SCP Security Certified Program SC0-502 SCP Exam Practice Test

Page: 1 / 14
Total 28 questions

Want more questions? Get Premium Access.
()

Question 1

The MegaCorp network has been running smoothly for some time now. You are growing confident that you have taken care of all the critical needs, and that the network is moving towards a new state of maturity in the current configuration. You head out of the office on Friday at noon, since you have put in lots of long hours over the lat month. On Monday, you are driving into the office, and you happen to look at the speed limit sign that is on the road right next to MegaCorp. On the sign, in black paint, you see the following symbol:

Compaq )( 128 Not good, you think, someone has been wardriving your office complex. That better not be in my office. The office building that MegaCorp is in has many other offices and companies, MegaCorp is not the only tenant. When you get inside, you check all your primary systems, router, firewall, and servers, looking for quick and fast signs of trouble. There does not seem to be any trouble so far. You check through your Snort logs, and so far so good. You are starting to think that whatever the war drivers found, it was not part of MegaCorp. You know that the MegaCorp policy does not allow for wireless devices, and you have neither installed nor approved any wireless for the network. Since it is still early (you get in at 7:30 on Mondays), you do not have anyone to talk to about adding any wireless devices. Select the solution that will allow you to find any unauthorized wireless devices in the network in the least amount of time, and with the least disruption to the office and employees.}

ASince the company has a clear policy against the use of wireless devices, and since you know each employee you are fairly confident that the device in question is not inside the MegaCorp office. You schedule from 8:00 to 8:30 to do a visual walkthrough of the facilities. At 8:00, you grab your notebook, which has a network map and other reference notes, and you begin your walkthrough. You walk into every office, except for the CEO office, which is locked, and access is not granted. You spend several minutes in each office, and you spend some time in the open area where the majority of the employees work. You do not see any wireless access points, and you do not see any wireless antennas sticking up anywhere. It takes you more than the half an hour you allocated. By 9:00, the office has filled up, and most people are getting their workweek started. You see the CEO walking in, and motion that you have a question. You say, 'I am doing a quick walkthrough of the office, there might be a wireless device in here, and I know they are not allowed, so I am checking to see if I can find it.' 'As far as I know, there are no wireless devices in the network. We don't allow it, and I know that no one has asked me to put in wireless.' 'That what I thought. I sure we don't have any running here.' You reply. You are confident the wireless problem is in another office.

BYou decide to spend a full hour and a half from 8:00 to 9:30 going over your logs and data. Until then, you wrap up some early email and pull the log files together to review. It takes some time to gather all the log files that you can find, but you are able to get everything you need. You get the log form the Router, the Firewall, the IDS, the internal servers, and the web and ftp server. For the next 90 minutes you do nothing other than study the logs looking for unusual traffic, or anything that would be a trigger to you that there has been an intruder in the network. First, you spend time on the router logs. On the routers you see a series of the following events:
%SYS-5-CONFIG_I:
Configured from console by vty1 (10.10.50.23) This is an event youconsider, and dismiss as not from an attacker. You then analyze the firewall, and again there you find that there are no logs indicating an intruder is present. All the IP traffic is from authorized IP Addresses. The IDS logs yield similar results. Only authorized traffic from hosts that have legitimate IP Addresses from the inside of the network. Analyzing the server's logs brings you to the same conclusion. All four severs show that the only access has been from the authorized hosts in the network, that no foreign IP Addresses have even attempted a connection into the private servers. The web\ftp server that has a public IP Address has had some failed attempts, but these are all in the realm of what you expect, nothing there stands out to you as well After your hour and half, you feel that you have gone through all the logs, and that there is no evidence that there has been any unauthorized access into any of your network resources, and you conclude that the wireless device is not in your office.

CYou take your laptop, which has a built-in wireless network card, and you enable it. You had not enabled the card before, as you know that wireless is not used in this network. You do a quick install of NetStumbler and watch on screen to see what might come up sitting in your office. A few seconds after the WNIC is initialized and NetStumbler is running, you see the following line in NetStumbler:
MAC:
46EAB5FD7C43, SSID:
Dell, Channel:
11, Type:
Peer, Beacon:
100. You expand channel 11 on the left side of NetStumbler, and see that MAC 46EAB5FD7C43 is bolded. You are surprised to find that there is a wireless device running in the network, and now you are off to see if you can locate the physical device. You take your laptop and head out of your office. You get about 20 feet away from the office when you are stopped by the HR director, who needs help with a laser printer. You also stop to chat about your findings with the CEO, who has just come in to the office. You put your laptop back in your office, to check later in the day. Although you did not isolate the physical location of the device, you are confident that you have indeed found a rogue device. As soon as you locate the device, you will make a report for the CEO, and see to it that the device is removed immediately.

DYou take your laptop, initialize your WNIC, plug in your external antenna, and enable NetStumbler. You are glad that you keep all your gear nearby, even when you don normally use it. It is not yet 8:00, and you will be able to walk the office freely, looking for any rogue device. You turn on the laptop, and turn on your WNIC and NetStumbler. Right away, you see the following line:
MAC:
46EAB5FD7C43, SSID:
Dell, Channel:
11, Type:
Peer, Beacon:
100. You think that is what you were expecting, and you go on looking for the unauthorized device. You walk around the office for a while, and see no fluctuation in the numbers, and do not see any other devices on screen. By 8:30, most of the employees have come into the office. You meet the CEO, who is just coming into the office and give a short report on what you are doing. Everyone you meet has their lunches, work files, briefcases or laptop bags, and they get settled in like any other day. You get pulled into several conversations with your coworkers as they get started. At 9:10, you get back to your laptop and you look down at your screen to see what NetStumbler has to show. There are now two lines, versus the one that was there before:
MAC:
46EAB5FD7C4, SSID: Dell, Channel:
11, Type:
Peer, Beacon: 100. MAC:
000BCDA36ED, SSID:
Compaq, Channel: 9,
Type:
Peer, Beacon:
75. You close your laptop confident that you now know the exact location of the rogue device, which you have identified as a Compaq laptop, running in peer mode, and you go to address the device immediately.

EYou take your laptop, initialize your WNIC, plug in your external antenna, and enable NetStumbler. You are glad that you keep all your gear nearby, even when you don normally use it. You would have had a 40 minute round trip drive to go home and get your own wardriving equipment. By 8:30 you have found several wireless devices, but are not sure which, if any might be in your office. The output from NetStumbler shows the following:
MAC:46EAB5FD7C43, SSID:Dell, Channel:11, Type:Peer, Beacon:100 MAC:AB3B3E23AB45, SSID:Cisco, Channel:9, Type:AP, Beacon:85 MAC:000625513AAE, SSID:Compaq, Channel:7, Type:Peer, WEP, Beacon:67 MAC:000C4119420F, SSID:Private, Channel:11, Type:AP, Beacon:55 The one you are most interested in is the Compaq device, as although you know the war drivers might have just written it down, you want to look for Compaq devices first. The Compaqis also an AP, so your suspicion is high. You walk around the office, watchingforthe numbers in NetStumbler to adjust. As you walk towards the street, you note the strength of the Compaq device weakens, by the time you get near the windows the signal is very weak. So, you turn around and walk away from the street, and sure enough the signal gets stronger. You actually walk out the main office door into the building interior courtyard. Across the courtyard you find the signal stronger and stronger. After you walk around for some time, you are sure that you have isolated the signal as coming from an office inside the building and exactly opposite MegaCorp. The device is not in your office, and you will report this to the CEO. You will also ask the CEO if you should inform the neighbor that their network is possibly at risk due to their wireless network use.

Answer : D

Question 2

GlobalCorp is a company that makes state of the art aircraft for commercial and government use. Recently GlobalCorp has been working on the next generation of low orbit space vehicles, again for both commercial and governmental markets. GlobalCorp has corporate headquarters in Testbed, Nevada, USA. Testbed is a small town, with a population of less than 50,000 people. GlobalCorp is the largest company in town, where most families have at least one family member working there. The corporate office in Testbed has 4,000 total employees, on a 40-acre campus environment. The largest buildings are the manufacturing plants, which are right next to the Research and Development labs. The manufacturing plants employee approximately 1,000 people and the RD labs employ 500 people. There is one executive building, where approximately 500 people work. The rest of the employees work in Marketing, Accounting, Press and Investor Relations, and so on. The entire complex has a vast underground complex of tunnels that connect each building. All critical functions are run from the Testbed office, with remote offices around the world. The remote offices are involved in marketing and sales of GlobalCorp products. These offices also perform maintenance on the GlobalCorp aircraft and will occasionally perform RD and on-site manufacturing. There are 5 remote offices, located in:

New York, California, Japan, India, and England. Each of the remote offices has a dedicated T3 line to the GlobalCorp HQ, and all network traffic is routed through the Testbed office the remote offices do not have direct Internet connections. You had been working for two years in the New York office, and have been interviewing for the lead security architect position in Testbed. The lead security architect reports directly to the Chief Security Officer (CSO), who calls you to let you know that you got the job. You are to report to Testbed in one month, just in time for the annual meeting, and in the meantime you review the overview of the GlobalCorp network: Your first day in GlobalCorp Testbed, you get your office setup, move your things in place, and about the time you turn on your laptop, there is a knock on your door. It is Orange, the Chief Security Officer, who informs you that there is a meeting that you need to attend in a half an hour. With your laptop in hand, you come to the meeting, and are introduced to everyone. Orange begins the meeting with a discussion on the current state of security in GlobalCorp. "For several years now, we have constantly been spending more and more money on our network defense, and I feel confident that we are currently well defended." Orange, puts a picture on the wall projecting the image of the network, and then continues, "We have firewalls at each critical point, we have separate Internet access for our public systems, and all traffic is routed through our controlled access points. So, with all this, you might be wondering why I have concern." At this point a few people seem to nod in agreement. For years, GlobalCorp has been at the forefront of perimeter defense and security. Most in the meeting are not aware that there is much else that could be done. Blue continues, "Some of you know this, for the rest it is new news: MassiveCorp is moving their offices to the town right next to us here. Now, as you all know, MassiveCorp has been trying to build their orbital systems up to our standards for years and have never been able to do so. So, from a security point of view, I am concerned." This is news to most people, Yellow, the Vice President of Research asks, "We have the best in firewalls, we have the best in you and your systems, what are you suggesting?" The meeting continues for some time, with Orange leading the discussion on a whole new set of technologies currently not used in the network. After some time, it is agreed upon that GlobalCorp will migrate to a trusted networking environment. The following week, Orange informs you that you will be working directly together on the development of the planning and design of the trusted network. The network is going to run a full PKI, with all clients and servers in the network using digital certificates. You are grateful that in the past two years, Orange has had all the systems changed to be running only Windows 2000, both server and professional systems, running Active Directory. You think the consistent platform will make the PKI roll out easier. The entire GlobalCorp network is running Active Directory, with the domain structure as in the following list: Testbed.globalcorp.org Newyork.globalcorp.org California.globalcorp.org Japan.globalcorp.org India.globalcorp.org England.globalcorp.org Although you will be working in the Testbed office, the plan you develop will need to include the entire GlobalCorp organization. Based on this information, select the solution that describes the best plan for the new trusted network of GlobalCorp:}

AYou design the plan for two weeks, and then you present it to Orange. Your plan follows these critical steps:A.
1.Draft a Certification Practice Statement (CPS) to define what users will be allowed to do with their certificates, and a Certificate Policy (CP) to define the technology used to ensure the users are able to use their certificates as per the CPS.
2.Draft a CPF based on your own guidelines, including physical and technology controls. 3.Design the system to be a full hierarchy, with the Root CA located in the executive building. Every remote office will have a subordinate CA, and every other building on the campus in Testbed will have a subordinate CA.
4.Design the hierarchy with each remote office and building having it own enrollment CA.
5.Build a small test pilot program, to test the hierarchy, and integration with the existing network.
6.Implement the CA hierarchy in the executive office, and get all users acclimated to the system.
7.Implement the CA hierarchy in each other campus building in Testbed, and get all users acclimated to the system.
8.One at a time, implement the CA hierarchy in each remote office; again getting all users acclimated to the system.
9.Test the team in each location on proper use and understanding of the overall PKI and their portion of the trusted network.
10.Evaluate the rollout, test, and modify as needed to improve the overall security of the GlobalCorp trusted network.

BYou design the plan for two weeks, and then you present it to Orange. Your plan follows these critical
steps:
1.Draft a Certificate Policy (CP) document to define what users will be allowed to do with their certificates, and a Certification Practice Statement (CPS) document to define the technology used to ensure the users are able to use their certificates as per the CPS. 2.Draft a Certificate Practices Framework (CPF) document based on RFC 2527, including every primary component. 3.Design the system to be a full hierarchy, with the Root CA located in the executive building. Every remote office will have a subordinate CA, and every other building on the campus in Testbed will have a subordinate CA. 4.Design the hierarchy with each remote office and building having it own enrollment CA. 5.Build a small test pilot program, to test the hierarchy, and integration with the existing network. 6.Implement the CA hierarchy in the executive office, and get all users acclimated to the system. 7.Implement the CA hierarchy in each other campus building in Testbed, and get all users acclimated to the system. 8.One at a time, implement the CA hierarchy in each remote office; again getting all users acclimated to the system. 9.Test the team in each location on proper use and understanding of the overall PKI and their portion of the trusted network. 10.Evaluate the rollout, test, and modify as needed to improve the overall security of the GlobalCorp trusted network.

CYou design the plan for two weeks, and then you present it to Orange. Your plan follows these critical steps: 1.Draft a Certification Practice Statement (CPS) to define what users will be allowed to do with their certificates, and a Certificate Policy (CP) to define the technology used to ensure the users are able to use their certificates as per the CPS. 2.Draft a CPF based on your own guidelines, including physical and technology controls. 3.Design the system, outside of the executive office, to be a full hierarchy, with the Root CA for the hierarchy located in the executive building. Every remote office will have a subordinate CA, and every other building on the campus in Testbed will have a subordinate CA. 4.In the executive building, you design the system to be a mesh CA structure, with one CA per floor of the building. 5.Design the hierarchy with each remote office and building having it own enrollment CA. 6.Build a small test pilot program, to test the hierarchy, and integration with the existing network. 7.Implement the CA hierarchy in the executive office, and get all users acclimated to the system. 8.Implement the CA hierarchy in each other campus building in Testbed, and get all users acclimated to the system. 9.One at a time, implement the CA hierarchy in each remote office; again getting all users acclimated to the system. 10.Test the team in each location on proper use and understanding of the overall PKI and their portion of the trusted network. 11.Evaluate the rollout, test, and modify as needed to improve the overall security of the GlobalCorp trusted network.

DYou design the plan for two weeks, and then you present it to Orange. Your plan follows these critical steps: 1.Draft a Certificate Policy (CP) document to define what users will be allowed to do with their certificates, and a Certification Practice Statement (CPS) document to define the technology used to ensure the users are able to use their certificates as per the CPS.
2.Draft a Certificate Practices Framework (CPF) document based on RFC 2527, including every primary component.
3.Design the system to be a full mesh, with the Root CA located in the executive building.
4.Design the mesh with each remote office and building having it own Root CA.
5.Build a small test pilot program, to test the hierarchy, and integration with the existing network.
6.Implement the CA mesh in the executive office, and get all users acclimated to the system.
7.Implement the CA mesh in each other campus building in Testbed, and get all users acclimated to the system.
8.One at a time, implement the CA mesh in each remote office; again getting all users acclimated to the system.
9.Test the team in each location on proper use and understanding of the overall PKI and their portion of the trusted network.
10.Evaluate the rollout, test, and modify as needed to improve the overall security of the GlobalCorp trusted network.

EYou design the plan for two weeks, and then you present it to Orange. Your plan follows these critical
steps: 1.Draft a Certification Practice Statemnt (CPS) to define what users will be allowed to do with their certificates, and a Certificate Policy (CP) to define the technology used to ensure the users are able to use their certificates as per the CPS. 2.Draft a CPF based on your own guidelines, including physical and technology controls. 3.Design the system to be a full mesh, with the Root CA located in the executive building.
4.Design the mesh with each remote office and building having it own Root CA. 5.Build a small test pilot program, to test the hierarchy, and integration with the existing network. 6.Implement the CA mesh in the executive office, and get all users acclimated to the system. 7.Implement the CA mesh in each other campus building in Testbed, and get all users acclimated to the system. 8.One at a time, implement the CA mesh in each remote office; again getting all users acclimated to the system. 9.Test the team in each location on proper use and understanding of the overall PKI and their portion of the trusted network. 10.Evaluate the rollout, test, and modify as needed to improve the overall security of the GlobalCorp trusted network.

Answer : B

Question 3

You had been taking a short vacation, and when you come into work on Monday morning, Blue is already at your door, waiting to talk to you. "We're got a problem," Blue says, "It seems that the password used by our Vice President of Engineering has been compromised." Over the weekend, we found this account had logged into the network 25 times. The Vice President was not even in the office over the weekend." "Did we get thes ource of the compromise yet?" "No, but it won't surprise me if it is our new neighbors at MassiveCorp. I need to you to come up with a realistic plan and bring it to me tomorrow afternoon. This problem must be resolved, and like everything else we do not have unlimited funds so keep that inmind." Based on this information, choose the best solution to the password local authentication problem in the Executive building.}

ASince you are aware of the significance of the password problems, you plan to address the problem using technology. You write up a plan for Blue that includes the following points:
1.For all executives you
recommend no longer using passwords, and instead migrating to a token-based authentication system. 2.You will install the RSA SecurID time-based token system.
3.You will create SecurID user records for each user to match their domain accounts.
4.You will assign each user record a unique token.
5.You will hand deliver the tokens to the correct executive. 6.Users will be allowed to create their own PIN, which will be 4 characters long.
7.The tokens will replace all passwords for authentication into each user Windows system.

BSince you are aware of the significance of the password problems, and since you do not have unlimited funds, you plan to address this problem through education and through awareness. You write up a plan for Blue that includes the following points:
1.All end users are to be trained on the methods of making strong passwords
2.All end users are instructed that they are to change their password at a minimum of every 30 days.
3.The administrative staff is to run password-checking utilities on all passwords every 30 days.
4.All end users are to be trained on the importance of never disclosing their password to any other individual.
5.All end users are to be trained on the importance of never writing down their passwords where they are clearly visible.

CSince you are aware of the significance of the password problems, you plan to address the
problem using technology. You write up a plan for Blue that includes the following points:
1.You will
reconfigure the Testbed.globalcorp.org domain to control the password problem.
2.You will configure AD in this domain so that complex password policies are required.
3.The complex password policies will include:
a.Password length of at least 8 charactersa. b.Passwords must be alphanumericb. c.Passwords must meet Gold Standard of complexityc. d.Passwords must be changed every 30 daysd. e.Passwords cannot be reusede.

DSince you are aware of the significance of the password problems, you plan to address the problem using technology. You write up a plan for Blue that includes the following points:
1.For all executives you
recommend no longer using passwords, and instead migrating to a token-based authentication system. 2.You will install the RSA SecurID challenge-response token system.
3.You will create SecurID user records for each user to match their domain accounts.
4.You will assign each user record a unique token.
5.You will hand deliver the tokens to the correct executive. 6.Users will be required to use tokencodes from the One-Time tokencode list. The tokencodes
will be alphanumeric and will be
4 characters long.
7.The tokens will replace all passwords for authentication into each user Windows system.

ESince you are aware of the significance of the password problems, plan to address the problem using technology. You write up a plan for Blue that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a biometric solution.
2.You will install retinal scanners at every user desktop in the executive building.
3.You will personally enroll each user at each desktop.
4.You will instruct each user on the proper positioning and use of the scanner.
5.The biometric system will replace all passwords for authentication into each user Windows system.

Answer : A

Question 4

You finish the work you were doing in the morning, and head out to the monthly meeting. During this meeting, the Vice President of Strategic Partner Relations informs the group of some news, "we have decided that we need to implement a new web site that is for our strategic partners only. This site will be used for various purposes, but will primarily be used as a means of information exchange." "So, is this going to be a private site?" asks Blue. "Absolutely. We will not want any public users on this website. It's just for the people we identify in our Strategic Partner Program. I need those of you in security to be sure that this site is secure." "We can take care of that. How many people do you think will be accessing the site?" asks Blue. "Not too many, perhaps around fifty.""So, is it correct to assume that you know each of these fifty people?" "Yes, that is correct." "OK, well this should not be too hard. Wel get working on this right away." The meeting ends, and you and Blue chat more about the web site issue. "Well, we know that only around fifty people are going to access the, and we know who these fifty are. This should not cause too many problems," Blue says. "I agree. Do you think it will be all right to spend any money outside of the site itself?" you ask. "Since we are dealing with so few people, that shouldn be a problem. However, we cannot go overboard. Go ahead and write up a plan for this and get it back to me in a day or two." Based on your knowledge of Global Corp, choose the best solution to the web site security issue.}

AYou decide to use existing security technology of digital certificates and SSL to secure the site. You first install a new IIS server that will be the host of the web site. You then connect to the Globa lCorp CA for the executive building and request a new certificate for the web site. You then configure the web site to Require a Secure Channel (SSL) and install the certificate. One you install the new certificate, you connect from the new server to the CA in each office where one or more of the fifty people that require access works. At that CA, you install the CA certificate, so that the new server will trust the certificates that each CA issues. Next, you return to the configuration of the new web site. To make the site more secure, you require client certificates, and enable mappings for each user account. You call each user and ensure that they have a certificate from their own CA, which the new server now trusts. You walk them through the process of connecting to the site, and verify that secure access to them has been granted.

BYou decide that you will use digital certificates to secure the website. You will first install a new private CA that the remote users can connect to and request their certificates. This CA will be protected with a very strong password. Each user will be given a user account to access the CA, also protected with a strong password. Next, you install the new private web server. You then connect to the new CA and make a request for a certificate for the web site. Once you receive the certificate, you configure the web site to use the certificate to Require a Secure Channel (SSL). You then select the option to require client certificates, and you enable mapping for each user account. Finally, you will call each person and instruct them on the process of connecting to the CA and requesting their certificate, which you will instruct them to store on their local machine. Once they have their certificate, you have them test access to the site, and when successful you move on to the next person.

CYou decide to use digital certificates on smart cards to secure the web site. You will first install a new IIS web server to host the site. You then connect to the CA_SERVER and request a new certificate for the server. The server certificate will be used for authentication, and you have the certificate issued and stored on a portable USB drive. You then configure a machine to function as the enrollment machine for smart cards. You are going to manage the smart cards yourself. At the machine that you are going to use for the smart cards, you first configure the system with an enrollment agent certificate from the CA_SERVER, and then you install the driver for the smart card reader. Once the driver is installed, you make certificate requests for each of the fifty users. You start with the first user, by logging in to the CA and selecting the option to Request A Certificate For A Smart Card On Behalf Of Another User Using The Smart Card Enrollment Station radio button. You then select the Smartcard User template, and enter the user name. When prompted, you put a blank smart card in the reader and press the Enroll button, followed by entering the default PIN. You then test access to the site from a remote machine using the smart card and PIN to be authenticated to the site. Once the test is complete, you write a short howto file and send it along with the smart card, smart card reader, and driver to each of the fifty users. You follow up with each user upon receipt to walk them through the configuration. D. You decide to use strong authentication via biometrics, specifically fingerprint scanning to secure the web site. You will first install a new IIS web server to host the site. You then configure fifty user accounts for the remote users, and assign those accounts very strong passwords. You then ship one biometric mouse and software to each remote client. You call each user and walk them through the process of configuration of their equipment. First, you tell them to create a matching user account with the same user name and very strong password as you used on the IIS server. You then have them install the software, which you instruct them to configure so that the biometric will be linked to the user account. Once the software is installed, you instruct them to connect the mouse to their system and load the appropriate driver. With the driver installed, you tell them how to load the program and enroll their fingerprint. Once they have their fingerprint enrolled, and it is matched to their user account, you let them know that their side of the configuration is complete, and that you will call them shortly to finish the process. You return to the configuration of the IIS server. In the Security properties of the website, you select theAdvanced authentication tab. On the Advanced tab, you check the box for mapping user accounts to external biometric devices, and you check the box to allow the remote machine tocontrol the mapping. You finish the configuration by configuring the site to use 128 bit RSA to encrypt the data between the client and the server. With the server configuration done, you call the client back and have them log in using their biometric mouse. Once logged in, you instruct them to connect to the website and verify the secure site is running. E. You decide that you will use freely available PGP certificates to secure access to the website. You will first install a new IIS web server to hose the site. You then configure one user account, with a strong password. You map this account as the only account that has access to the website. You then log on locally, as this user account, to the server and create a public\private key pair. From that account you then send an outgoing email to all fifty users with the account private key. You finish the configuration of the website by making changes in the Security properties of the website. In the Security properties, you select the Advanced tab. On the Advanced tab, you check the box to map this account toa local digital certificate, and you select the new
certificate you just created. Next, you contact each remote user and instruct them to open the email from you. You have them store the key they receive in their personal certificate store. To verify the install is correct, you walk them through the process of viewing their certificates in the MMC. Once verified, you have the user connect to the website, and enter the location of their certificate when asked for authentication credentials.

Answer : C

Question 5

The network has been receiving quite a lot of inbound traffic, and although you have been given instructions to keep the network open, you want to know what is going on. You havedecided to implement an Intrusion Detection System. You bring this up at the next meeting. "After looking at our current network security, and the network traffic we are dealing with, I recommend that we implement an Intrusion Detection System," you begin. "We don't have any more budget for security equipment, it will have to wait until next year." This is the reply from the CEO that you were anticipating. "I realize that the budget is tight, but this is an important part of setting up security." You continue, "If Icannot properly identify all the network traffic, and have a system in place to respond to it, we might not know about an incident until after our information is found for sale on the open market."As expected, your last comment got the group thinking. What about false alarms?" asks the VP of sales, "I hear those things are always goingoff, and just endup wasting everyone" time.""Tha's a fair concern, but it is my concern. When we mplement the system, I will fine tune it and adjust t until the alarms it generates are ppropriate, and are generated when there is egitimately something to be concerned about.We are concerned with traffic that would indicate anattack; only then will the ystem send me an alert." or a few minutes there was talk back and forth in the room, and hen the CEO responds again to your nquiry, "I agree that this type of thing could be helpful. But, we simply don have any morebudget for it. Since it is a good idea, go aheadand find a way to implement this, but don't spend any oney on it."With this nformation, and your knowledge of MegaCorp, choose the answer that will provide the bestsolution for the IDS needs of MegaCorp:}

AYou install Snort on a dedicated machine just outside the router. The machine is designed to send alerts toyou when appropriate. You implement the following rule set: Alert udp any any -> 10.10.0.0\16 (msg: 'O\S Fingerprint Detected'; flags: S12;)Alert tcp any any -> 10.10.0.0\16 (msg: 'Syn\Fin Scan Detected'; flags: SF;)Alert tcp any any -> 10.10.0.0\16 (msg: 'Null Scan Detected'; flags: 0;) og tcp any any -> 10.10.0.0\16 any You then install Snort on the web and ftp server, also with this system designed to send ou alerts whenappropriate. You implement the built-in scan.rules ruleset on the server.

BYou configure a new dedicated machine just outside the router and install Snort on thatmachine. Themachine logs all intrusions locally, and you will connect to the machine remotelyonce each morning to pull the log files to your local machine for analysis. ou run snort with the following command: Snort ev \snort\log snort.conf and using the following ule base: lert tcp any any <> any 80 lert tcp any any <> 10.10.0.0\16 any (content: 'Password'; msg:'Password transfer Possible';) Log tcp any any <- 10.10.0.0\16 23 Log tcp any any <> 10.10.0.0\16 1:1024

CYou install your IDS on a dedicated machine just inside the router. The machine is designed to send alerts o you when appropriate. You begin the install by performing a new install of indows on a clean hard drive. ou install ISS Internet Scanner and ISS System Scanner on the new system. System canner is configured todo full backdoor testing, full baseline testing, and full password testing.Internet Scanner is configured with a custom policy you made to scan for all vulnerabilities. You configure both canners to generate automatic weekly reports and to send you alerts whenan incident of note takes place on the network.

DYou install Snort on a dedicated machine just inside the router. The machine is designed to send alerts to ou when appropriate. You do have some concern that the system will have toomany rules to operate efficiently. To address this, you decide to pull the critical rules out of the built-in rule ets, and create one simple rule set that is short and will cover all of the seriousincidents that the network might experience. alert udp any 19 <>
$HOME_NET 7 (msg:'DOS UDP Bomb'; classtype:attempted-dos;sid:271; rev:1;) lert udp $EXTERNAL_NET any
-> $HOME_NET any (msg:'DOS Teardrop attack';id:242; fragbits:M;classtype:attempted-dos; sid:270;
rev:1;)alert icmp
$EXTERNAL_NET any -> $HOME_NET any (msg:'DDOS TFN Probe'; id: 678; itype: 8;
content:'1234';classtype:attempted-recon; sid:221; rev:1;) lert icmp XTERNAL_NET any ->
$HOME_NET any (msg:'ICMP PING NMAP'; size:;itype:8;classtype:attempted econ; sid:469;
rev:1;)alert tcp $EXTERNAL_NET any -> $HOME_NET any msg:'SCAN
XMAS';flags:SRAFPU; lasstype:attempted-recon; sid:625; rev:1;) lert tcp HOME_NET 31337
> $EXTERNAL_NET 80 (msg:'SCAN synscan microsoft'; id: 9426; flags: F;
lasstype:attempted-recon; sid:633; rev:1;)

EYou install two computers to run your IDS. One will be a dedicated machine that is on the outside of therouter, and the second will be on the inside of the router. You configure themachine on the outside of the router to run Snort, and you combine the default rules of several of the built-inrule sets. You combine the ddos.rules, dos.rules, exploit.rules, icmp.rules, nd scan.rules. n the system that is inside the router, running Snort, you also combine several of thebuilt-in rule sets. You combine thes can.rules,webcgi.rules,ftp.rules, web-misc.rules, andweb-iis.rules.You configure the alerts on the two systems to send youemail messages when events are identified. After youimplement he two systems, you run some external scans and tests using vulner ability checkers and exploit testing software. You modify your rules based on your tests.

Answer : E

Question 6

GlobalCorp is a company that makes state of the art aircraft for commercial and government use. Recently GlobalCorp has been working on the next generation of low orbit space vehicles, again for both commercial and governmental markets. GlobalCorphas corporate headquarters in Testbed, Nevada, USA. Testbed is a small town, with a population of less than 50,000 people. GlobalCorp is the largest company in town, where most families have at least one family member working there. The corporate office in Testbed has 4,000 total employees, on a 40-acre campus environment. The largest buildings are the manufacturing plants, which are right next to the Research and Development labs. The manufacturing plants employee approximately 1,000 people and the RD labs employ 500 people. There is one executive building, where approximately 500 people work. The rest of the employees work in Marketing, Accounting, Press and Investor Relations, and so on. The entire complex has a vast underground complex of tunnels that connect each building. All critical functions are run from the Testbed office, with remote offices around the world. The remote offices are involved in marketing and sales of GlobalCorp products. These offices also perform maintenance on the GlobalCorp aircraft and will occasionally perform RD and on-site manufacturing. There are 5 remote offices, located in:

MassiveCorp is moving their offices to the town right next to us here. Now, as you all know, MassiveCorp has been trying to build their orbital systems up to our standards for years and have never been able to do so. So, from a security point of view, I am concerned." Blue responds, "I suggest trust. Not withMassiveCorp, but in our own systems. We must build trusted networks. We must migrate our network from one that is well-defended to one that iswell-defended and one that allows us to trust all the network traffic." The meeting continues for some time, with Blue leading the discussion on a whole new set of technologies currently not used in thenetwork. After some time, it is agreed upon that GlobalCorp will migrate to a trusted networking environment. The following week, Blue informs you that you will be workingdirectly together on the development of the planning and design of the trustednetwork. The network is going to run a full PKI, with all clients and servers in the network using digital certificates. You are grateful that in the past two years, Blue has had all the systems changed to be running only Windows 2000, both server and professional systems, running Active Directory. You think the consistent platform will make the PKI roll out easier.The entire GlobalCorp network is running Active Directory,with the domain structure as in the following list:

Testbed.globalcorp.org Newyork.globalcorp.org California.globalcorp.org Japan.globalcorp.org India.globalcorp.org England.globalcorp.org Although you will be working in the Testbed office, the plan you develop will need to include the entire GlobalCorp organization. Based on this information, select the solution that describes the best plan for the new trusted network of GlobalCorp:}

AYou design the plan for two weeks, and then you present it to Blue. Your plan follows these critical steps:
1. Draft a Certification Practice Statement (CPS) to define what users will be allowed to do with their certificates, and a Certificate Policy (CP) to define the technology used to ensure the users are able to use their certificates as per the CPS. 2 Draft a CPF based on your own guidelines, including physical and technology controls.
Design the system to be a full hierarchy, with the Root CA located in the executive building. Every remote office will have a subordinate CA, and every other building on the campus in Testbed will have a subordinate CA.
Design the hierarchy with each remote office and building having it's own enrollment CA.
Build a small test pilot program, to test the hierarchy, and integration with the existing network.
Implement the CA hierarchy in the executive office, and get all users acclimated to the system.
Implement the CA hierarchy in each other campus building in Testbed, and get all users acclimated to the system. One at a time, implement the CA hierarchy in each remote office; again getting all users acclimated to the system.
Test the team in each location on proper use and understanding of the overall PKI and their portion of the trusted network. 10.Evaluate the rollout, test, and modify as needed to improve the overall security of the GlobalCorp trusted network.

BYou design the plan for two weeks, and then you present it to Blue. Your plan follows these critical steps:
Draft a Certification Practice Statement (CPS) to define what users will be allowed to do with their certificates, and a Certificate Policy (CP) to define the technology used to ensure the users are able to use their certificates as per the CPS.
Draft a CPF based on your own guidelines, including physical and technology controls.
Design the system, outside of the executive office, to be a full hierarchy, with the Root CA for the hierarchy located in the executive building. Every remote office will have a subordinate C A, and every other building on the campus in Testbed will have a subordinate CA.
In the executive building, you design the system to be a mesh CA structure, with one CA per floor of the building.
Design the hierarchy with each remote office and building having it own enrollment CA.
Build a small test pilot program, to test the hierarchy, and integration with the existing network.
Implement the CA hierarchy in the executive office, and get all users acclimated to the system.
Implement the CA hierarchy in each other campus building in Testbed, and get all users acclimated to the system.
One at a time, implement the CA hierarchy in each remote office; again getting all users acclimated to the system.
10.Test the team in each location on proper use and understanding of the overall PKI and their portion of the trusted network. 11.Evaluate the rollout, test, and modify as needed to improve the overall security of the GlobalCorp trusted network.

CYou design the plan for two weeks, and then you present it to Blue. Your plan follows these critical steps:
Draft a Certificate Policy (CP) document to define what users will be allowed to do with their certificates, and a Certification Practice Statement (CPS) document to define the technology used to ensure the users are able to use their certificates as per the CPS.
Draft a Certificate Practices Framework (CPF) document based on RFC 2527, including every primary
component. Design the system to be a full hierarchy, with the Root CA located in the executive building. Every remote office will have a subordinate CA, and every other building on the campus in Testbed will have a subordinate CA.
Design the hierarchy with each remote office and building having it own enrollment CA.
Build a small test pilot program, to test the hierarchy, and integration with the existing network.
Implement the CA hierarchy in the executive office, and get all users acclimated to the system.
Implement the CA hierarchy in each other campus building in Testbed, and get all users acclimated to the system.
One at a time, implement the CA hierarchy in each remote office; again getting all users acclimated to the system.
Test the team in each location on proper use and understanding of the overall PKI and their portion of the trusted network. 10.Evaluate the rollout, test, and modify as needed to improve the overall security of the GlobalCorp trusted network.

DYou design the plan for two weeks, and then you present it to Blue. Your plan follows these critical steps:
Draft a Certificate Policy (CP) document to define what users will be allowed to do with their certificates, and a Certification Practice Statement (CPS) document to define the technology used to ensure the users are able to use their certificates as per the CPS.
Draft a Certificate Practices Framework (CPF) document based on RFC 2527, including every primary component.
Design the system to be a full mesh, with the Root CA located in the executive building. 3.Design the system to be a full mesh, with the Root CA located in the executive building.
Design the mesh with each remote office and building having it own Root CA.
Build a small test pilot program, to test the hierarchy, and integration with the existing network.
Implement the CA mesh in the executive office, and get all users acclimated to the system.
Implement the CA mesh in each other campus building in Testbed, and get all users acclimated to the system.
One at a time, implement the CA mesh in each remote office; again getting all users acclimated to the system.
Test the team in each location on proper use and understanding of the overall PKI and their portion of the trusted network. 10.Evaluate the rollout, test, and modify as needed to improve the overall security of the GlobalCorp trusted network.

EYou design the plan for two weeks, and then you present it to Blue. Your plan follows these critical steps:
Draft a Certification Practice Statement (CPS) to define what users will be allowed to do with their certificates, and a Certificate Policy (CP) to define the technology used to ensure the users are able to use their certificates as per the CPS.
Draft a CPF based on your own guidelines, including physical and technology controls.
Design the system to be a full mesh, with the Root CA located in the executive building.
Design the mesh with each remote office and building having it own Root CA.
Build a small test pilot program, to test the hierarchy, and integration with the existing network.
Implement the CA mesh in the executive office, and get all users acclimated to the system.
Implement the CA mesh in each other campus building in Testbed, and get all users acclimated to the system.
One at a time, implement the CA mesh in each remote office; again getting all users acclimated to the system.
Test the team in each location on proper use and understanding of the overall PKI and their portion of the trusted network. 10.Evaluate the rollout, test, and modify as needed to improve the overall security of the GlobalCorp trusted network.

Answer : C

Question 7

You go back through your notes to the day that you recommended that the company get a firewall in place. Red had been convinced that the ISP protected the network, and that a firewall was too much technology on top of the router. Now that you have been given this responsibility, and since you have configured the router already, you wish to get the firewall in place as quickly as possible. You meet quickly with the CEO and mention that the network currently has no firewall, a serious problem. You inform the CEO that this must be fixed immediately, and that you have several firewall options. For this one instance, the CEO tells you to build the best solution; the decision is not going to be based on direct cost. Based on your knowledge of and the information you have from MegaCorp, select the best solution to th organization firewall problem:}

AYou decide to take advantage of the features of Microsoft ISA Server and Checkpoint NG. You implement two firewalls, each with two network cards. From one Ethernet interface of the router, you connect to a Checkpoint firewall, and from the other Ethernet interface on the router, you connect to a Microsoft ISA firewall.The Checkpoint firewall is connected via one NIC to the router, and the other NIC is connected to the Web and FTP Server. The Microsoft ISA Server is connected via one NIC to the router and the other NIC is connected to the LAN switch. You perform the following steps and configurations to setup the firewalls:
1.First, you configure the IP Address on both network cards of both firewalls.
1, SMART Clients, and Policy Server as the only components to install and complete the installation of Checkpoint.
2.Second, you select the Floodgate-
3.Third, you configure the Checkpoint firewall so only Web and FTP traffic are allowed inbound.
4.Fourth, you select the Cache Mode option during the install of ISA Server and complete the installation of Microsoft ISA Server.
5.Fifth, you allow all outbound traffic through the ISA Server.
6.Sixth, you allow only inbound traffic through the ISA Server that is in response to outbound requests.

BAfter analysis, you decide to implement a firewall using Checkpoint NG. You begin by installing a new machine, with a fresh hard drive, and the loading of NG. The new firewall will have four NICs. You connect the two Ethernet interfaces on the routers to two of the firewall NICs. You connect one firewall NIC to the Web and FTP server and one firewall NIC to the LAN switch. You perform the following steps and configurations to setup the firewall:
1.First, you configure the IP Addresses on all four network cards of the Checkpoint firewall.
2.Second, you select only the VPN-1 Firewall-1 components to install and complete the installation of Checkpoint.
3.Third, you configure the only new inbound network traffic to be destined for the WWW and FTP services on the Web and FTP server 4.Fourth, you block all other incoming traffic. 5.Fifth, you create anti-spoofing rules to block inbound traffic that might be spoofed. 6.Sixth, you configure all traffic to be allowed in the outbound direction

CAfter you analyze the network, you have decided that you are going to implement a firewall using Microsoft ISA Server. The new firewall will have four NICs. You connect the two Ethernet interfaces on the routers to two of the firewall NICs. You connect one NIC to the Web and FTP server and one NIC to the LAN switch.You perform the following steps and configurations to setup the firewall:
1.First, you format a new hard drive and install a new copy of Windows 2000 Server. 2.Second, you configure the correct IP Addresses on the four network cards. 3.Third, you install ISA Server into Firewall only mode, and complete the installation. 4.Fourth, you configure all inbound traffic to require the SYN flag to be set, all other inbound network traffic is denied 5.Fifth, you configure the network card towards the Web and FTP server will only allow ports 80, 20, and 21. 6.Sixth, you configure all outbound traffic to be allowed.

DAfter you analyze the company, you decide to implement a firewall using Microsoft ISA Server. You create a DMZ with the Web and FTP server on the network segment between the router and the new firewall. The firewall will have two NICs, one connected to the router, and one connected to the LAN switch You perform the following steps and configurations to setup the firewall:
1.First, you install a new version of ISA Server, installed in Firewall mode.
2.Second, you configure the inbound network card to disallow all network traffic that did not originate from inside the network or from the Web and FTP Server.
3.Third, you configure anti-spoofing rules to prevent spoofing attacks.
4.Fourth, you configure all outbound traffic to be allowed.
5.Fifth, you configure inbound traffic with the SYN flag on to be allowed, and to be logged to a SYSLOG server inside the network.

EAfter you run an analysis on the network and the MegaCorp needs, you decide to implement a firewall using Checkpoint NG. The firewall will have three NICs. One NIC is connected to the router, one NIC is connected to the Web and FTP server and one NIC is connected to the LAN switch. You perform the following steps and configurations to setup the firewall:
1.First, you install a new version of Checkpoint NG, selecting the VPN-1 and Firewall-1 components, and complete the installation. 2.Second, you configure the inbound rules to allow only SYN packets that are destined for ports 80, 20, and 21 on the Web and FTP server.
3.Third, you disallow all inbound traffic for the internal network, unless it is in response to an outbound request. 4.Fourth, you configure anti-spoofing rules on the inbound interface and log those connections to a log server.

Answer : E