최신 SC0-502 무료덤프 - SCP Security Certified Program (SCP)

문제1

Things have been running smoothly now at GlobalCorp for the last several weeks. There have been no major attacks, and it seems that the systems in place are performing just as expected.
You are putting together some paperwork when you get a call from Orange to meet in the conference room.
When you get there, Orange is wrapping up a meeting with the senior Vice President of Sales, whom you say hello to on your way in.
"I was just talking with our senior VP here, and we're run into a new issue to discuss," Orange tells you.
"Wel Il let you two sort this out. Orange, do let me know when it all ready to go." With that the VP leaves.
You sit down across from Orange, who starts, "That was an interesting meeting. It seems that even though I have always said no to the request, we are being pressured to implement a wireless network."
"Here?" you ask, "In the executive building?"
"Yes, right here. The sales team wishes to have the ability to be mobile. Instead of running a full scale roll out I have trimmed the request down to running a test implementation on the second floor. The test run on that floor will be used to determine the type of wireless rollout for the rest of the building, and eventually the rest of the campus. So, here is what we need to do. I need you to create the roll out plan, and bring that plan to me. Il review with you and implement as required."
"As always, what is my budget restriction?" you ask.
"In this case, security is the top priority. If we are going to run wireless, it has to be as secure as possible, use whatever you need. That being said, your plan has to use existing technologies, we are not going to fund the development of a new protocol or proprietary encryption system right now."
You begin your work on this problem by pulling out your own wireless networking gear. You have a laptop that uses an ORiNOCO card, and you have a full directional antenna that you can hold or mount on a small tripod. You take your gear to the lobby of the second floor, and you load up NetStumbler quickly to run a quick check that there are no access points in your area.
The immediate area is clear of any signal, so you take you gear and walk the entire second floor, waiting to see if there is any signal, and you find none. With your quick walk through complete, you take your gear back to your office and start working on your plan.
Using your knowledge of the GlobalCorp network, select the best solution to the wireless networking rollout problem:}

A. You determine that for the test network, you will run in infrastructure mode, using a SSID of FLOOR2. During the test, you will create one single Independent Basic Service Set (IBSS), running through one access point. All test nodes will be configured to participate in the IBSS, using the SSID of FLOOR2.
You will configure the access point to use WPA, with an algorithm of TKIP. You will configure WPA to utilize the full 128-bit key option, with the pre-shared WPA key option. The client computers will need supplicants, so you will configure the Funk Software Odyssey Client on the clients, matching the key settings and TKIP settings.
You will disable the access point from broadcasting its SSID, and you will configure MAC address filtering.
Once the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access.

B. You have figured out that since the network is a test roll out, you have some flexibility in its configuration. After your walk through test, you begin by configuring the wireless nodes in the network to run in Ad Hoc mode, creating an Extended Basic Service Set (EBSS).
You will use a complex SSID of 5cN@4M3! on all wireless nodes. You will next configure every node to no longer broadcast any beacon packets. You will configure all the nodes to not use the default channel, and instead move them all to channel six.
You will configure every node to use MAC address filtering, to avoid unauthorized nodes from attempting to gain access to the network. Finally, you will configure each node to use WEP in the strong 128-bit mode, along with a complex 16-character passphrase for generating four keys. You will manually input the WEP Keys into each node. You will divide the test nodes into quarters, and configure each quarter to startup on the network using a different default WEP key.
Once the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access.

C. You have figured out that since the network is a test roll out, you have some flexibility in its configuration. After your walk through test, you begin by configuring the wireless nodes in the network to run in Ad Hoc mode, creating an Independent Basic Service Set (IBSS).
You will use a complex SSID of 5cN@4M3! on all wireless nodes. You will next configure every node to no longer broadcast any beacon packets. You will configure all the nodes to not use the default channel, and instead move them all to channel six.
You will configure every node to use MAC address filtering, to avoid unauthorized nodes from attempting to gain access to the network. Finally, you will configure each node to use WEP in the strong 128-bit mode, along with a complex 16-character passphrase.
Once the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access.

D. You determine that for the test network, you will run the network in infrastructure mode, using a SSID of FLOOR2. During the test, you will create one single Basic Service Set (BSS), running through one access point. All test nodes will be configured to participate in the BSS, using the SSID of FLOOR2, and the access point will be configured with MAC address filtering of the test nodes.
You will configure the access point to use EAP, specifically EAP-TLS. You will configure a Microsoft RADIUS Server as the authentication server. You will configure the RADIUS server with a digital certificate. Using EAP-TLS, both the server and the client will be required to authenticate using their digital certificates before full network access will be granted. Clients will have supplicant software configured where required.
You will next make a physical map of the office, using the tool Ekahau. Working with this tool, you will map out and track the positioning of each wireless device once the network is active.
When the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access. You will continue the test by running checks from the parking lot, ensuring that you cannot gain access.

E. You figure out that you will run the test network in infrastructure mode, using a SSID of GlobalCorp. You will create one single Basic Service Set (BSS), all running through one access point. All test nodes will be configured to participate in the BSS, using the SSID of GlobalCorp, and the access point will be configured with MAC address filtering of the test nodes.
You will configure the access point to utilize a combination of 802.1x and WPA. The WPA settings will be fully secured with TKIP, and 128-bit keys, which change on a per session basis. The 802.1x settings will be to use Lightweight EAP (LEAP). The clients will be configured to use LEAP, with a fallback to TKIP at 128-bits.
You will configure the access point to utilize a combination of 802.1x and WPA. The WPA settings will be fully secured with TKIP, and 128-bit keys, which change on a per session basis. The 802.1x settings will be to use Lightweight EAP (LEAP). The clients will be configured to use LEAP, with a fallback to TKIP at 128-bits.
When the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access. You will continue the test by running checks from the parking lot, ensuring that you cannot gain access.

정답: D

문제2

By now, you are feeling confident that the security of the MegaCorp network is getting under control. You are aware that there are still several critical areas that you must deal with, and today you are addressing one of those areas. You have been able to take care of the router, firewall, security policy, and intrusion detection, now you are concerned with some of the hosts in the network.
Since the organization is not very large, you are the only person working in the IT end of the company. It will be up to you to directly work on the systems throughout the network. You make a quick chart of the systems you know should be in the MegaCorp network: Server0001, 10.10.20.101, Windows 2000 Server
Server0010, 10.10.20.102, Windows 2000 Server
Server0011, 10.10.20.103, Windows 2000 Server
Server0100, 10.10.20.104, Linux (Red Hat 8.0)
User systems, 10.10.100.100~10.10.100.200, Windows 2000 Professional
The addressing that you recommended months ago is in place, and it follows a distinct logical pattern, you are hoping that no new systems are hidden in the network somewhere.
In the company, you have been granted domain administrator rights, and no other user is authorized to have administrator, root, supervisor, or otherwise privileged level of access. All the Windows systems are to belong to one windows domain called SCNA.edu. Users are no longer allowed to install unauthorized applications, and are all to use the file servers for storage. Although they have the ability to do so, users are not supposed to store any work data on their local systems.
The servers are located in a server cabinet that is inside your office, so you decide to start working there. Using your knowledge of MegaCorp select the best solution for hardening the MegaCorp operating systems:}

A. You being by running a Nessus scan from your office laptop on the systems in the network, first the servers, then the user workstations. After the scans are complete, you store the reports on your laptop, and you take your laptop to the server room.
In the server room, you begin on the Windows servers. You implement a custom security template on each server using the Security Configuration and Analysis Snap-In, remove any unauthorized accounts, ensure that each system is updated with the latest patches, and ensure that the permissions on each shared object are as per policy.
You then work on the Linux server, by addressing each point identified in the Nessus scan. You then lock the system with Bastille, ensure that each system is updated with the latest patches, and run a quick Tripwire scan to create a baseline for the system.
You take your laptop with you as you go throughout the network to each user workstation, ensure that each system is updated with the latest patches, and you take care of each issue you found on the machines. There are a few systems that you find with unauthorized applications and you remove those applications.

B. You start the job by running some analysis on the Windows servers. You do this using the Security Configuration and Analysis Snap-In, and you ensure that each system is updated with the latest patches. You find several user accounts that have been given local administrator access, and you remove these accounts. You next use the Secedit tool to implement local encryption on the shared hard drive to secure the local files for the network users.
You then work on the Linux server. To your surprise there are no unauthorized root accounts, nor any unauthorized shares. You ensure that the permissions are correct on the shared objects, and run Bastille to lock down the server.
You then work on the client machines. Before you physically sit at each machine, you run a Nessus scan from your office. Bringing the results with you, you go to each machine and address any issues as identified in the Nessus scan, remove any unauthorized applications

C. You begin by running a Nessus scan on each computer in the network, using the \hotfix switch to create a full report. The report identifies every vulnerability on each system and lists the specific changes you must make to each system to fix any found vulnerabilities.
You take the report to the server room and start with the Linux server. On the server, you run through the steps as outlined in the Nessus report, and end by locking the system using Bastille.
Then, you move to the Windows systems, again following the steps of the Nessus report, and ending by using the Security Configuration and Analysis Snap-In to implement the Gold Standard template on every server.
Finally, you proceed to each user workstation. At each user machine, you follow each step for each system, based on your report. Once you have addressed all the vulnerabilities in the systems, you run a quick Secedit scan on each system to ensure that they are all locked down and that proper encryption is configured.

D. The first thing you do is to run a Nessus scan against all the servers in the room, noting the findings of the scans. You then begin on the servers by running some tests on the Linux server. First, you run Tripwire on the entire system to ensure that there are no rogue Root accounts, and the test is positive. Second, you ensure that there are no unauthorized objects available through the network, and third you lock the system down with Bastille.
You then work on the Windows servers. You run a check to ensure there are no unauthorized administrator accounts, and there are not. You create a custom security template and implement the template on each server using the Security Configuration and Analysis Snap-In, and you ensure that each system is updated with the latest patches.
Finally, you analyze the user's desktops. You go one by one through the network checking for added user accounts, and you find some. You remove these unauthorized accounts and check for software and applications. Again, you find some applications that are not allowed and you remove them. You check the systems for hardware changes, and address the issues that you find.

E. The first thing you decide to do is plug your laptop into the server room, and run a full Nessus scan on the entire network, specifically looking for every backdoor vulnerability that the application can check. This takes some time to compile, but you eventually end up with a list of issues to address on each machine.
You move on to the Linux server, and run a fast Tripwire check on the system to look for any additional vulnerabilities. Once that check is done, you install SSH so that all access by every user will be encrypted to the server, and you run Bastille to lock down the system.
At the Windows systems, you address any issues found during the Nessus scan, you ensure that each system is updated with the latest patches, and you ensure that the systems are all functioning as fully secure and functional file servers to the network by implementing the HISECWEB.INF template in the Security Configuration and Analysis Snap-In.
Finally, you work on each desktop machine by removing any vulnerabilities listed in the scan report. You remove a few pieces of unauthorized hardware and many unauthorized applications.

정답: A

문제3

You are well along your way to getting the MegaCorp security up to what you consider an acceptable level. You feel the security is now solid enough that you can go ahead and some new tests and perform analysis on the network.
You plug in your laptop and fire up Snort to see the traffic coming into the network. You plug in on the outside of the router, to see the unfiltered traffic that the network must deal with. In full promiscuous mode, you collect data for an hour, to filter through it later. Since you captured quite a bit of data, you filter out a few specific lines to analyze.
10\27-23:48:42.126886 0:D0:9:7E:E5:E9 -> 0:D0:9:7F:C:9B type:0x800 len:0x3C
10.0.10.237 -> 10.0.10.234 ICMP TTL:128 TOS:0x0 ID:1185 IpLen:20 DgmLen:36
Type:8 Code:0 ID:3 Seq:289 ECHO =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\27-23:48:42.137906 0:D0:9:7E:E5:E9 -> 0:2:B3:2D:1:4A type:0x800 len:0x3C
10.0.10.237 -> 10.0.10.235 ICMP TTL:128 TOS:0x0 ID:1186 IpLen:20 DgmLen:36 Type:8 Code:0 ID:3 Seq:290 ECHO =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\27-23:48:42.148642 0:D0:9:7E:E5:E9 -> 0:D0:9:7E:F9:DB type:0x800 len:0x3C
10.0.10.237 -> 10.0.10.236 ICMP TTL:128 TOS:0x0 ID:1187 IpLen:20 DgmLen:36 Type:8 Code:0 ID:3 Seq:291 ECHO =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\27-23:48:42.167031 0:D0:9:7E:E5:E9 -> 0:D0:9:68:87:2C type:0x800 len:0x3C
10.0.10.237 -> 10.0.10.238 ICMP TTL:128 TOS:0x0 ID:1190 IpLen:20 DgmLen:36
Type:8 Code:0 ID:3 Seq:292 ECHO =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\27-23:48:42.177247 0:D0:9:7E:E5:E9 -> 0:D0:9:69:48:E3 type:0x800 len:0x3C
10.0.10.237 -> 10.0.10.239 ICMP TTL:128 TOS:0x0 ID:1191 IpLen:20 DgmLen:36 Type:8 Code:0 ID:3 Seq:293 ECHO
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.387953 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:1 TCP TTL:44 TOS:0x0 ID:24652 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.320917 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:2 TCP TTL:44 TOS:0x0 ID:52330 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.377933 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:3 TCP TTL:44 TOS:0x0 ID:10807 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.328200 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:4 TCP TTL:44 TOS:0x0 ID:40192 IpLen:20 DgmLen:40 ******* Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.363859 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:5 TCP TTL:44 TOS:0x0 ID:20497 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.391163 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:6 TCP TTL:44 TOS:0x0 ID:30756 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.300794 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:7 TCP TTL:44 TOS:0x0 ID:3946 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:52:16.979681 0:D0:9:7E:E5:E9 -> 0:D0:9:7F:C:9B type:0x800 len:0x3E 10.0.10.237:1674 -> 10.0.10.234:31337 TCP TTL:128 TOS:0x0 ID:5277 IpLen:20 DgmLen:48 ******S* Seq: 0x3F2FE2CC Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:52:16.999652 0:D0:9:7E:E5:E9 -> 0:2:B3:2D:1:4A type:0x800 len:0x3E 10.0.10.237:1675 -> 10.0.10.235:31337 TCP TTL:128 TOS:0x0 ID:5278 IpLen:20 DgmLen:48 ******S* Seq: 0x3F30DB1F Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:52:17.019680 0:D0:9:7E:E5:E9 -> 0:D0:9:7E:F9:DB type:0x800 len:0x3E 10.0.10.237:1676 -> 10.0.10.236:31337 TCP TTL:128 TOS:0x0 ID:5279 IpLen:20 DgmLen:48 ******S* Seq: 0x3F3183AE Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:52:17.059669 0:D0:9:7E:E5:E9 -> 0:D0:9:68:87:2C type:0x800 len:0x3E 10.0.10.237:1678 -> 10.0.10.238:31337 TCP TTL:128 TOS:0x0 ID:5282 IpLen:20 DgmLen:48 ******S* Seq: 0x3F332EC2 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:52:17.079821 0:D0:9:7E:E5:E9 -> 0:D0:9:69:48:E3 type:0x800 len:0x3E 10.0.10.237:1679 -> 10.0.10.239:31337 TCP TTL:128 TOS:0x0 ID:5283 IpLen:20 DgmLen:48 ******S* Seq: 0x3F3436FA Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:45:18.733562 0:D0:9:7E:E5:E9 -> 0:D0:9:7F:C:9B type:0x800 len:0x3E 10.0.10.237:1646 -> 10.0.10.234:12345 TCP TTL:128 TOS:0x0 ID:4974 IpLen:20 DgmLen:48 ******S* Seq: 0x38E326F7 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:45:18.753691 0:D0:9:7E:E5:E9 -> 0:2:B3:2D:1:4A type:0x800 len:0x3E 10.0.10.237:1647 -> 10.0.10.235:12345 TCP TTL:128 TOS:0x0 ID:4975 IpLen:20 DgmLen:48 ******S* Seq: 0x38E3D2D0 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:45:18.773781 0:D0:9:7E:E5:E9 -> 0:D0:9:7E:F9:DB type:0x800 len:0x3E 10.0.10.237:1648 -> 10.0.10.236:12345 TCP TTL:128 TOS:0x0 ID:4976 IpLen:20 DgmLen:48 ******S* Seq: 0x38E4CF5C Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:45:18.813837 0:D0:9:7E:E5:E9 -> 0:D0:9:68:87:2C type:0x800 len:0x3E 10.0.10.237:1650 -> 10.0.10.238:12345 TCP TTL:128 TOS:0x0 ID:4979 IpLen:20 DgmLen:48 ******S* Seq: 0x38E692B6 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:45:18.833772 0:D0:9:7E:E5:E9 -> 0:D0:9:69:48:E3 type:0x800 len:0x3E 10.0.10.237:1651 -> 10.0.10.239:12345 TCP TTL:128 TOS:0x0 ID:4980 IpLen:20 DgmLen:48 ******S* Seq: 0x38E7211C Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Looking at the types of traffic that are hitting your network, what types of attacks are you dealing with, and what is the best solution for mitigating those attacks?}

A. There is a clear pattern of attack, starting with general reconnaissance to see which systems are up and running to respond to attack inquiries. Next, the attacks show port scans, looking specifically for open ports on a unique host, and then moving to searching out NetBus and SubSeven servers.
To mitigate these attacks, you do not recommend any new technology. You feel that your firewall, IDS, and routers will properly address these types of attacks.

B. There is a clear attack pattern, where the attacker is looking for packets that are formed with a TTL of 128, followed by a TTL of 44. Finally, the attacker is looking to exploit the NOP SackOK vulnerability.
To mitigate these attacks, you recommend implementing a new firewall on the outside of the router, designed with rules to specifically stop these attacks, allowing the rest of the traffic through to your router and the rest of your perimeter defense.

C. There is a clear attack pattern, where the attacker first is checking to see which hosts will reply to sequential packets, followed by vulnerability checking for the IPLen:20 server vulnerability.
To mitigate these attacks, you recommend reconfiguring the access control lists on the routers, specifically to address the IPLen:20 attack, and to address the sequential packet attack. You recommend that with the router configuration change, the threats will be properly addressed.

D. There is a clear pattern of attack, starting with the attacker looking for hosts that will respond to the ID:3 vulnerability. Once identified, the attacker runs a second set of scans, looking for hosts that are vulnerable to a TOS:0x0 attack, and finally running a scan to check for hosts that are vulnerable to the MSS: 1460 NOP attack.
To mitigate these attacks, you recommend implementing a new firewall on the outside of the router, designed with rules to specifically stop these attacks, allowing the rest of the traffic through to your router and the rest of your perimeter defense.

E. Looking at the traffic, you are unable to identify any pattern of attack. You see normal legitimate traffic, the type of which you see every day. The traffic that you have captured provides you no clues as to the current attacks against your network, and as such you make no recommendations to mitigate.

정답: A

문제4

For three years you have worked with MegaCorp doing occasional network and security consulting. MegaCorp is a small business that provides real estate listings and data to realtors in several of the surrounding states. The company is open for business Monday through Friday from 9 am to 6 pm, closed all evenings and weekends. Your work there has largely consisted of advice and planning, and you have been frequently disappointed by the lack of execution and follow through from the full time staff.
On Tuesday, you received a call from MegaCorp's HR director, "Hello, I'd like to inform you that Purple (the full time senior network administrator) is no longer with us, and we would like to know if you are interested in working with us full time."
You currently have no other main clients, so you reply, "Sure, when do you need me to get going?"
"Today," comes the fast and direct response. Too fast, you think. "
What is the urgency, why can this wait until tomorrow?"
"Red was let go, and he was not happy about it. We are worried that he might have done something to our network on the way out."
"OK, let me get some things ready, and Il be over there shortly."
You knew this would be messy when you came in, but you did have some advantage in that you already knew the network. You had recommended many changes in the past, none of which would be implemented by Purple. While pulling together your laptop and other tools, you grab your notes which have an overview of the network:
MegaCorp network notes: Single Internet access point, T1, connected to MegaCorp Cisco router. Router has E1 to a private web and ftp server and E0 to the LAN switch. LAN switch has four servers, four printers, and 100 client machines. All the machines are running Windows 2000. Currently, they are having their primary web site and email hosted by an ISP in Illinois.
When you get to MegaCorp, the HR Director and the CEO, both of whom you already know, greet you. The CEO informs you that Purple was let go due to difficult personality conflicts, among other reasons, and the termination was not cordial. You are to sign the proper employment papers, and get right on the job. You are given the rest of the day to get setup and running, but the company is quite concerned about the security of their network. Rightly so, you think, if these guys had implemented even half of my recommendations this would sure be easier.You get your equipment setup in your new oversized office space, and get started. For the time you are working here, your IP Address is 10.10.50.23 with a mask of \16.
One of your first tasks is to examine the router configuration. You console into the router, issue a show running-config command, and get the following output:
MegaOne#show running-config
Building configuration
Current configuration:
!
version 12.1
service udp-small-servers
service tcp-small-servers
! hostname MegaOne ! enable secret 5 $1$7BSK3$H394yewhJ45JAFEWU73747. enable password clever ! no ip name-server no ip domain-lookup ip routing ! interface Ethernet0 no shutdown ip address 2.3.57.50 255.255.255.0 no ip directed-broadcast ! interface Ethernet1 no shutdown ip 10.10.40.101 255.255.0.0 no ip directed-broadcast ! interface Serial0 no shutdown ip 1.20.30.23 255.255.255.0 no ip directed-broadcast clockrate 1024000 bandwidth 1024 encapsulation hdlc ! ip route 0.0.0.0 0.0.0.0 1.20.30.45
!
line console 0
exec-timeout 0 0
transport input all
line vty 0 4
password remote
login
!
end
After analysis of the network, you recommend that the router have a new configuration. Your goal is to make the router become part of your layered defense, and to be a system configured to help secure the network.
You talk to the CEO to get an idea of what the goals of the router should be in the new configuration. All your conversations are to go through the CEO; this is whom you also are to report to.
"OK, I suggest that the employees be strictly restricted to only the services that they must access on the Internet." You begin.
"I can understand that, but we have always had an open policy. I like the employees to feel comfortable, and not feel like we are watching over them all the time. Please leave the connection open so they can get to whatever they need to get to. We can always reevaluate this in an ongoing basis."
"OK, if you insist, but for the record I am opposed to that policy."
"Noted," responds the CEO, somewhat bluntly.
"All right, let see, the private web and ftp server have to be accessed by the Internet, restricted to the accounts on the server. We will continue to use the Illinois ISP to host our main web site and to host our email. What else, is there anything else that needs to be accessed from the Internet?"
"No, I think that's it. We have a pretty simple network, we do everything in house."
"All right, we need to get a plan in place as well right away for a security policy. Can we set something up for tomorrow?" you ask.
"Let me see, Il get back to you later." With that the CEO leaves and you get to work.
Based on the information you have from MegaCorp; knowing that the router must be an integral part of the security of the organization, select the best solution to the organization's router problem:}

A. You backup the current router config to a temp location on your laptop. Early Monday morning, you come in to build the new router configuration. Using your knowledge of the network, and your conversation with the CEO, you build and implement the following router configuration: MegaOne#configure terminal MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21 MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255 MegaOne(config)#interface Serial 0 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#no cdp enable MegaOne(config-if)#no ip directed broadcast MegaOne(config-if)#no ip unreachables MegaOne(config-if)#^Z MegaOne#

B. You backup the current router config to a temp location on your laptop. Sunday night, you come in to build the new router configuration. Using your knowledge of the network, and your conversation with the CEO, you build and implement the following router configuration: MegaOne#configure terminal MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21 MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255 MegaOne(config)#interface Ethernet 0 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#no cdp enable MegaOne(config)#interface Ethernet 1 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#no cdp enable MegaOne(config-if)#^Z MegaOne#

C. You backup the current router config to a temp location on your laptop. Friday night, you come in to build the new router configuration. Using your knowledge of the network, and your conversation with the CEO, you build and implement the following router configuration: MegaOne#configure terminal MegaOne(config)#no cdp run MegaOne(config)#no ip source-route MegaOne(config)#no ip finger MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21 MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established MegaOne(config)#access-list 175 deny ip 0.0.0.0 255.255.255.255 any MegaOne(config)#access-list 175 deny ip 10.0.0.0 0.255.255.255 any MegaOne(config)#access-list 175 deny ip 127.0.0.0 0.255.255.255 any MegaOne(config)#access-list 175 deny ip 172.16.0.0 0.0.255.255 any MegaOne(config)#access-list 175 deny ip 192.168.0.0 0.0.255.255 any MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255 MegaOne(config)#interface serial 0 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#no ip directed broadcast MegaOne(config-if)#no ip unreachables MegaOne(config-if)#^Z MegaOne#

D. As soon as the office closes Friday, you get to work on the new router configuration. Using your knowledge of the network, and your conversation with the CEO, you build and implement the following router configuration: MegaOne#configure terminal MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21 MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255 MegaOne(config)#interface Ethernet 0 MegaOne(config-if)#ip access-group 175 in MegaOne(config)#interface Ethernet 1 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#^Z MegaOne#

E. With the office closed, you decide to build the new router configuration on Saturday. Using your knowledge of the network, and your conversation with the CEO, you build and implement the following router configuration: MegaOne#configure terminal MegaOne(config)#no cdp run MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20 MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21 MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255 MegaOne(config)#access-list 175 deny ip 0.0.0.0 255.255.255.255 any MegaOne(config)#access-list 175 deny ip 10.0.0.0 0.255.255.255 any MegaOne(config)#access-list 175 deny ip 127.0.0.0 0.255.255.255 any MegaOne(config)#access-list 175 deny ip 172.16.0.0 0.0.255.255 any MegaOne(config)#access-list 175 deny ip 192.168.0.0 0.0.255.255 any MegaOne(config)#no ip source-route MegaOne(config)#no ip finger MegaOne(config)#interface serial 0 MegaOne(config-if)#ip access-group 175 in MegaOne(config-if)#no ip directed broadcast MegaOne(config-if)#no ip unreachables MegaOne(config-if)#^Z MegaOne#

정답: C

우리와 연락하기

문의할 점이 있으시면 메일을 보내오세요. 12시간이내에 답장드리도록 하고 있습니다.

근무시간: ( UTC+9 ) 9:00-24:00
월요일~토요일

서포트: 바로 연락하기

최신 SC0-502 무료덤프 - SCP Security Certified Program (SCP)

우리와 연락하기

유용한 링크

최신 업데이트