On Apr 1, 2025

At ValidExamDumps, we consistently monitor updates to the SCP SC0-502 exam questions by SCP. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the SCP Security Certified Program exam on their first attempt without needing additional materials or study guides.

Other certification materials providers often include outdated or removed questions by SCP in their SCP SC0-502 exam. These outdated questions lead to customers failing their SCP Security Certified Program exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the SCP SC0-502 exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.

Question No. 1

By now, you are feeling confident that the security of the MegaCorp network is getting under control. You are aware that there are still several critical areas that you must deal with, and today you are addressing one of those areas. You have been able to take care of the router, firewall, security policy, and intrusion detection, now you are concerned with some of the hosts in the network. Since the organization is not very large, you are the only person working in the IT end of the company. It will be up to you to directly work on the systems throughout the network. You make a quick chart of the systems you know should be in the MegaCorp network:

Server0001, 10.10.20.101, Windows 2000 Server Server0010, 10.10.20.102, Windows 2000 Server Server0011, 10.10.20.103, Windows 2000 Server Server0100, 10.10.20.104, Linux (Red Hat 8.0) User systems, 10.10.100.100~10.10.100.200, Windows 2000 Professional The addressing that you recommended months ago is in place, and it follows a distinct logical pattern, you are hoping that no new systems are hidden in the network somewhere. In the company, you have been granted domain administrator rights, and no other user is authorized to have administrator, root, supervisor, or otherwise privileged level of access. All the Windows systems are to belong to one windows domain called SCNA.edu. Users are no longer allowed to install unauthorized applications, and are all to use the file servers for storage. Although they have the ability to do so, users are not supposed to store any work data on their local systems. The servers are located in a server cabinet that is inside your office, so you decide to start working there. Using your knowledge of MegaCorp select the best solution for hardening the MegaCorp operating systems:}

AThe first thing you do is to run a Nessus scan against all the servers in the room, noting the findings of the scans. You then begin on the servers by running some tests on the Linux server. First, you run Tripwire on the entire system to ensure that there are no rogue Root accounts, and the test is positive. Second, you ensure that there are no unauthorized objects available through the network, and third you lock the system down with Bastille. You then work on the Windows servers. You run a check to ensure thereare no unauthorized administrator accounts, and there are not. You create a custom security template and implement the template on each server using the Security Configuration and Analysis Snap-In, and you ensure that each system is updated with the latest patches.Finally, you analyze the user's desktops. You go one by one through the network checking for added user accounts, and you find some. You remove these unauthorized accounts and check for software and applications. Again, you find some applications that are not allowed and you remove them. You check the systems for hardware changes, and address the issues that you find.

BYou start the job by running some analysis on the Windows servers. You do this using the Security
Configuration and Analysis Snap-In, and you ensure that each system is updated with the latest patches. You find several user accounts that have been given local administrator access, and you remove these accounts. You next use the Secedit tool to implement local encryption on the shared hard drive to secure the local files for the network users. You then work on the Linux server. To your surprise there are no unauthorized root accounts, nor any unauthorized shares. You ensure that the permissions are correct on the shared objects, and run Bastille to lock down the server. You then work on the client machines. Before you physically sit at each machine, you run a Nessus scan from your office. Bringing the results with you, you go to each machine and address any issues as identified in the Nessus scan, remove any unauthorized applications

CYou being by running a Nessus scan from your office laptop on the systems in the network, first the servers, then the user workstations. After the scans are complete, you store the reports on your laptop, and you take your laptop to the server room.In the server room, you begin on the Windows servers. You implement a custom security template on each server using the Security Configuration and Analysis Snap-In, remove any unauthorized accounts, ensure that each system is updated with the latest patches, and ensure that the permissions on each shared object are as per policy. You then work on the Linux server, by addressing each point identified in the Nessus scan. You then lock the system with Bastille, ensure that each system is updated with the latest patches, and run a quick Tripwire scan to create a baseline for the system. You take your laptop with you as you go throughout the network to each user workstation, ensure that each system is updated with the latest patches, and you take care of each issue you found on the machines. There are a few systems that you find with unauthorized applications and you remove those applications.

DThe first thing you decide to do is plug your laptop into the server room, and run a full Nessus scan on the entire network, specifically looking for every backdoor vulnerability that the application can check. This takes some time to compile, but you eventually end up with a list of issues to address on each machine. You move on to the Linux server, and run a fast Tripwire check on the system to look for any additional vulnerabilities. Once that check is done, you install SSH so that all access by every user will be encrypted to the server, and you run Bastille to lock down the system.At the Windows systems, you address any issues found during the Nessus scan, you ensure that each system is updated with the latest patches, and you ensure that the systems are all functioning as fully secure and functional file servers to the network by implementing the HISECWEB.INF template in the Security Configuration and Analysis Snap-In. Finally, you work on each desktop machine by removing any vulnerabilities listed in the scan report. You remove a few pieces of unauthorized hardware and many unauthorized applications.

EYou begin by running a Nessus scan on each computer in the network, using the \hotfix switch to create a full report. The report identifies every vulnerability on each system and lists the specific changes you must make to each system to fix any found vulnerabilities. You take the report to the server room and start with the Linux server. On the server, you run through the steps as outlined in the Nessus report, and end by locking the system using Bastille. Then, you move to the Windows systems, again following the steps of the Nessus report, and ending by using the Security Configuration and Analysis Snap-In to implement the Gold Standard template on every server. Finally, you proceed to each user workstation. At each user machine, you follow each step for each system,based on your report. Once you have addressed all the vulnerabilities in the systems, you run a quick Secedit scan on each system to ensure that they are all locked down and that proper encryption is configured.

Show Answer

Correct Answer: C

Question No. 2

For three years you have worked with MegaCorp doing occasional network and security consulting. MegaCorp is a small business that provides real estate listings and data to realtors in several of the surrounding states. The company is open for business Monday through Friday from 9 am to 6 pm, closed all evenings and weekends. Your work there has largely consisted of advice and planning, and you have been frequently disappointed by the lack of execution and follow through from the full time staff. On Tuesday, you received a call from MegaCorp's HR director, "Hello, I'd like to inform you that Purple (the full time senior network administrator) is no longer with us, and we would like to know if you are interested in working with us full time." You currently have no other main clients, so you reply, "Sure, when do you need me to get going?" "Today," comes the fast and direct response. Too fast, you think. " What is the urgency, why can this wait until tomorrow?" "Red was let go, and he was not happy about it. We are worried that he might have done something to our network on the way out." "OK, let me get some things ready, and Il be over there shortly." You knew this would be messy when you came in, but you did have some advantage in that you already knew the network. You had recommended many changes in the past, none of which would be implemented by Purple. While pulling together your laptop and other tools, you grab your notes which have an overview of the network:

MegaCorp network notes:

Single Internet access point, T1, connected to MegaCorp Cisco router. Router has E1 to a private web and ftp server and E0 to the LAN switch. LAN switch has four servers, four printers, and 100 client machines. All the machines are running Windows 2000. Currently, they are having their primary web site and email hosted by an ISP in Illinois. When you get to MegaCorp, the HR Director and the CEO, both of whom you already know, greet you. The CEO informs you that Purple was let go due to difficult personality conflicts, among other reasons, and the termination was not cordial. You are to sign the proper employment papers, and get right on the job. You are given the rest of the day to get setup and running, but the company is quite concerned about the security of their network. Rightly so, you think, if these guys had implemented even half of my recommendations this would sure be easier.You get your equipment setup in your new oversized office space, and get started. For the time you are working here, your IP Address is 10.10.50.23 with a mask of \16. One of your first tasks is to examine the router configuration. You console into the router, issue a show running-config command, and get the following output:

MegaOne#show running-config Building configuration Current configuration:

! version 12.1 service udp-small-servers service tcp-small-servers ! hostname MegaOne ! enable secret 5 $1$7BSK3$H394yewhJ45JAFEWU73747. enable password clever ! no ip name-server no ip domain-lookup ip routing ! interface Ethernet0 no shutdown ip address 2.3.57.50 255.255.255.0 no ip directed broadcast ! interface Ethernet1 no shutdown ip 10.10.40.101 255.255.0.0 no ip directed-broadcast ! interface Serial0 no shutdown ip 1.20.30.23 255.255.255.0 no ip directed-broadcast clockrate 1024000 bandwidth 1024 encapsulation hdlc ! ip route 0.0.0.0 0.0.0.0 1.20.30.45 ! line console 0 exec-timeout 0 0 transport input all line vty 0 4 password remote login ! End After analysis of the network, you recommend that the router have a new configuration. Your goal is to make the router become part of your layered defense, and to be a system configured to help secure the network. You talk to the CEO to get an idea of what the goals of the router should be in the new configuration. All your conversations are to go through the CEO; this is whom you also are to report to. "OK, I suggest that the employees be strictly restricted to only the services that they must access on the Internet." You begin. "I can understand that, but we have always had an open policy. I like the employees to feel comfortable, and not feel like we are watching over them all the time. Please leave the connection open so they can get to whatever they need to get to. We can always reevaluate this in an ongoing basis." "OK, if you insist, but for the record I am opposed to that policy." "Noted," responds the CEO, somewhat bluntly. "All right, let see, the private web and ftp server have to be accessed by the Internet, restricted to the accounts on the server. We will continue to use the Illinois ISP to host our main web site and to host our email. What else, is there anything else that needs to be accessed from the Internet?" "No, I think that's it. We have a pretty simple network, we do everything in house." "All right, we need to get a plan in place as well right away for a security policy. Can we set something up for tomorrow?" you ask. "Let me see, Il get back to you later." With that the CEO leaves and you get to work. Based on the information you have from MegaCorp; knowing that the router must be an integral part of the security of the organization, select the best solution to the organization's router problem:}

AYou backup the current router config to a temp location on your laptop. Sunday night, you come in to build the new router configuration. Using your knowledge of the network, and your conversation with the CEO, you build and implement the following router configuration:
MegaOne#configure terminal MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21 MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255 MegaOne(config)#interface Ethernet 0 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#no cdp enable MegaOne(config)#interface Ethernet 1 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#no cdp enable MegaOne(config-if)#^Z MegaOne#

BYou backup the current router config to a temp location on your laptop. Early Monday morning, you come in to build the new router configuration. Using your knowledge of the network, and your conversation with the CEO, you build and implement the following router configuration:
MegaOne#configure terminal MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21 MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255 MegaOne(config)#interface Serial 0 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#no cdp enable MegaOne(config-if)#no ip directed broadcast MegaOne(config-if)#no ip unreachables MegaOne(config-if)#^Z MegaOne#

CAs soon as the office closes Friday, you get to work on the new router configuration. Using your knowledge of the network, and your conversation with the CEO, you build and implement the following router configuration:
MegaOne#configure terminal MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21 MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255 MegaOne(config)#interface Ethernet 0 MegaOne(config-if)#ip access-group 175 in MegaOne(config)#interface Ethernet 1 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#^Z MegaOne#

DWith the office closed, you decide to build the new router configuration on Saturday. Using your knowledge of the network, and your conversation with the CEO, you build and implement the following router configuration:
MegaOne#configure terminal MegaOne(config)#no cdp run MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21 MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 deny ip 0.0.0.0 255.255.255.255 any MegaOne(config)#access-list 175 deny ip 10.0.0.0 0.255.255.255 any MegaOne(config)#access-list 175 deny ip 127.0.0.0 0.255.255.255 any MegaOne(config)#access-list 175 deny ip 172.16.0.0 0.0.255.255 any MegaOne(config)#access-list 175 deny ip 192.168.0.0 0.0.255.255 any MegaOne(config)#no ip source-route MegaOne(config)#no ip finger MegaOne(config)#interface serial 0 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#no ip directed broadcast MegaOne(config-if)#no ip unreachables MegaOne(config-if)#^Z MegaOne#

EYou backup the current router config to a temp location on your laptop. Friday night, you come in to build the new router configuration. Using your knowledge of the network, and your conversation with the CEO, you build and implement the following router configuration:
MegaOne#configure terminal MegaOne(config)#no cdp run MegaOne(config)#no ip source-route MegaOne(config)#no ip finger MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21 MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established MegaOne(config)#access-list 175 deny ip 0.0.0.0 255.255.255.255 any MegaOne(config)#access-list 175 deny ip 10.0.0.0 0.255.255.255 any MegaOne(config)#access-list 175 deny ip 127.0.0.0 0.255.255.255 any MegaOne(config)#access-list 175 deny ip 172.16.0.0 0.0.255.255 any MegaOne(config)#access-list 175 deny ip 192.168.0.0 0.0.255.255 any MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255 MegaOne(config)#interface serial 0 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#no ip directed broadcast MegaOne(config-if)#no ip unreachables MegaOne(config-
if)#^Z MegaOne#

Show Answer

Correct Answer: E

Question No. 3

You go back through your notes to the day that you recommended that the company get a firewall in place. Purple had been convinced that the ISP protected the network, and that a firewall was too much technology on top of the router. Now that you have been given this responsibility, and since you have configured the router already, you wish to get the firewall in place as quickly as possible. You meet quickly with the CEO and mention that the network currently has no firewall, a serious problem. You inform the CEO that this must be fixed immediately, and that you have several firewall options. For this one instance, the CEO tells you to build the best solution; the decision is not oing to be based on direct cost. ased on your knowledge of and the information you have from MegaCorp, elect the best solution to the rganization firewall problem:} A. You decide to take advantage of the features of Microsoft ISA Server and Checkpoint NG. You implement wo firewalls, each with two network cards. From one Ethernet nterface of the outer, you connect to a Checkpoint firewall, and from the other Ethernet interface on the router, you connect to Microsoft ISA firewall. he Checkpoint firewall is connected via one NIC to the router, and the other NIC is nnected to the Web and TP Server. The Microsoft ISA Server is connected via one NIC o he router nd the other NIC is connected to the LAN switch. ou perform the following steps and configurations to setup the firewalls:

1.First, you configure the IP Address on both network cards of both firewalls.

2.Second, you select the Floodgate-1, SMART Clients, and Policy Server as the only components to install and omplete the installation of Checkpoint.

3.Third, you configure the Checkpoint firewall so only Web and FTP traffic are allowed inbound.

4.Fourth, you select the Cache Mode option during the install of ISA Server and complete the installation of icrosoft ISA Server. 5.Fifth, you allow all outbound traffic through the ISA Server. 6.Sixth, you allow only inbound traffic through the ISA Server that is in response to outbound requests.

BAfter analysis, you decide to implement a firewall using Checkpoint NG. You begin by installing a new achine, with a fresh hard drive, and the loading of NG. The new irewall will have our NICs. You connect the two Ethernet interfaces on the routers to two f the firewall NICs. You connect one irewall NIC to the Web and FTP server and one firewall NIC to the LAN witch. ou perform the following steps and configurations to setup the firewall:
.First, you configure the IP Addresses on all four network cards of the heckpoint firewall. 2.Second, you select only the VPN-1 Firewall-1 components to install and complete the installation of heckpoint. 3.Third, you configure the only new inbound network traffic to be destined for the WWW and FTP services on he Web and FTP server 4.Fourth, you block all other incoming traffic. 5.Fifth, you create anti-spoofing rules to block inbound traffic that might be spoofed.
6.Sixth, you configure all traffic to be allowed in the outbound direction C. After you analyze the network, you have decided that you are going to implement a firewall using icrosoft ISA Server. The new firewall will have four NICs. You connect he wo Ethernet nterfaces on the routers to two of the firewall NICs. You connect one NIC to he Web and FTP server and one IC to the LAN switch. ou perform the following steps and configurations to setup the firewall:
1.First, you format a new hard drive and install a new copy of Windows 2000 Server. 2.Second, you configure the correct IP Addresses on the four network cards. 3.Third, you install ISA Server into Firewall only mode, and complete the installation. 4.Fourth, you configure all inbound traffic to require the SYN flag to be set, all other inbound network traffic is enied 5.Fifth, you configure the network card towards the Web and FTP server will only allow ports 80, 20, and 21. 6.Sixth, you configure all outbound traffic to be allowed.

DAfter you run an analysis on the network and the MegaCorp needs, you decide to implement a firewall sing Checkpoint NG. The firewall will have three NICs. One NIC is onnected to the uter, one NIC is connected to the Web and FTP server and one NIC is connected to the AN switch. ou perform the following steps and configurations to setup the firewall:
1.First, you install a new version of Checkpoint NG, selecting the VPN-1 and Firewall-1 components, and omplete the installation. 2.Second, you configure the inbound rules to allow only SYN packets that are destined for ports 80, 20, and 21 n the Web and FTP server. 3.Third, you disallow all inbound traffic for he internal network, unless it is in response to an outbound equest. 4.Fourth, you configure anti-spoofing rules on the inbound interface and log those connections to a log server.

EAfter you analyze the company, you decide to implement a firewall using Microsoft ISA Server. You create DMZ with the Web and FTP server on the network segment etween the router nd the new firewall. The firewall will have two NICs, one connected to the router, and one connected to the LAN switch. ou perform the following steps and configurations to setup the firewall:
First, you install a new version of ISA Server, installed in Firewall mode.
2.Second, you configure the inbound network card to disallow all network traffic that did not originate from nside the network or from the Web and FTP Server. 3.Third, you configure anti-spoofing rules to prevent spoofing attacks. 4.Fourth, you configure all outbound traffic to be allowed. 5.Fifth, you configure inbound traffic with the SYN flag on to be allowed, and to be logged to a SYSLOG erver inside the network.

Show Answer

Correct Answer: D

Question No. 4

The network has been receiving quite a lot of inbound traffic, and although you have been given instructions to keep the network open, you want to know what is going on. You have decided to implement an Intrusion Detection System. You bring this up at the next meeting. "After looking at our current network security, and the network traffic we are dealing with, I recommend that we implement an Intrusion Detection System," you begin. "We don't have any more budget for security equipment, it will have to wait until next year." This is the reply from the CEO that you were anticipating. "I realize that the budget is tight, but this is an important part of setting up security." You continue, "If I cannot properly identify all the network traffic, and have a system in place to respond to it, we might not know about an incident until after our information is found for sale on the open market." As expected, your last comment got the group thinking. What about false alarms?" asks the VP of sales, "I hear those things are always going off, and just end up wasting everyone time." "That's a fair concern, but it is my concern. When we implement the system, I will fine tune it and adjust it until the alarms it generates are appropriate, and are generated when there is legitimately something to be concerned about. We are concerned with traffic that would indicate an attack; only then will the system send me an alert." For a few minutes there was talk back and forth in the room, and then the CEO responds again to your inquiry, "I agree that this type of thing could be helpful. But, we simply don't have any ore budget for it. Since it is a good idea, go ahead nd find a way to implement this, but don't spend ny money on it." ith this information, and your knowledge of MegaCorp, choose the answer that will provide the best olution for the IDS needs of MegaCorp:}

AYou install Snort on a dedicated machine just outside the router. The machine is designed to send alerts to ou when appropriate. You implement the following rule set:
Alert udp any any -> 10.10.0.0\16 (msg: 'O\S Fingerprint Detected'; flags: S12;) Alert tcp any any -> 10.10.0.0\16 (msg: 'Syn\Fin Scan Detected'; flags: SF;) Alert tcp any any -> 10.10.0.0\16 (msg: 'Null Scan Detected'; flags: 0;) Log tcp any any -> 10.10.0.0\16 any You then install Snort on the web and ftp server, also with this system designed to send you alerts when ppropriate. You implement the built-in scan.rules ruleset on the server.

BYou configure a new dedicated machine just outside the router and install Snort on that machine. The achine logs all intrusions locally, and you will connect to the machine emotely ce each morning to pull the log files to your local machine for analysis. ou run snort with the following command: Snort ev \snort\log snort.conf and using the following rule base: Alert tcp any any <> any 80 Alert tcp any any <> 10.10.0.0\16 any (content: 'Password'; msg:'Password transfer Possible';) Log tcp any any <- 10.10.0.0\16 23 Log tcp any any <> 10.10.0.0\16 1:1024

CYou install your IDS on a dedicated machine just inside the router. The machine is designed to send alerts o you when appropriate. You begin the install by performing a ew install of indows on a clean hard drive. ou install ISS Internet Scanner and ISS System Scanner on the new system. System Scanner is configured to o full backdoor testing, full baseline testing, and full password testing. nternet Scanner is configured with a custom policy you made to scan for all vulnerabilities. You configure both canners to enerate automatic weekly reports and to send you alerts when n incident of note takes lace on the network. .

DYou install two computers to run your IDS. One will be a dedicated machine that is on the outside of the outer, and the second will be on the inside of the outer. You configure the achine on the outside of the router to run Snort, and you combine the default rules of several of the built-in ule sets. You combine the ddos.rules, os.rules, exploit.rules, icmp.rules, nd scan.rules. n the system that is inside the router, running Snort, you also combine several of the uilt-in rule sets. You ombine the scan.rules, web-cgi.rules, ftp.rules, web-misc.rules, and eb-iis.rules. ou configure the alerts on the two systems to send you email messages when events are dentified. After you mplement the two systems, you run some external scans and tests using vulnerability checkers and exploit testing software. You modify your rules based on your tests.

EYou install Snort on a dedicated machine just inside the router. The machine is designed to send alerts to you when appropriate. You do have some concern that the system will have too many rules to operate efficiently. To address this, you decide to pull the critical rules out of the built-in rule sets, and create one simple rule set that is short and will cover all of the serious incidents that the network might experience. alert udp any 19 <> $HOME_NET 7 (msg:'DOS UDP Bomb'; classtype:attempted-dos; sid:271; rev:1;) alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:'DOS Teardrop attack'; id:242; fragbits:M; classtype:attempted-dos; sid:270; rev:1;) alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:'DDOS TFN Probe'; id: 678; itype:8; content: '1234'; classtype:attempted-recon; sid:221; rev:1;) alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:'ICMP PING NMAP'; dsize: 0; itype: 8; classtype:attempted-recon; sid:469; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:'SCAN XMAS';flags:SRAFPU; classtype:attempted-recon; sid:625; rev:1;) alert tcp $HOME_NET 31337 -> $EXTERNAL_NET 80 (msg:'SCAN synscan microsoft'; id: 39426; flags: SF; classtype:attempted-recon; sid:633; rev:1;)

Show Answer

Correct Answer: D

Question No. 5

You have now seen to it that all end users and computers in the Testbed office have received their certificates. The administrative staff has been trained on their use and function in the network. The following day, you meet with Blue to discuss the progress."So far so good," starts Blue, "all the users have their certificates, all the computers havetheir certificates. I think we are moving forward at a solid pace. We have talked about the ways we will use our certificates, and we need to move towards securing our network traffic." "I agree," you reply, "last week I ran a scheduled scan, and we stillhave vulnerability in our network traffic. The folks from MassiveCorp would love to have a sniffer running in here, I sure of that." "That's exactly the point. We need a system in place that will ensure that our network traffic is not so vulnerable to sniffing. We have"to get some protection for our packets. I'd like you to design the system and then we can review it together." The meeting ends a few minutes later, and you are back in your office working on the design. Choose the best solution for protecting the network traffic in the executive office of the Testbed campus:}

AAfter further analysis on the situation, you decide that you will need to block traffic in a more complete way at the border firewalls. You have decided that by implementing stricter border control, you will be able to manage the security risk of the packets that enter and leave the network better. You implement a new firewall at each border crossing point. You will configure half of the firewalls with Checkpoint FW-1 NG and the other half with Microsoft ISA. By using two different firewalls, you are confident that you will be minimizing any mass vulnerability. At each firewall you implement a new digital certificate for server authentication, and you configure the firewall to require every user to authenticate all user connections. You block all unauthorized traffic and run remote test scans to ensure that no information is leaking through. Once the test scans are complete, you verify that all users are required to authenticate with the new firewall before their traffic is allowed to pass, and everything works as you planned.

BYou spend time analyzing the network and decide that the best solution is to take advantage of VPN
technology. You will create one VPN endpoint in each building. Your plan is to create a unique tunnel between each building. You first install a new Microsoft machine, and configure it to perform the functions of Routing and Remote Access. You then create a tunnel endpoint, and configure each machine to use L2TP to create the tunnel. To increase security, you will implement full 256-bit encryption oneach tunnel, and you will use 3DES on one half of the tunnels and AES on the other half of the tunnels. You will be surethat each tunnel uses the same algorithm on bothends, but by using two algorithms you are sure that you haveincreased the security ofthe network in a significant way.

CYou decide that you will implement an IPSec solution, using the built-in functionality of Windows. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP. First, you configure each server in the network with a new IPSec policy. You choose to implement the default Server IPSec Policy. Using this policy you are sure that all communication both to and from the server will utilize IPSec. You reboot the servers that you can and use secedit to force the others to refresh their policy. Next, with the help of the administrative staff, you will configure each client in thenetwork. For the clients, you use the default Client IPSec Policy. You reboot the client machines that you can and use secedit to force the others to refresh their policy.

DYou decide that you will implement an IPSec solution, using custom IPSec settings. You wish to utilize the digital certificates that are available in the network. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP. First, you configure a custom policy for the servers in the network. You verify that noneof the default policies are currently implemented, and you create a new policy. Your new policy will use SHA for AH and SHA+3DES for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the servers that you can and use secedit to force the others to refresh their policy. Next, with the help of the administrative staff, you will configure each client in the network. For the clients, you verify that no default policy is enabled, and you create a policy that uses SHA for AH and SHA+3DES for ESP. You make sure that the policy is to include all IP traffic, and forAuthentication Method, you use the certificate that is assigned to each server. You reboot the client machines that you can and use secedit to force the others to refresh their policy.

EYou decide that you will implement an IPSec solution, using custom IPSec settings. You wish to utilize the digital certificates that are available in the network. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP. First, you configure a custom policy for the servers in thenetwork. To increase strength, you will implement your custom policy on top of the default Server IPSec Policy. You verify that the policy is running, and then you create a new policy. Your new policy will use SHA+3DES for AH and SHAfor ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the servers that you can and use secedit to force the others to refresh the two policies.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients you also need the highest in security, so you will use a custom policy on the default policy. You verify that the default Client IPSec policy is enabled, and then you create a policy that uses SHA+3DES for AH and SHA for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the client machines that you can and use secedit to force the others to refresh the two policies.

Show Answer

Correct Answer: D