최신 SC0-502 무료덤프 - SCP Security Certified Program (SCP)

문제1

You go back through your notes to the day that you recommended that the company get a firewall in place. Purple had been convinced that the ISP protected the network, and that a firewall was too much technology on top of the router. Now that you have been given this responsibility, and since you have configured the router already, you wish to get the firewall in place as quickly as possible.
You meet quickly with the CEO and mention that the network currently has no firewall, a serious problem. You inform the CEO that this must be fixed immediately, and that you have several firewall options. For this one instance, the CEO tells you to build the best solution; the decision is not going to be based on direct cost.
Based on your knowledge of and the information you have from MegaCorp, select the best solution to the organization firewall problem:}

A. You decide to take advantage of the features of Microsoft ISA Server and Checkpoint NG. You implement two firewalls, each with two network cards. From one Ethernet interface of the router, you connect to a Checkpoint firewall, and from the other Ethernet interface on the router, you connect to a Microsoft ISA firewall.
The Checkpoint firewall is connected via one NIC to the router, and the other NIC is connected to the Web and FTP Server. The Microsoft ISA Server is connected via one NIC to the router and the other NIC is connected to the LAN switch.
You perform the following steps and configurations to setup the firewalls:
1.First, you configure the IP Address on both network cards of both firewalls.
2.Second, you select the Floodgate-1, SMART Clients, and Policy Server as the only components
to install and complete the installation of Checkpoint.
3.Third, you configure the Checkpoint firewall so only Web and FTP traffic are allowed inbound.
4.Fourth, you select the Cache Mode option during the install of ISA Server and complete the
installation of Microsoft ISA Server.
5.Fifth, you allow all outbound traffic through the ISA Server.
6.Sixth, you allow only inbound traffic through the ISA Server that is in response to outbound
requests.

B. After you analyze the network, you have decided that you are going to implement a firewall using Microsoft ISA Server. The new firewall will have four NICs. You connect the two Ethernet interfaces on the routers to two of the firewall NICs. You connect one NIC to the Web and FTP server and one NIC to the LAN switch.
You perform the following steps and configurations to setup the firewall:
1.First, you format a new hard drive and install a new copy of Windows 2000 Server.
2.Second, you configure the correct IP Addresses on the four network cards.
3.Third, you install ISA Server into Firewall only mode, and complete the installation.
4.Fourth, you configure all inbound traffic to require the SYN flag to be set, all other inbound
network traffic is denied
5.Fifth, you configure the network card towards the Web and FTP server will only allow ports 80,
20, and 21.
6.Sixth, you configure all outbound traffic to be allowed.

C. After you run an analysis on the network and the MegaCorp needs, you decide to implement a firewall using Checkpoint NG. The firewall will have three NICs. One NIC is connected to the router, one NIC is connected to the Web and FTP server and one NIC is connected to the LAN switch.
You perform the following steps and configurations to setup the firewall:
1.First, you install a new version of Checkpoint NG, selecting the VPN-1 and Firewall-1 components, and complete the installation.
2.Second, you configure the inbound rules to allow only SYN packets that are destined for ports
80, 20, and 21 on the Web and FTP server.
3.Third, you disallow all inbound traffic for the internal network, unless it is in response to an
outbound request.
4.Fourth, you configure anti-spoofing rules on the inbound interface and log those connections to a
log server.

D. After you analyze the company, you decide to implement a firewall using Microsoft ISA Server. You create a DMZ with the Web and FTP server on the network segment between the router and the new firewall. The firewall will have two NICs, one connected to the router, and one connected to the LAN switch.
You perform the following steps and configurations to setup the firewall:
1.First, you install a new version of ISA Server, installed in Firewall mode.
2.Second, you configure the inbound network card to disallow all network traffic that did not
originate from inside the network or from the Web and FTP Server.
3.Third, you configure anti-spoofing rules to prevent spoofing attacks.
4.Fourth, you configure all outbound traffic to be allowed.
5.Fifth, you configure inbound traffic with the SYN flag on to be allowed, and to be logged to a
SYSLOG server inside the network.

E. After analysis, you decide to implement a firewall using Checkpoint NG. You begin by installing a new machine, with a fresh hard drive, and the loading of NG. The new firewall will have four NICs. You connect the two Ethernet interfaces on the routers to two of the firewall NICs. You connect one firewall NIC to the Web and FTP server and one firewall NIC to the LAN switch.
You perform the following steps and configurations to setup the firewall:
1.First, you configure the IP Addresses on all four network cards of the Checkpoint firewall.
2.Second, you select only the VPN-1 & Firewall-1 components to install and complete the
installation of Checkpoint.
3.Third, you configure the only new inbound network traffic to be destined for the WWW and FTP
services on the Web and FTP server
4.Fourth, you block all other incoming traffic.
5.Fifth, you create anti-spoofing rules to block inbound traffic that might be spoofed.
6.Sixth, you configure all traffic to be allowed in the outbound direction

정답: C

문제2

You are well along your way to getting the MegaCorp security up to what you consider an acceptable level. You feel the security is now solid enough that you can go ahead and some new tests and perform analysis on the network.
You plug in your laptop and fire up Snort to see the traffic coming into the network. You plug in on the outside of the router, to see the unfiltered traffic that the network must deal with. In full promiscuous mode, you collect data for an hour, to filter through it later. Since you captured quite a bit of data, you filter out a few specific lines to analyze.
10\27-23:48:42.126886 0:D0:9:7E:E5:E9 -> 0:D0:9:7F:C:9B type:0x800 len:0x3C
10.0.10.237 -> 10.0.10.234 ICMP TTL:128 TOS:0x0 ID:1185 IpLen:20 DgmLen:36
Type:8 Code:0 ID:3 Seq:289 ECHO =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\27-23:48:42.137906 0:D0:9:7E:E5:E9 -> 0:2:B3:2D:1:4A type:0x800 len:0x3C
10.0.10.237 -> 10.0.10.235 ICMP TTL:128 TOS:0x0 ID:1186 IpLen:20 DgmLen:36 Type:8 Code:0 ID:3 Seq:290 ECHO =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\27-23:48:42.148642 0:D0:9:7E:E5:E9 -> 0:D0:9:7E:F9:DB type:0x800 len:0x3C
10.0.10.237 -> 10.0.10.236 ICMP TTL:128 TOS:0x0 ID:1187 IpLen:20 DgmLen:36 Type:8 Code:0 ID:3 Seq:291 ECHO =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\27-23:48:42.167031 0:D0:9:7E:E5:E9 -> 0:D0:9:68:87:2C type:0x800 len:0x3C
10.0.10.237 -> 10.0.10.238 ICMP TTL:128 TOS:0x0 ID:1190 IpLen:20 DgmLen:36
Type:8 Code:0 ID:3 Seq:292 ECHO =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\27-23:48:42.177247 0:D0:9:7E:E5:E9 -> 0:D0:9:69:48:E3 type:0x800 len:0x3C
10.0.10.237 -> 10.0.10.239 ICMP TTL:128 TOS:0x0 ID:1191 IpLen:20 DgmLen:36 Type:8 Code:0 ID:3 Seq:293 ECHO
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.387953 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:1 TCP TTL:44 TOS:0x0 ID:24652 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.320917 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:2 TCP TTL:44 TOS:0x0 ID:52330 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.377933 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:3 TCP TTL:44 TOS:0x0 ID:10807 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.328200 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:4 TCP TTL:44 TOS:0x0 ID:40192 IpLen:20 DgmLen:40 ******* Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.363859 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:5 TCP TTL:44 TOS:0x0 ID:20497 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.391163 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:6 TCP TTL:44 TOS:0x0 ID:30756 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-19:09:07.300794 0:D0:9:7E:F9:DB -> 0:2:B3:2D:1:4A type:0x800 len:0x3C 10.0.10.236:57228 -> 10.0.10.235:7 TCP TTL:44 TOS:0x0 ID:3946 IpLen:20 DgmLen:40 ******** Seq: 0x0 Ack: 0x0 Win: 0x400 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:52:16.979681 0:D0:9:7E:E5:E9 -> 0:D0:9:7F:C:9B type:0x800 len:0x3E 10.0.10.237:1674 -> 10.0.10.234:31337 TCP TTL:128 TOS:0x0 ID:5277 IpLen:20 DgmLen:48 ******S* Seq: 0x3F2FE2CC Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:52:16.999652 0:D0:9:7E:E5:E9 -> 0:2:B3:2D:1:4A type:0x800 len:0x3E 10.0.10.237:1675 -> 10.0.10.235:31337 TCP TTL:128 TOS:0x0 ID:5278 IpLen:20 DgmLen:48 ******S* Seq: 0x3F30DB1F Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:52:17.019680 0:D0:9:7E:E5:E9 -> 0:D0:9:7E:F9:DB type:0x800 len:0x3E 10.0.10.237:1676 -> 10.0.10.236:31337 TCP TTL:128 TOS:0x0 ID:5279 IpLen:20 DgmLen:48 ******S* Seq: 0x3F3183AE Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:52:17.059669 0:D0:9:7E:E5:E9 -> 0:D0:9:68:87:2C type:0x800 len:0x3E 10.0.10.237:1678 -> 10.0.10.238:31337 TCP TTL:128 TOS:0x0 ID:5282 IpLen:20 DgmLen:48 ******S* Seq: 0x3F332EC2 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:52:17.079821 0:D0:9:7E:E5:E9 -> 0:D0:9:69:48:E3 type:0x800 len:0x3E 10.0.10.237:1679 -> 10.0.10.239:31337 TCP TTL:128 TOS:0x0 ID:5283 IpLen:20 DgmLen:48 ******S* Seq: 0x3F3436FA Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:45:18.733562 0:D0:9:7E:E5:E9 -> 0:D0:9:7F:C:9B type:0x800 len:0x3E 10.0.10.237:1646 -> 10.0.10.234:12345 TCP TTL:128 TOS:0x0 ID:4974 IpLen:20 DgmLen:48 ******S* Seq: 0x38E326F7 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:45:18.753691 0:D0:9:7E:E5:E9 -> 0:2:B3:2D:1:4A type:0x800 len:0x3E 10.0.10.237:1647 -> 10.0.10.235:12345 TCP TTL:128 TOS:0x0 ID:4975 IpLen:20 DgmLen:48 ******S* Seq: 0x38E3D2D0 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:45:18.773781 0:D0:9:7E:E5:E9 -> 0:D0:9:7E:F9:DB type:0x800 len:0x3E 10.0.10.237:1648 -> 10.0.10.236:12345 TCP TTL:128 TOS:0x0 ID:4976 IpLen:20 DgmLen:48 ******S* Seq: 0x38E4CF5C Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:45:18.813837 0:D0:9:7E:E5:E9 -> 0:D0:9:68:87:2C type:0x800 len:0x3E 10.0.10.237:1650 -> 10.0.10.238:12345 TCP TTL:128 TOS:0x0 ID:4979 IpLen:20 DgmLen:48 ******S* Seq: 0x38E692B6 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10\28-01:45:18.833772 0:D0:9:7E:E5:E9 -> 0:D0:9:69:48:E3 type:0x800 len:0x3E 10.0.10.237:1651 -> 10.0.10.239:12345 TCP TTL:128 TOS:0x0 ID:4980 IpLen:20 DgmLen:48 ******S* Seq: 0x38E7211C Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Looking at the types of traffic that are hitting your network, what types of attacks are you dealing with, and what is the best solution for mitigating those attacks?}

A. There is a clear pattern of attack, starting with general reconnaissance to see which systems are up and running to respond to attack inquiries. Next, the attacks show port scans, looking specifically for open ports on a unique host, and then moving to searching out NetBus and SubSeven servers.
To mitigate these attacks, you do not recommend any new technology. You feel that your firewall, IDS, and routers will properly address these types of attacks.

B. There is a clear attack pattern, where the attacker is looking for packets that are formed with a TTL of 128, followed by a TTL of 44. Finally, the attacker is looking to exploit the NOP SackOK vulnerability.
To mitigate these attacks, you recommend implementing a new firewall on the outside of the router, designed with rules to specifically stop these attacks, allowing the rest of the traffic through to your router and the rest of your perimeter defense.

C. There is a clear attack pattern, where the attacker first is checking to see which hosts will reply to sequential packets, followed by vulnerability checking for the IPLen:20 server vulnerability.
To mitigate these attacks, you recommend reconfiguring the access control lists on the routers, specifically to address the IPLen:20 attack, and to address the sequential packet attack. You recommend that with the router configuration change, the threats will be properly addressed.

D. There is a clear pattern of attack, starting with the attacker looking for hosts that will respond to the ID:3 vulnerability. Once identified, the attacker runs a second set of scans, looking for hosts that are vulnerable to a TOS:0x0 attack, and finally running a scan to check for hosts that are vulnerable to the MSS: 1460 NOP attack.
To mitigate these attacks, you recommend implementing a new firewall on the outside of the router, designed with rules to specifically stop these attacks, allowing the rest of the traffic through to your router and the rest of your perimeter defense.

E. Looking at the traffic, you are unable to identify any pattern of attack. You see normal legitimate traffic, the type of which you see every day. The traffic that you have captured provides you no clues as to the current attacks against your network, and as such you make no recommendations to mitigate.

정답: A

문제3

The network has been receiving quite a lot of inbound traffic, and although you have been given instructions to keep the network open, you want to know what is going on. You have decided to implement an Intrusion Detection System. You bring this up at the next meeting.
"After looking at our current network security, and the network traffic we are dealing with, I recommend that we implement an Intrusion Detection System," you begin.
"We don't have any more budget for security equipment, it will have to wait until next year." This is the reply from the CEO that you were anticipating.
"I realize that the budget is tight, but this is an important part of setting up security." You continue, "If I cannot properly identify all the network traffic, and have a system in place to respond to it, we might not know about an incident until after our information is found for sale on the open market." As expected, your last comment got the group thinking.
"What about false alarms?" asks the VP of sales, "I hear those things are always going off, and just end up wasting everyone" time."
"Tha's a fair concern, but it is my concern. When we implement the system, I will fine tune it and adjust it until the alarms it generates are appropriate, and are generated when there is legitimately something to be concerned about. We are concerned with traffic that would indicate an attack; only then will the system send me an alert."
For a few minutes there was talk back and forth in the room, and then the CEO responds again to your inquiry, "I agree that this type of thing could be helpful. But, we simply don have any more budget for it. Since it is a good idea, go ahead and find a way to implement this, but don't spend any money on it."
With this information, and your knowledge of MegaCorp, choose the answer that will provide the best solution for the IDS needs of MegaCorp:}

A. You install Snort on a dedicated machine just inside the router. The machine is designed to send alerts to you when appropriate. You do have some concern that the system will have too many rules to operate efficiently. To address this, you decide to pull the critical rules out of the built-in rule sets, and create one simple rule set that is short and will cover all of the serious incidents that the network might experience.
alert udp any 19 <> $HOME_NET 7 (msg:"DOS UDP Bomb"; classtype:attempted-dos; sid:271;
rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"DOS Teardrop attack"; id:242;
fragbits:M;
classtype:attempted-dos; sid:270; rev:1;) alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS TFN Probe"; id: 678; itype: 8; content: "1234";
classtype:attempted-recon; sid:221; rev:1;) alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING NMAP"; dsize: 0; itype: 8;
classtype:attempted-recon; sid:469; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"SCAN XMAS";flags:SRAFPU; classtype:attempted-recon; sid:625; rev:1;) alert tcp $HOME_NET 31337 -> $EXTERNAL_NET 80 (msg:"SCAN synscan microsoft"; id: 39426; flags: SF; classtype:attempted-recon; sid:633; rev:1;)

B. You install your IDS on a dedicated machine just inside the router. The machine is designed to send alerts to you when appropriate. You begin the install by performing a new install of Windows on a clean hard drive.
You install ISS Internet Scanner and ISS System Scanner on the new system. System Scanner is configured to do full backdoor testing, full baseline testing, and full password testing. Internet Scanner is configured with a custom policy you made to scan for all vulnerabilities. You configure both scanners to generate automatic weekly reports and to send you alerts when an incident of note takes place on the network.

C. You configure a new dedicated machine just outside the router and install Snort on that machine. The machine logs all intrusions locally, and you will connect to the machine remotely once each morning to pull the log files to your local machine for analysis.
You run snort with the following command: Snort ev \snort\log snort.conf and using the following rule base:
Alert tcp any any <> any 80 Alert tcp any any <> 10.10.0.0\16 any (content: "Password"; msg:"Password transfer Possible";) Log tcp any any <- 10.10.0.0\16 23 Log tcp any any <> 10.10.0.0\16 1:1024

D. You install Snort on a dedicated machine just outside the router. The machine is designed to send alerts to you when appropriate. You implement the following rule set:
Alert udp any any -> 10.10.0.0\16 (msg: "O\S Fingerprint Detected"; flags: S12;) Alert tcp any any -> 10.10.0.0\16 (msg: "Syn\Fin Scan Detected"; flags: SF;) Alert tcp any any -> 10.10.0.0\16 (msg: "Null Scan Detected"; flags: 0;) Log tcp any any -> 10.10.0.0\16 any
You then install Snort on the web and ftp server, also with this system designed to send you alerts when appropriate. You implement the built-in scan.rules ruleset on the server.

E. You install two computers to run your IDS. One will be a dedicated machine that is on the outside of the router, and the second will be on the inside of the router. You configure the machine on the outside of the router to run Snort, and you combine the default rules of several of the built-in rule sets. You combine the ddos.rules, dos.rules, exploit.rules, icmp.rules, and scan.rules.
On the system that is inside the router, running Snort, you also combine several of the built-in rule sets. You combine the scan.rules, web-cgi.rules, ftp.rules, web-misc.rules, and web-iis.rules. You configure the alerts on the two systems to send you email messages when events are identified. After you implement the two systems, you run some external scans and tests using vulnerability checkers and exploit testing software. You modify your rules based on your tests.

정답: E

문제4

You had been taking a short vacation, and when you come into work on Monday morning, Blue is already at your door, waiting to talk to you.
"We're got a problem," Blue says, "It seems that the password used by our Vice President of Engineering has been compromised." Over the weekend, we found this account had logged into the network 25 times. The Vice President was not even in the office over the weekend."
"Did we get the source of the compromise yet?"
"No, but it won't surprise me if it is our new neighbors at MassiveCorp. I need to you to come up with a realistic plan and bring it to me tomorrow afternoon. This problem must be resolved, and like everything else we do not have unlimited funds so keep that in mind."
Based on this information, choose the best solution to the password local authentication problem in the Executive building.}

A. Since you are aware of the significance of the password problems, you plan to address the
problem using technology. You write up a plan for Blue that includes the following points: 1.You will reconfigure the Testbed.globalcorp.org domain to control the password problem. 2.You will configure AD in this domain so that complex password policies are required. 3.The complex password policies will include:
a.Password length of at least 8 charactersa.
b.Passwords must be alphanumericb.
c.Passwords must meet Gold Standard of complexityc.
d.Passwords must be changed every 30 daysd.
e.Passwords cannot be reusede.

B. Since you are aware of the significance of the password problems, plan to address the problem
using technology. You write up a plan for Blue that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a
biometric solution.
2.You will install retinal scanners at every user desktop in the executive building.
3.You will personally enroll each user at each desktop.
4.You will instruct each user on the proper positioning and use of the scanner.
5.The biometric system will replace all passwords for authentication into each user Windows
system.

C. Since you are aware of the significance of the password problems, and since you do not have
unlimited funds, you plan to address this problem through education and through awareness. You
write up a plan for Blue that includes the following points:
1.All end users are to be trained on the methods of making strong passwords
2.All end users are instructed that they are to change their password at a minimum of every 30
days.
3.The administrative staff is to run password-checking utilities on all passwords every 30 days.
4.All end users are to be trained on the importance of never disclosing their password to any other
individual.
5.All end users are to be trained on the importance of never writing down their passwords where
they are clearly visible.

D. Since you are aware of the significance of the password problems, you plan to address the
problem using technology. You write up a plan for Blue that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a token-
based authentication system.
2.You will install the RSA SecurID time-based token system.
3.You will create SecurID user records for each user to match their domain accounts.
4.You will assign each user record a unique token.
5.You will hand deliver the tokens to the correct executive.
6.Users will be allowed to create their own PIN, which will be 4 characters long.
7.The tokens will replace all passwords for authentication into each user Windows system.

E. Since you are aware of the significance of the password problems, you plan to address the
problem using technology. You write up a plan for Blue that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a token-
based authentication system.
2.You will install the RSA SecurID challenge-response token system.
3.You will create SecurID user records for each user to match their domain accounts.
4.You will assign each user record a unique token.
5.You will hand deliver the tokens to the correct executive.
6.Users will be required to use tokencodes from the One-Time tokencode list. The tokencodes will
be alphanumeric and will be 4 characters long.
7.The tokens will replace all passwords for authentication into each user Windows system.

정답: D

우리와 연락하기

문의할 점이 있으시면 메일을 보내오세요. 12시간이내에 답장드리도록 하고 있습니다.

근무시간: ( UTC+9 ) 9:00-24:00
월요일~토요일

서포트: 바로 연락하기

최신 SC0-502 무료덤프 - SCP Security Certified Program (SCP)

우리와 연락하기

유용한 링크

최신 업데이트