Question No. 1

Now that you have a fully functioning CA hierarchy in each location, and that the trusted network is well underway, you are called in to meet with Blue. Blue comes into the room, and you talk to one another for a while. It seems that now with the CA hierarchy in place, you need to plan the certificate rollout for the individual users and computers in the network. Since this is the executive building, Blue places higher security requirements here than on the otherbuildings. Certificates need to be issued to all the entities, computers and users, in the network.Blue has decided that for all senior level management, the process for certificate issuance should be even more secure than the rest of the deployment. Based on this information, and you understanding of the GlobalCorp environment, choose the best solution to assigning certificates to the computers and users of the trusted network in the Executive building:}

AYou meet with the other administrators of the executive building and let them know what you are working on, and how they can help. You will first assign certificates to the computers in the network, followed by assigning certificates to the users in the network. For this task, you divide the other administrators into four teams, one per floor of the building. Each team will be responsible for the assigning of certificates to the computers and users on the corresponding floor. To make the process faster, you have decided to install a new CA for each floor. The team leader on each floor will install and configure the CA, and you will oversee the process. With the new CAs installed, one administrator from each team goes to each desk on the floor and makes a request for a certificate for thecomputer using Internet Explorer. Once themachine certificate is installed, the administrator has each user log on to their machine and the administrator walks the userthrough the process of connecting to the CA_SERVER\certsrv on their floor to request a user certificate. To ensure the security of the senior level management, you lead the team on the fourth floor. You install thenew CA yourself, and oversee the configuration of the certificates for every machine and user on the floor.

BYou meet with the other administrators of the executive building and let them know what you are working on, and how they canhelp. You will first assign certificates to the computers in the network. To make the process easier, you have decided to configure the network so that the computers will request certificates automatically. In order to do this you perform the following steps:
1.You open Active Directory Users and Computers 2.You use Group Policy to edit the domain policy that is controlling the executive building. 3.You expand Computer Configuration to Public Key Policies, and you click the Automatic Certificate request option. 4.In the template list, you select computer, and define CA as the location to send the request. 5.You restart the computers that you can, and wait for the policy to refresh on the systems you cannot restart. Once you finishing setting up the computers to be assigned certificates, you shift your focus to all the users in the executive building. In order to have each user obtain a certificate you issue a memo (the actual memo goes into extreme detail on each step, even listing common questions and answers) to all users that instructs them to perform the following steps:
1.Log on to your computer as your normal user account1.Log on to your computer as your normal user account
2.Open Internet Explorer, and to connect to the CA_SERVER\certsrv.
3.Select the option to Request A Certificate, and to choose a User Certificate Request type, then submit the request.
4.When the certificate is issued, click the Install This Certificate hyperlink on screen. Finally, you address the senior level management. For these people, you want the security to be higher, so you select a stronger algorithm for their certificates. With all the other certificates, you used the default key strength and algorithms. However, the senior level management needs higher security. Therefore, you personally walk each person through the process of requesting a certificate; only you ensure that they select 1024-bit AES as their encryption algorithm.

CYou meet with the other administrators of the executive building and let them know what you are working on, and how they can help. You will first assign certificates to the computers in the network. To make the process easier, you have decided to configure the network so that the computers will =request certificates automatically. In order to do this you perform the following steps:
1.You open Active Directory Users and Computers
2.You use Group Policy to edit the domain policy that is controlling the executive building.
3.You expand Computer Configuration to Public Key Policies, and you click the Automatic Certificate request option.
4.In the template list, you select computer, and define CA as the location to send the request.
5.You restart the computers that you can, and wait for the policy to refresh on the systems you cannot restart. Once you finishing setting up the computers to be assigned certificates, you shift your focus to all the users in the executive building. In order to have each user obtain a certificate you issue a memo (the actual memo goes into extreme detail on each step, even listing common questions and answers) to all users that instructs them to perform the following steps:
1.Log on to your computer as your normal user account
2.Open Internet Explorer, and to connect to the CA_SERVER\certsrv.
3.Select the option to Request A Certificate, and to choose a User Certificate Request type, then submit the request.
4.When the certificate is issued, click the Install This Certificate hyperlink on screen. Finally, you address the senior level management. For these people, you want the security to be higher, so you select a different certificate scheme. By using a different scheme, you ensure that there will be no possibility of other people in the building gaining access to the senior level managementaccounts. For these accounts you utilize licensed PGPdigital certificates thatcan be used for both authentication and secure email. You personally show each manager how to create and usetheir key ring, providing for very secure communication.

DYou meet with the other administrators of the executive building and let them know what you are working on, and how they can help. You will first assign certificates to the computers in the network. To make the process easier, you have decided to configure the network so that the computers will request certificates automatically. In order to do this you perform the following steps:
1.You open Active Directory Users and Computers
2.You use Group Policy to edit the domain policy that is controlling the executive building.
3.You expand Computer Configuration to Public Key Policies, and you click the Automatic Certificate request option.
4.In the template list, you select computer, and define CA as the location to send the request.
5.You restart the computers that you can, and wait for the policy to refresh on the systems you cannot restart. Once you finishing setting up the computers to be assigned certificates, you shift your focus to the users, except for the senior management, in the executive building. In order to have each user obtain a certificate you issue a memo (the actual memo goes into extreme detail on each step, even listing common questions and answers) to all users that instructs them toperform the following steps:
1.Log on to your computer as your normal user account 2.Open Internet Explorer, and to connect to the CA_SERVER\certsrv. 3.Select the option to Request A Certificate, and to choose a User Certificate Request type, then submit the request.
4.When the certificate is issued, click the Install This Certificate hyperlink on screen. Finally, you address the senior level management in the building. For these people, you personally go into their office and walk through the steps with each person.
1.The user logs on to the computer with their normal user account 2.You open the MMC and add the personal certificates snap-in 3.You right-click certificates and Request A New Certificate 4.The user fills in the requested information, and you verify this information. 5.You put the certificate request onto a USB drive, and take the request back to the CA. 6.You put the USB drive into the CA, manually process the request, and put the issued certificate onto the USB drive. 7.You bring the USB drive back to each person, and manually import their new certificate

EYou meet with the other administrators of the executive building and let them know what you are workingon, and how they can help. You will first assign certificates to the computers in the network. To make the process easier, you have decided to configure the network so that the computers will request certificates automatically. In order to do thisyou perform the following steps:
1.You open Active Directory Users and Computers 2.You use Group Policy to edit the domain policy that is controlling the executive building. 3.You expand Computer Configuration to Public Key Policies, and you click the Automatic Certificate request option. 4.In the template list, you select computer, and define CA as the location to send the request. 5.You restart the computers that you can, and wait for the policy to refresh on the systems you cannot restart. Once you finishing setting up the computers to be assigned certificates, you shift your focus to all the users in the executive building. In order to have each user obtain a certificate you issue a memo (the actual memo goes into extreme detail on each step, even listing common questions and answers) to all users that instructs them to perform the following steps:
1.Log on to your computer as your normal user account
2.Open Internet Explorer, and to connect to the CA_SERVER\certsrv.
3.Select the option to Request A Certificate, and to choose a User Certificate Request type, then submit the request.
4.When the certificate is issued, click the Install This Certificate hyperlink on screen.

Show Answer

Correct Answer: D

Question No. 2

Now that you have a fully functioning CA hierarchy in each location, and that the trusted network is well underway, you are called in to meet with Orange. Orange comes into the room, and you talk to one another for a while. It seems that now with the CA hierarchy in place, you need to plan the certificate rollout for the individual users and computers in the network. Since this is the executive building, Orange places higher security requirements here than on the other buildings. Certificates need to be issued to all the entities, computers and users, in the network. Orange has decided that for all senior level management, the process for certificate issuance should be even more secure than the rest of the deployment. Based on this information, and you understanding of the GlobalCorp environment, choose the best solution to assigning certificates to the computers and users of the trusted network in the Executive building:}

AYou meet with the other administrators of the executive building and let them know what you are working on, and how they can help. You will first assign certificates to the computers in the network, followed by assigning certificates to the users in the network. For this task, you divide the other administrators into four teams, one per floor of the building. Each team will be responsible for the assigning of certificates to the computers and users on the corresponding floor. To make the process faster, you have decided to install a new CA for each floor. The team leader on each floor will install and configure the CA, and you will oversee the process. With the new CAs installed, one administrator from each team goes to each desk on the floor and makes a request for a certificate for the computer using Internet Explorer. Once the machine certificate is installed, the administrator has each user log on to their machine and the administrator walks the user through the process of connecting to the CA_SERVER\certsrv on their floor to request a user certificate. To ensure the security of the senior level management, you lead the team on the fourth floor. You install the new CA yourself, and oversee the configuration of the certificates for every machine and user on the floor.

BYou meet with the other administrators of the executive building and let them know what you are working on, and how they can help. You will first assign certificates to the computers in the network. To make the process easier, you have decided to configure the network so that the computers will request certificates automatically. In order to do this you perform the following steps:
1.You open Active Directory Users and Computers
2.You use Group Policy to edit the domain policy that is controlling the executive building.
3.You expand Computer Configuration to Public Key Policies, and you click the Automatic Certificate request option.
4.In the template list, you select computer, and define CA as the location to send the request.
5.You restart the computers that you can, and wait for the policy to refresh on the systems you cannot restart. Once you finishing setting up the computers to be assigned certificates, you shift your focus to all the users in the executive building. In order to have each user obtain a certificate you issue a memo (the actual memo goes into extreme detail on each step, even listing common questions and answers) to all users that instructs them to perform the following steps: 1.Log on to your computer as your normal user account 2.Open Internet Explorer, and to connect to the CA_SERVER\certsrv. 3.Select the option to Request A Certificate, and to choose a User Certificate Request type, then submit the request. 4.When the certificate is issued, click the Install This Certificate hyperlink on screen. Finally, you address the senior level management. For these people, you want the security to be higher, so you select a stronger algorithm for their certificates. With all the other certificates, you used the default key strength and algorithms. However, the senior level management needs higher security. Therefore, you personally walk each person through the process of requesting a certificate; only you ensure that they select 1024-bit AES as their encryption algorithm.

CYou meet with the other administrators of the executive building and let them know what you are working on, and how they can help. You will first assign certificates to the computers in the network. To make the process easier, you have decided to configure the network so that the computers will request certificates automatically. In order to do this you perform the following steps:
1.You open Active Directory Users and Computers
2.You use Group Policy to edit the domain policy that is controlling the executive building.
3.You expand Computer Configuration to Public Key Policies, and you click the Automatic Certificate request option.
4.In the template list, you select computer, and define CA as the location to send the request.
5.You restart the computers that you can, and wait for the policy to refresh on the systems you cannot restart. Once you finishing setting up the computers to be assigned certificates, you shift your focus to the users, except for the senior management, in the executive building. In order to have each user obtain a certificate you issue a memo (the actual memo goes into extreme detail on each step, even listing common questions and answers) to all users that instructs them to perform the following steps:
1.Log on to your computer as your normal user account
2.Open Internet Explorer, and to connect to the CA_SERVER\certsrv.
3.Select the option to Request A Certificate, and to choose a User Certificate Request type, then submit the request.
4.When the certificate is issued, click the Install This Certificate hyperlink on screen.
Finally, you address the senior level management in the building. For these people, you personally go into their office and walk through the steps with each person.
1.The user logs on to the computer with their normal user account
2.You open the MMC and add the personal certificates snap-in
3.You right-click certificates and Request A New Certificate
4.The user fills in the requested information, and you verify this information.
5.You put the certificate request onto a USB drive, and take the request back to the CA.
6.You put the USB drive into the CA, manually process the request, and put the issued certificate onto the USB drive.
7.You bring the USB drive back to each person, and manually import their new certificate

DYou meet with the other administrators of the executive building and let them know what you are working on, and how they can help. You will first assign certificates to the computers in the network. To make the process easier, you have decided to configure the network so that the computers will request certificates automatically. In order to do this you perform the following steps:
1.You open Active Directory Users and Computers
2.You use Group Policy to edit the domain policy that is controlling the executive building.
3.You expand Computer Configuration to Public Key Policies, and you click the Automatic Certificate request option.
4.In the template list, you select computer, and define CA as the location to send the request.
5.You restart the computers that you can, and wait for the policy to refresh on the systems you cannot restart. Once you finishing setting up the computers to be assigned certificates, you shift your focus to all the users in the executive building. In order to have each user obtain a certificate you issue a memo (the actual memo goes into extreme detail on each step, even listing common questions and answers) to all users that instructs them to perform the following steps: 1.Log on to your computer as your normal user account 2.Open Internet Explorer, and to connect to the CA_SERVER\certsrv. 3.Select the option to Request A Certificate, and to choose a User Certificate Request type, then submit the request. 4.When the certificate is issued, click the Install This Certificate hyperlink on screen. Finally, you address the senior level management. For these people, you want the security to be higher, so you select a different certificate scheme. By using a different scheme, you ensure that there will be no possibility of other people in the building gaining access to the senior level management accounts. For these accounts you utilize licensed PGP digital certificates that can be used for both authentication and secure email. You personally show each manager how to create and use their key ring, providing for very secure communication.

EYou meet with the other administrators of the executive building and let them know what you are working on, and how they can help. You will first assign certificates to the computers in the network. To make the process easier, you have decided to configure the network so that the computers will request certificates automatically. In order to do this you perform the following steps:
1.You open Active Directory Users and Computers
2.You use Group Policy to edit the domain policy that is controlling the executive building.
3.You expand Computer Configuration to Public Key Policies, and you click the Automatic Certificate request option.
4.In the template list, you select computer, and define CA as the location to send the request.
5.You restart the computers that you can, and wait for the policy to refresh on the systems you cannot restart. Once you finishing setting up the computers to be assigned certificates, you shift your focus to all the users in the executive building. In order to have each user obtain a certificate you issue a memo (the actual memo goes into extreme detail on each step, even listing common questions and answers) to all users that instructs them to perform the following steps:
1.Log on to your computer as your normal user account
2.Open Internet Explorer, and to connect to the CA_SERVER\certsrv.
3.Select the option to Request A Certificate, and to choose a User Certificate Request type, then submit the request. 4.When the certificate is issued, click the Install This Certificate hyperlink on screen.

Show Answer

Correct Answer: C

Question No. 3

The network has been receiving quite a lot of inbound traffic, and although you have been given instructions to keep the network open, you want to know what is going on. You havedecided to implement an Intrusion Detection System. You bring this up at the next meeting. "After looking at our current network security, and the network traffic we are dealing with, I recommend that we implement an Intrusion Detection System," you begin. "We don't have any more budget for security equipment, it will have to wait until next year." This is the reply from the CEO that you were anticipating. "I realize that the budget is tight, but this is an important part of setting up security." You continue, "If Icannot properly identify all the network traffic, and have a system in place to respond to it, we might not know about an incident until after our information is found for sale on the open market."As expected, your last comment got the group thinking. What about false alarms?" asks the VP of sales, "I hear those things are always goingoff, and just endup wasting everyone" time.""Tha's a fair concern, but it is my concern. When we mplement the system, I will fine tune it and adjust t until the alarms it generates are ppropriate, and are generated when there is egitimately something to be concerned about.We are concerned with traffic that would indicate anattack; only then will the ystem send me an alert." or a few minutes there was talk back and forth in the room, and hen the CEO responds again to your nquiry, "I agree that this type of thing could be helpful. But, we simply don have any morebudget for it. Since it is a good idea, go aheadand find a way to implement this, but don't spend any oney on it."With this nformation, and your knowledge of MegaCorp, choose the answer that will provide the bestsolution for the IDS needs of MegaCorp:}

AYou install Snort on a dedicated machine just outside the router. The machine is designed to send alerts toyou when appropriate. You implement the following rule set: Alert udp any any -> 10.10.0.0\16 (msg: 'O\S Fingerprint Detected'; flags: S12;)Alert tcp any any -> 10.10.0.0\16 (msg: 'Syn\Fin Scan Detected'; flags: SF;)Alert tcp any any -> 10.10.0.0\16 (msg: 'Null Scan Detected'; flags: 0;) og tcp any any -> 10.10.0.0\16 any You then install Snort on the web and ftp server, also with this system designed to send ou alerts whenappropriate. You implement the built-in scan.rules ruleset on the server.

BYou configure a new dedicated machine just outside the router and install Snort on thatmachine. Themachine logs all intrusions locally, and you will connect to the machine remotelyonce each morning to pull the log files to your local machine for analysis. ou run snort with the following command: Snort ev \snort\log snort.conf and using the following ule base: lert tcp any any <> any 80 lert tcp any any <> 10.10.0.0\16 any (content: 'Password'; msg:'Password transfer Possible';) Log tcp any any <- 10.10.0.0\16 23 Log tcp any any <> 10.10.0.0\16 1:1024

CYou install your IDS on a dedicated machine just inside the router. The machine is designed to send alerts o you when appropriate. You begin the install by performing a new install of indows on a clean hard drive. ou install ISS Internet Scanner and ISS System Scanner on the new system. System canner is configured todo full backdoor testing, full baseline testing, and full password testing.Internet Scanner is configured with a custom policy you made to scan for all vulnerabilities. You configure both canners to generate automatic weekly reports and to send you alerts whenan incident of note takes place on the network.

DYou install Snort on a dedicated machine just inside the router. The machine is designed to send alerts to ou when appropriate. You do have some concern that the system will have toomany rules to operate efficiently. To address this, you decide to pull the critical rules out of the built-in rule ets, and create one simple rule set that is short and will cover all of the seriousincidents that the network might experience. alert udp any 19 <>
$HOME_NET 7 (msg:'DOS UDP Bomb'; classtype:attempted-dos;sid:271; rev:1;) lert udp $EXTERNAL_NET any
-> $HOME_NET any (msg:'DOS Teardrop attack';id:242; fragbits:M;classtype:attempted-dos; sid:270;
rev:1;)alert icmp
$EXTERNAL_NET any -> $HOME_NET any (msg:'DDOS TFN Probe'; id: 678; itype: 8;
content:'1234';classtype:attempted-recon; sid:221; rev:1;) lert icmp XTERNAL_NET any ->
$HOME_NET any (msg:'ICMP PING NMAP'; size:;itype:8;classtype:attempted econ; sid:469;
rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET any msg:'SCAN
XMAS';flags:SRAFPU; lasstype:attempted-recon; sid:625; rev:1;) lert tcp HOME_NET 31337
> $EXTERNAL_NET 80 (msg:'SCAN synscan microsoft'; id: 9426; flags: F;
lasstype:attempted-recon; sid:633; rev:1;)

EYou install two computers to run your IDS. One will be a dedicated machine that is on the outside of therouter, and the second will be on the inside of the router. You configure themachine on the outside of the router to run Snort, and you combine the default rules of several of the built-inrule sets. You combine the ddos.rules, dos.rules, exploit.rules, icmp.rules, nd scan.rules. n the system that is inside the router, running Snort, you also combine several of thebuilt-in rule sets. You combine thes can.rules,webcgi.rules,ftp.rules, web-misc.rules, andweb-iis.rules.You configure the alerts on the two systems to send youemail messages when events are identified. After youimplement he two systems, you run some external scans and tests using vulner ability checkers and exploit testing software. You modify your rules based on your tests.

Show Answer

Correct Answer: E

Question No. 4

You go back through your notes to the day that you recommended that the company get a firewall in place. Purple had been convinced that the ISP protected the network, and that a firewall was too much technology on top of the router. Now that you have been given this responsibility, and since you have configured the router already, you wish to get the firewall in place as quickly as possible. You meet quickly with the CEO and mention that the network currently has no firewall, a serious problem. You inform the CEO that this must be fixed immediately, and that you have several firewall options. For this one instance, the CEO tells you to build the best solution; the decision is not oing to be based on direct cost. ased on your knowledge of and the information you have from MegaCorp, elect the best solution to the rganization firewall problem:} A. You decide to take advantage of the features of Microsoft ISA Server and Checkpoint NG. You implement wo firewalls, each with two network cards. From one Ethernet nterface of the outer, you connect to a Checkpoint firewall, and from the other Ethernet interface on the router, you connect to Microsoft ISA firewall. he Checkpoint firewall is connected via one NIC to the router, and the other NIC is nnected to the Web and TP Server. The Microsoft ISA Server is connected via one NIC o he router nd the other NIC is connected to the LAN switch. ou perform the following steps and configurations to setup the firewalls:

1.First, you configure the IP Address on both network cards of both firewalls.

2.Second, you select the Floodgate-1, SMART Clients, and Policy Server as the only components to install and omplete the installation of Checkpoint.

3.Third, you configure the Checkpoint firewall so only Web and FTP traffic are allowed inbound.

4.Fourth, you select the Cache Mode option during the install of ISA Server and complete the installation of icrosoft ISA Server. 5.Fifth, you allow all outbound traffic through the ISA Server. 6.Sixth, you allow only inbound traffic through the ISA Server that is in response to outbound requests.

BAfter analysis, you decide to implement a firewall using Checkpoint NG. You begin by installing a new achine, with a fresh hard drive, and the loading of NG. The new irewall will have our NICs. You connect the two Ethernet interfaces on the routers to two f the firewall NICs. You connect one irewall NIC to the Web and FTP server and one firewall NIC to the LAN witch. ou perform the following steps and configurations to setup the firewall:
.First, you configure the IP Addresses on all four network cards of the heckpoint firewall. 2.Second, you select only the VPN-1 Firewall-1 components to install and complete the installation of heckpoint. 3.Third, you configure the only new inbound network traffic to be destined for the WWW and FTP services on he Web and FTP server 4.Fourth, you block all other incoming traffic. 5.Fifth, you create anti-spoofing rules to block inbound traffic that might be spoofed.
6.Sixth, you configure all traffic to be allowed in the outbound direction C. After you analyze the network, you have decided that you are going to implement a firewall using icrosoft ISA Server. The new firewall will have four NICs. You connect he wo Ethernet nterfaces on the routers to two of the firewall NICs. You connect one NIC to he Web and FTP server and one IC to the LAN switch. ou perform the following steps and configurations to setup the firewall:
1.First, you format a new hard drive and install a new copy of Windows 2000 Server. 2.Second, you configure the correct IP Addresses on the four network cards. 3.Third, you install ISA Server into Firewall only mode, and complete the installation. 4.Fourth, you configure all inbound traffic to require the SYN flag to be set, all other inbound network traffic is enied 5.Fifth, you configure the network card towards the Web and FTP server will only allow ports 80, 20, and 21. 6.Sixth, you configure all outbound traffic to be allowed.

DAfter you run an analysis on the network and the MegaCorp needs, you decide to implement a firewall sing Checkpoint NG. The firewall will have three NICs. One NIC is onnected to the uter, one NIC is connected to the Web and FTP server and one NIC is connected to the AN switch. ou perform the following steps and configurations to setup the firewall:
1.First, you install a new version of Checkpoint NG, selecting the VPN-1 and Firewall-1 components, and omplete the installation. 2.Second, you configure the inbound rules to allow only SYN packets that are destined for ports 80, 20, and 21 n the Web and FTP server. 3.Third, you disallow all inbound traffic for he internal network, unless it is in response to an outbound equest. 4.Fourth, you configure anti-spoofing rules on the inbound interface and log those connections to a log server.

EAfter you analyze the company, you decide to implement a firewall using Microsoft ISA Server. You create DMZ with the Web and FTP server on the network segment etween the router nd the new firewall. The firewall will have two NICs, one connected to the router, and one connected to the LAN switch. ou perform the following steps and configurations to setup the firewall:
First, you install a new version of ISA Server, installed in Firewall mode.
2.Second, you configure the inbound network card to disallow all network traffic that did not originate from nside the network or from the Web and FTP Server. 3.Third, you configure anti-spoofing rules to prevent spoofing attacks. 4.Fourth, you configure all outbound traffic to be allowed. 5.Fifth, you configure inbound traffic with the SYN flag on to be allowed, and to be logged to a SYSLOG erver inside the network.

Show Answer

Correct Answer: D

Question No. 5

You go back through your notes to the day that you recommended that the company get a firewall in place. Red had been convinced that the ISP protected the network, and that a firewall was too much technology on top of the router. Now that you have been given this responsibility, and since you have configured the router already, you wish to get the firewall in place as quickly as possible. You meet quickly with the CEO and mention that the network currently has no firewall, a serious problem. You inform the CEO that this must be fixed immediately, and that you have several firewall options. For this one instance, the CEO tells you to build the best solution; the decision is not going to be based on direct cost. Based on your knowledge of and the information you have from MegaCorp, select the best solution to th organization firewall problem:}

AYou decide to take advantage of the features of Microsoft ISA Server and Checkpoint NG. You implement two firewalls, each with two network cards. From one Ethernet interface of the router, you connect to a Checkpoint firewall, and from the other Ethernet interface on the router, you connect to a Microsoft ISA firewall.The Checkpoint firewall is connected via one NIC to the router, and the other NIC is connected to the Web and FTP Server. The Microsoft ISA Server is connected via one NIC to the router and the other NIC is connected to the LAN switch. You perform the following steps and configurations to setup the firewalls:
1.First, you configure the IP Address on both network cards of both firewalls.
1, SMART Clients, and Policy Server as the only components to install and complete the installation of Checkpoint.
2.Second, you select the Floodgate-
3.Third, you configure the Checkpoint firewall so only Web and FTP traffic are allowed inbound.
4.Fourth, you select the Cache Mode option during the install of ISA Server and complete the installation of Microsoft ISA Server.
5.Fifth, you allow all outbound traffic through the ISA Server.
6.Sixth, you allow only inbound traffic through the ISA Server that is in response to outbound requests.

BAfter analysis, you decide to implement a firewall using Checkpoint NG. You begin by installing a new machine, with a fresh hard drive, and the loading of NG. The new firewall will have four NICs. You connect the two Ethernet interfaces on the routers to two of the firewall NICs. You connect one firewall NIC to the Web and FTP server and one firewall NIC to the LAN switch. You perform the following steps and configurations to setup the firewall:
1.First, you configure the IP Addresses on all four network cards of the Checkpoint firewall.
2.Second, you select only the VPN-1 Firewall-1 components to install and complete the installation of Checkpoint.
3.Third, you configure the only new inbound network traffic to be destined for the WWW and FTP services on the Web and FTP server 4.Fourth, you block all other incoming traffic. 5.Fifth, you create anti-spoofing rules to block inbound traffic that might be spoofed. 6.Sixth, you configure all traffic to be allowed in the outbound direction

CAfter you analyze the network, you have decided that you are going to implement a firewall using Microsoft ISA Server. The new firewall will have four NICs. You connect the two Ethernet interfaces on the routers to two of the firewall NICs. You connect one NIC to the Web and FTP server and one NIC to the LAN switch.You perform the following steps and configurations to setup the firewall:
1.First, you format a new hard drive and install a new copy of Windows 2000 Server. 2.Second, you configure the correct IP Addresses on the four network cards. 3.Third, you install ISA Server into Firewall only mode, and complete the installation. 4.Fourth, you configure all inbound traffic to require the SYN flag to be set, all other inbound network traffic is denied 5.Fifth, you configure the network card towards the Web and FTP server will only allow ports 80, 20, and 21. 6.Sixth, you configure all outbound traffic to be allowed.

DAfter you analyze the company, you decide to implement a firewall using Microsoft ISA Server. You create a DMZ with the Web and FTP server on the network segment between the router and the new firewall. The firewall will have two NICs, one connected to the router, and one connected to the LAN switch You perform the following steps and configurations to setup the firewall:
1.First, you install a new version of ISA Server, installed in Firewall mode.
2.Second, you configure the inbound network card to disallow all network traffic that did not originate from inside the network or from the Web and FTP Server.
3.Third, you configure anti-spoofing rules to prevent spoofing attacks.
4.Fourth, you configure all outbound traffic to be allowed.
5.Fifth, you configure inbound traffic with the SYN flag on to be allowed, and to be logged to a SYSLOG server inside the network.

EAfter you run an analysis on the network and the MegaCorp needs, you decide to implement a firewall using Checkpoint NG. The firewall will have three NICs. One NIC is connected to the router, one NIC is connected to the Web and FTP server and one NIC is connected to the LAN switch. You perform the following steps and configurations to setup the firewall:
1.First, you install a new version of Checkpoint NG, selecting the VPN-1 and Firewall-1 components, and complete the installation. 2.Second, you configure the inbound rules to allow only SYN packets that are destined for ports 80, 20, and 21 on the Web and FTP server.
3.Third, you disallow all inbound traffic for the internal network, unless it is in response to an outbound request. 4.Fourth, you configure anti-spoofing rules on the inbound interface and log those connections to a log server.

Show Answer

Correct Answer: E

Free SCP SC0-502 Exam Actual Questions

The questions for SC0-502 were last updated On Nov 16, 2024