Name: Security Certified Program
Brand: ValidExamDumps
SKU: SC0-502
Price: 20 USD
Availability: InStock
Rating: 5.0 (130 reviews)

Free SCP SC0-502 Exam Actual Questions

The questions for SC0-502 were last updated On Jun 11, 2025

At ValidExamDumps, we consistently monitor updates to the SCP SC0-502 exam questions by SCP. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the SCP Security Certified Program exam on their first attempt without needing additional materials or study guides.

Other certification materials providers often include outdated or removed questions by SCP in their SCP SC0-502 exam. These outdated questions lead to customers failing their SCP Security Certified Program exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the SCP SC0-502 exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.

Question No. 1

You go back through your notes to the day that you recommended that the company get a firewall in place. Red had been convinced that the ISP protected the network, and that a firewall was too much technology on top of the router. Now that you have been given this responsibility, and since you have configured the router already, you wish to get the firewall in place as quickly as possible. You meet quickly with the CEO and mention that the network currently has no firewall, a serious problem. You inform the CEO that this must be fixed immediately, and that you have several firewall options. For this one instance, the CEO tells you to build the best solution; the decision is not going to be based on direct cost. Based on your knowledge of and the information you have from MegaCorp, select the best solution to th organization firewall problem:}

AYou decide to take advantage of the features of Microsoft ISA Server and Checkpoint NG. You implement two firewalls, each with two network cards. From one Ethernet interface of the router, you connect to a Checkpoint firewall, and from the other Ethernet interface on the router, you connect to a Microsoft ISA firewall.The Checkpoint firewall is connected via one NIC to the router, and the other NIC is connected to the Web and FTP Server. The Microsoft ISA Server is connected via one NIC to the router and the other NIC is connected to the LAN switch. You perform the following steps and configurations to setup the firewalls:
1.First, you configure the IP Address on both network cards of both firewalls.
1, SMART Clients, and Policy Server as the only components to install and complete the installation of Checkpoint.
2.Second, you select the Floodgate-
3.Third, you configure the Checkpoint firewall so only Web and FTP traffic are allowed inbound.
4.Fourth, you select the Cache Mode option during the install of ISA Server and complete the installation of Microsoft ISA Server.
5.Fifth, you allow all outbound traffic through the ISA Server.
6.Sixth, you allow only inbound traffic through the ISA Server that is in response to outbound requests.

BAfter analysis, you decide to implement a firewall using Checkpoint NG. You begin by installing a new machine, with a fresh hard drive, and the loading of NG. The new firewall will have four NICs. You connect the two Ethernet interfaces on the routers to two of the firewall NICs. You connect one firewall NIC to the Web and FTP server and one firewall NIC to the LAN switch. You perform the following steps and configurations to setup the firewall:
1.First, you configure the IP Addresses on all four network cards of the Checkpoint firewall.
2.Second, you select only the VPN-1 Firewall-1 components to install and complete the installation of Checkpoint.
3.Third, you configure the only new inbound network traffic to be destined for the WWW and FTP services on the Web and FTP server 4.Fourth, you block all other incoming traffic. 5.Fifth, you create anti-spoofing rules to block inbound traffic that might be spoofed. 6.Sixth, you configure all traffic to be allowed in the outbound direction

CAfter you analyze the network, you have decided that you are going to implement a firewall using Microsoft ISA Server. The new firewall will have four NICs. You connect the two Ethernet interfaces on the routers to two of the firewall NICs. You connect one NIC to the Web and FTP server and one NIC to the LAN switch.You perform the following steps and configurations to setup the firewall:
1.First, you format a new hard drive and install a new copy of Windows 2000 Server. 2.Second, you configure the correct IP Addresses on the four network cards. 3.Third, you install ISA Server into Firewall only mode, and complete the installation. 4.Fourth, you configure all inbound traffic to require the SYN flag to be set, all other inbound network traffic is denied 5.Fifth, you configure the network card towards the Web and FTP server will only allow ports 80, 20, and 21. 6.Sixth, you configure all outbound traffic to be allowed.

DAfter you analyze the company, you decide to implement a firewall using Microsoft ISA Server. You create a DMZ with the Web and FTP server on the network segment between the router and the new firewall. The firewall will have two NICs, one connected to the router, and one connected to the LAN switch You perform the following steps and configurations to setup the firewall:
1.First, you install a new version of ISA Server, installed in Firewall mode.
2.Second, you configure the inbound network card to disallow all network traffic that did not originate from inside the network or from the Web and FTP Server.
3.Third, you configure anti-spoofing rules to prevent spoofing attacks.
4.Fourth, you configure all outbound traffic to be allowed.
5.Fifth, you configure inbound traffic with the SYN flag on to be allowed, and to be logged to a SYSLOG server inside the network.

EAfter you run an analysis on the network and the MegaCorp needs, you decide to implement a firewall using Checkpoint NG. The firewall will have three NICs. One NIC is connected to the router, one NIC is connected to the Web and FTP server and one NIC is connected to the LAN switch. You perform the following steps and configurations to setup the firewall:
1.First, you install a new version of Checkpoint NG, selecting the VPN-1 and Firewall-1 components, and complete the installation. 2.Second, you configure the inbound rules to allow only SYN packets that are destined for ports 80, 20, and 21 on the Web and FTP server.
3.Third, you disallow all inbound traffic for the internal network, unless it is in response to an outbound request. 4.Fourth, you configure anti-spoofing rules on the inbound interface and log those connections to a log server.

Show Answer

Correct Answer: E

Question No. 2

It has been quite some time since you were called in to address the network and security needs of MegaCorp. You feel good in what you have accomplished so far. You have been able to get MegaCorp to deal with their Security Policy issue, you have secured the router, added a firewall, added intrusion detection, hardened the Operating Systems, and more. One thing you have not done however, is run active testing against the network

from the outside. This next level of testing is the final step, you decide, in wrapping up this first stage of the new MegaCorp network and security system. You setup a meeting with the CEO to discuss. "We have only one significant issue left to deal with here at MegaCorp," you begin. "We need some really solid testing of our network and our security systems." "Sounds fine to me, don't you do that all the time anyway? I mean, why meet about this?" "Well, in this case, I'd like to ask to bring in outside help. Folks who specialize in this sort of thing. I can do some of it, but it is not my specialty, and the outside look in will be better and more independent from an outside team." "What does that kind of thing cost, how long will it take?" "It will cost a bit of money, it won't be free, and with a network of our size, I think it can be done pretty quick. Once this is done and wrapped up, I will be resigning as the full time security and network pro here. I need to get back to my consulting company full time. Remember, this was not to be a permanent deal. I can help you with the interview, and this is the perfect time to wrap up that transition." "All right, fair enough. Get me your initial project estimates, and then I can make a more complete decision. And, Il get HR on hiring a new person right away." Later that afternoon you talk to the CEO and determine a budget for the testing. Once you get back to your office, you are calling different firms and consultants, and eventually you find a consulting group that you will work with. A few days later you meet with the group in their office, and you describe what you are looking for, and that their contact and person to report to is you. They ask what is off limits, and your response is only that they cannot do anything illegal, to which they agree and point out is written in their agreement as well. With this outside consulting group and your knowledge of the network and company, review and select the solution that will best provide for a complete test of the security of MegaCorp.}

AThe consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports. The consultants will first run remote network surveillance to identify hosts, followed by port scans and both passive and active fingerprinting. They will then run vulnerability scanners on the identified systems, and attempt to exploit any found vulnerabilities. They will next scan and test the router and firewall, followed by testing of the IDS rules They will then perform physical surveillance and dumpster diving to learn additional information. This will be followed by password sniffing and cracking. Finally, they will call into MegaCorp to see what information they can learn via social engineering.

BThe consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports. The first thing the consultants will do is dumpster diving and physical surveillance, looking for clues as to user information and other secret data that should not be outside of the network. Once they have identified several targets through the dumpster diving, they will run scans to match up and identify the workstations for those users. After identifying the user workstations, they will run vulnerability checks on the systems, to find holes, and if a hole is found they have been given permission to exploit the hole and gain access of the system.They will attempt to gain access to the firewall and router remotely, via password guessing, and will test the response of the network to Denial of Service attacks. Finally, they will call into MegaCorp to see what information they can learn via social engineering.

CThe consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports The consultants surprise you with their initial strategy. They intend to spend nearly 100% of their efforts over the first week on social engineering and other physical techniques, using little to no technology. They have gained access to the building as a maintenance crew, and will be coming into the office every night when employees are wrapping up for the day. All of their testing will be done through physical contact and informal questioning of the employees. Once they finish that stage, they will run short and direct vulnerability scanners on the systems that they feel will present weakness.

DThe consulting group has identified the steps it will follw in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports. The consultants have decided on a direct strategy. They will work inside the MegaCorp office, with the group introducing themselves to the employees. They will directly interview each employee, and perform extensive physical security checks of the network. They will review and provide analysis on the security policy, and follow that with electronic testing. They will run a single very robust vulnerability scanner on every single client and server in the network, and document the findings of the scan.

EThe consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.The consultants will start the process with remote network surveillance, checking to see what systems and services areavailable remotely. They will run both passive and active fingerprinting on any identified system. They will run customized vulnerability scanners on the identified systems, and follow that through with exploits, including new zero-day exploits they have written themselves. They will next run scans on the router, firewall, and intrusion detection, looking to identify operating systems and configurations of these devices. Once identified, they will run customized scripts to gain access to these devices. Once they complete the testing on the systems, they will dumpster dive to identify any leaked information.

Show Answer

Correct Answer: A

Question No. 3

You got the router configured just as you wish, and it is time to get the team together for a meeting. You have the advantage of knowing several of these people for quite some time through your contracting, but this will be your first full meeting with them. The next day, you sit down with the CEO, HR Director, and other management people in MegaCorp. You wish for the meeting to be as short as possible, so in this initial meeting, you open with a short summary and project what you feel is a serious problem with the company. "Thanks for coming. I will try to keep this as brief as possible. As you all know, Red was let go under difficult circumstances, and for the last week I have been working non-stop to get the network and security under control here. Very good progress has been made, but we are missing a fundamental component. There is no security policy here at MegaCorp." To this, you see some heads nod in agreement, others have no reaction whatsoever, and a few people let go disappointing sighs. "I agree that we need a security policy," adds the HR Director, "as long as it doesn't become too restrictive." "Policies are only used to document the posture of the organization, and to provide some guidance in the direction of the network and, in this case, the security of the network." You add, "Without a written policy, how is any employee supposed to know what is acceptable, what is not acceptable, and so on." "Our employees have common sense, we do not want the company to become overly regulated," says a middle manager who you have not spoken with before. "Common sense is great, the more the employees have, and the easier it is to implement the policies. But, there is no guarantee for the human element. A simple review of what just took place with Red is a quick reminder of this." With that comment, the middle manager relaxed a bit, and hesitantly agreed. "So, what I would like to do is to lead the development of the policy here, and work with each of you to get it implemented. In the next few days, I will be requesting a bit of your time, so we can talk one on one about your needs and issues surrounding the policy." The next week, you meet with the management team, and you have a list of questions for them, designed to help you in drafting the security policy. You have decided to break up the creation of the policy into pieces, spending shorter blocks of time on the policy. This allows the management to be able to keep most of their days open for running the company. During the meeting, you focus solely on the Acceptable Use statement for the users of the network. You ask the following questions to the group, and the consensus answer (after taking your suggestions into account) is listed after each question.

1.Are users allowed to share user accounts? No.

2.Are users allowed to install software without approval? No. Approval must come through you, or the current Chief Security Officer (CSO).

3.Are users allowed to copy software for archive or other purpose? No, archives can only be made by the network administration staff. 4.Are users allowed to read and\or copy files that they do not own, but have access to? Yes. 5.Are users allowed to make copies of any operating system files (such as the Windows directory or the SAM file)? No. 6.Are users allowed to modify files they do not own, but for which they have write abilities? Yes, if they have write abilities, they are allowed to modify the file. Using the provided information from the meeting, you draft the Acceptable Use Statement. The statement reads as follows:

This Acceptable Use Statement document covers MegaCorp, networks, computers, and computing resources. Network, computer, and computing resources are defined as physical personal computers, server systems, routers, switches, and network cabling. Also included in the definition are software (media) elements such as floppy disks, CD-ROMs (including writeable and re-writeable), DVD-ROMs, and tape backup systems. A user is defined as the individual account with authorization to access MegaCorp, resources. All users of the MegaCorp network are expected to conduct themselves in a respectful and legal manner. The MegaCorp, general computing systems are unclassified systems. As such, top-level secret information is not to be processed or stored on any general unclassified computer system. Individual users are responsible for the proper storage of their personal data on their workstations. For assistance on proper storage, users are instructed to contact the Security staff of MegaCorp. In the event that a user has identified a security breech, weakness, or system misuse in a MegaCorp, system, they are required to contact the on-duty Security staff immediately. Users are to use a completed MegaCorp-TPS Report for their notice to the Security staff. Initial contact with the Security staff about the incident might be conducted via email or telephone. Individual users are not granted access to systems and resources they have not been given explicit authority to access. In the event access to a resource is required, and access has not been granted, the user is to make a request to the on-duty Security staff. Individual users shall not make unauthorized copies of copy righted software, except as permitted by law or by the owner of the copyright. Individual users are not permitted to make copies of system configuration files for their own, unauthorized personal use or to provide to other people or users for unauthorized uses. Individual users are not permitted to share, loan, or otherwise allow access to a MegaCorp resource via the user assigned account. Individual users are not permitted to engage in any online or offline activity with the intent or harass other users; degrade the performance of any MegaCorp, system or resource; impede the ability of an authorized user to access an authorized resource; or attempt to gain access to an unauthorized resource. Electronic mail resources are for authorized use only. Messages that might be deemed fraudulent, harassing, or obscene shall not be sent from, to, or stored on Mega Corp, systems.Individual users are not permitted to download, install, or run any unauthorized programs or utilities, including those which reveal weaknesses in the security of a system. This includes, but is not limited to network sniffing tools and password cracking utilities. Users who are found to be in violation of this policy will be reported to the on-duty Security staff and the MegaCorp CEO. The CEO will determine if the violation will result in the loss of MegaCorp, network privileges. In he event the violation warrants, the CEO may press civil or criminal charges against the user. I have read and understand the MegaCorp, Acceptable Use Statement, and agree to abide by it. With this information, and your knowledge of MegaCorp, choose the answer that will provide the best solution for implementing the Acceptable Use statement policy needs of MegaCorp:}

AOnce the meeting ends, you make the changes that were discussed during the meeting. They are not too extensive, but you make them and present the document to the team again on Friday. Now that you have made the changes, the policy is accepted, and the discussion moves towards getting every employee to sign and agree to the policy. 'Well, it's Friday afternoon. Everyone needs their paychecks today.' Comments the HR director. 'Good point, let just print out 100 of these, and tell everyone to sign them in order to get their check.' Agrees one of the' managers. After some discussion, it is agreed that this will be the fastest way to get all the employees to sign the policy document. The meeting wraps up around 2:00, and the printing and stapling of the policy documents ends around 4:00. Over the next hour, the HD director, with the help of the manager, hand our checks, making all the employees sign the document in order to get their check. You think to your self that the efficiency of a small operation like this is nice to see in action. You go to get your check, sign your document, and are actually able to end your day at 5:00pm on a Friday.

BYou present the draft statement to the team at the next meeting. There is some discussion as to the wording in the clause regarding the internal TPS Report. Some in the group feel the TPS Report will be to tedious to use, others think with a distributed memo about the Report, everything will be fine. After further discussion all agree on the wording of the policy. The employees meet with the HR director over the next week, and are all presented with a copy of the policy and discuss how to it is to be implemented. There is some resistance, some of the employees are not happy about having a new procedure to follow. While walking back to your office, you see the CEO, and motion that you have a quick question, 'How does the new policy seem to be going with HR?' you ask. 'So far so good, there are a few folks not that happy, but I think wel be fine.' 'Ie got to get over there tomorrow to sign mine, when are you meeting with HR?' 'Me Ie got too much going on right now. I have to oversee everything; whatever happens and goes on here has to go through me anyway. I don't have time to bother with that myself, I just wanted to be sure we had something legally binding to protect us and to assist the employees.' 'Fair enough. Listen, I need to talk with you soon about our firewall situation,' you reply. 'OK, stop by anytime. You know my door is always open.' You walk away, and are pretty happy with how things are going here. You know you have more work to do, but so far your suggestions are being taken well and appreciated.

CYou present the current draft to the team at the next meeting. There is some discussion now on the language of the different clauses, and it seems that no one can agree on the points. What you thought was close to being done, now seems to be at risk of never getting done. As the meeting escalates, and opinions start to get louder, the CEO interrupts the group, 'Enough. We are a small group, we have enough in common, we know what we need out of this. We will bring in three contractors who specialize in policy writing. Wel give them our thoughts, they will work with our tireless Security Guru, and get this thing done.' You are not all that thrilled about three consultants coming down on your territory, but realize the frustration of the CEO. You agree, 'That fine by me. Il meet with them, and we will draft the document.' There is other business on the agenda for the meeting, but it is not related to you, so you excuse yourself and go back to your office. After working with the three consultants for a month, you have the document, approved by MegaCorp. You organize a company wide meeting, where the consultants describe the policy and what it is for to all the employees. The employees are told where they can find the policy to review for themselves, and after a question and answer session everyone gets back to their work.

DYou present the draft statement to the team at the next meeting. There is some discussion as to the wording in the clause regarding the internal TPS Report. Some in the group feel the TPS Report will be to tedious to use, others think with a distributed memo about the Report, everything will be fine. After further discussion all agree on the wording of the policy. The team finishes the discussion, and the meeting ends with approval of the document. Once the document is approved, you move the discussion towards getting everyone in the company aware of and agreeing to it. 'I suggest that we tie it into our paychecks, and have the document go through HR.' 'We could do that, I guess. I can present the document to all the employees over the rest of the month.' the HR Director responds. Following that, the CEO brings up that there is going to be a company dinner next month, and that at the dinner the CEO will declare the policy in place, and that 'As all of us become comfortable with this, we all should appreciate this step forward for our company.' The next day, you post the policy on the company intranet site, so everyone has an electronic copy to go with their copy from the HR meeting. Once that is done, you move on to your next project.

EAfter the review of the policy it is decided that some of the bullet points in the document need to be changed. You make the requested changes, and the team reviews the document once more. 'It all looks good to me now,' says a manager in the meeting. 'OK, how should we present this to the employees?' you ask. 'I could take a copy to each employee and discuss it with them,' offers the HR director. 'No, that would be too time-consuming. That not a good use of your time,' responds the CEO. 'We need to get this done, obviously. What is our most cost-effective way of doing this?' 'Well, I could post the policy on our intranet site, and we could have the employees go and download it themselves. During lunch, perhaps?' you suggest. 'That sounds good, let take that approach,' the CEO answers.' Later that day, you create a quick intranet site, called MegaCorp policy and documents. You draft a quick email, which will be sent to all the employees in the company:
'Dear _____, At MegaCorp we have just finished work on a security policy that will clearly define the use of the computers and other issues. This document will answer the questions that many of you have had recently on what you are allowed to do with the computer and when online. At your earliest convenience, please connect to the new site I have linked here, to download and read the new policy. Thanks and have a great day. -MegaCorp Security Staff.' You verify the site is working, send the email out to all the employees, and go home for the day.

Show Answer

Correct Answer: D

Question No. 4

The network has been receiving quite a lot of inbound traffic, and although you have been given instructions to keep the network open, you want to know what is going on. You have decided to implement an Intrusion Detection System. You bring this up at the next meeting. "After looking at our current network security, and the network traffic we are dealing with, I recommend that we implement an Intrusion Detection System," you begin. "We don't have any more budget for security equipment, it will have to wait until next year." This is the reply from the CEO that you were anticipating. "I realize that the budget is tight, but this is an important part of setting up security." You continue, "If I cannot properly identify all the network traffic, and have a system in place to respond to it, we might not know about an incident until after our information is found for sale on the open market." As expected, your last comment got the group thinking. What about false alarms?" asks the VP of sales, "I hear those things are always going off, and just end up wasting everyone time." "That's a fair concern, but it is my concern. When we implement the system, I will fine tune it and adjust it until the alarms it generates are appropriate, and are generated when there is legitimately something to be concerned about. We are concerned with traffic that would indicate an attack; only then will the system send me an alert." For a few minutes there was talk back and forth in the room, and then the CEO responds again to your inquiry, "I agree that this type of thing could be helpful. But, we simply don't have any ore budget for it. Since it is a good idea, go ahead nd find a way to implement this, but don't spend ny money on it." ith this information, and your knowledge of MegaCorp, choose the answer that will provide the best olution for the IDS needs of MegaCorp:}

AYou install Snort on a dedicated machine just outside the router. The machine is designed to send alerts to ou when appropriate. You implement the following rule set:
Alert udp any any -> 10.10.0.0\16 (msg: 'O\S Fingerprint Detected'; flags: S12;) Alert tcp any any -> 10.10.0.0\16 (msg: 'Syn\Fin Scan Detected'; flags: SF;) Alert tcp any any -> 10.10.0.0\16 (msg: 'Null Scan Detected'; flags: 0;) Log tcp any any -> 10.10.0.0\16 any You then install Snort on the web and ftp server, also with this system designed to send you alerts when ppropriate. You implement the built-in scan.rules ruleset on the server.

BYou configure a new dedicated machine just outside the router and install Snort on that machine. The achine logs all intrusions locally, and you will connect to the machine emotely ce each morning to pull the log files to your local machine for analysis. ou run snort with the following command: Snort ev \snort\log snort.conf and using the following rule base: Alert tcp any any <> any 80 Alert tcp any any <> 10.10.0.0\16 any (content: 'Password'; msg:'Password transfer Possible';) Log tcp any any <- 10.10.0.0\16 23 Log tcp any any <> 10.10.0.0\16 1:1024

CYou install your IDS on a dedicated machine just inside the router. The machine is designed to send alerts o you when appropriate. You begin the install by performing a ew install of indows on a clean hard drive. ou install ISS Internet Scanner and ISS System Scanner on the new system. System Scanner is configured to o full backdoor testing, full baseline testing, and full password testing. nternet Scanner is configured with a custom policy you made to scan for all vulnerabilities. You configure both canners to enerate automatic weekly reports and to send you alerts when n incident of note takes lace on the network. .

DYou install two computers to run your IDS. One will be a dedicated machine that is on the outside of the outer, and the second will be on the inside of the outer. You configure the achine on the outside of the router to run Snort, and you combine the default rules of several of the built-in ule sets. You combine the ddos.rules, os.rules, exploit.rules, icmp.rules, nd scan.rules. n the system that is inside the router, running Snort, you also combine several of the uilt-in rule sets. You ombine the scan.rules, web-cgi.rules, ftp.rules, web-misc.rules, and eb-iis.rules. ou configure the alerts on the two systems to send you email messages when events are dentified. After you mplement the two systems, you run some external scans and tests using vulnerability checkers and exploit testing software. You modify your rules based on your tests.

EYou install Snort on a dedicated machine just inside the router. The machine is designed to send alerts to you when appropriate. You do have some concern that the system will have too many rules to operate efficiently. To address this, you decide to pull the critical rules out of the built-in rule sets, and create one simple rule set that is short and will cover all of the serious incidents that the network might experience. alert udp any 19 <> $HOME_NET 7 (msg:'DOS UDP Bomb'; classtype:attempted-dos; sid:271; rev:1;) alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:'DOS Teardrop attack'; id:242; fragbits:M; classtype:attempted-dos; sid:270; rev:1;) alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:'DDOS TFN Probe'; id: 678; itype:8; content: '1234'; classtype:attempted-recon; sid:221; rev:1;) alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:'ICMP PING NMAP'; dsize: 0; itype: 8; classtype:attempted-recon; sid:469; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:'SCAN XMAS';flags:SRAFPU; classtype:attempted-recon; sid:625; rev:1;) alert tcp $HOME_NET 31337 -> $EXTERNAL_NET 80 (msg:'SCAN synscan microsoft'; id: 39426; flags: SF; classtype:attempted-recon; sid:633; rev:1;)

Show Answer

Correct Answer: D

Question No. 5

By now, you are feeling confident that the security of the MegaCorp network is getting under control. You are aware that there are still several critical areas that you must deal with, and today you are addressing one of those areas. You have been able to take care of the router, firewall, security policy, and intrusion detection, now you are concerned with some of the hosts in the network. Since the organization is not very large, you are the only person working in the IT end of the company. It will be up to you to directly work on the systems throughout the network. You make a quick chart of the systems you know should be in the MegaCorp network:

Server0001, 10.10.20.101, Windows 2000 Server Server0010, 10.10.20.102, Windows 2000 Server Server0011, 10.10.20.103, Windows 2000 Server Server0100, 10.10.20.104, Linux (Red Hat 8.0) User systems, 10.10.100.100~10.10.100.200, Windows 2000 Professional The addressing that you recommended months ago is in place, and it follows a distinct logical pattern, you are hoping that no new systems are hidden in the network somewhere. In the company, you have been granted domain administrator rights, and no other user is authorized to have administrator, root, supervisor, or otherwise privileged level of access. All the Windows systems are to belong to one windows domain called SCNA.edu. Users are no longer allowed to install unauthorized applications, and are all to use the file servers for storage. Although they have the ability to do so, users are not supposed to store any work data on their local systems. The servers are located in a server cabinet that is inside your office, so you decide to start working there. Using your knowledge of MegaCorp select the best solution for hardening the MegaCorp operating systems:}

AThe first thing you do is to run a Nessus scan against all the servers in the room, noting the findings of the scans. You then begin on the servers by running some tests on the Linux server. First, you run Tripwire on the entire system to ensure that there are no rogue Root accounts, and the test is positive. Second, you ensure that there are no unauthorized objects available through the network, and third you lock the system down with Bastille. You then work on the Windows servers. You run a check to ensure thereare no unauthorized administrator accounts, and there are not. You create a custom security template and implement the template on each server using the Security Configuration and Analysis Snap-In, and you ensure that each system is updated with the latest patches.Finally, you analyze the user's desktops. You go one by one through the network checking for added user accounts, and you find some. You remove these unauthorized accounts and check for software and applications. Again, you find some applications that are not allowed and you remove them. You check the systems for hardware changes, and address the issues that you find.

BYou start the job by running some analysis on the Windows servers. You do this using the Security
Configuration and Analysis Snap-In, and you ensure that each system is updated with the latest patches. You find several user accounts that have been given local administrator access, and you remove these accounts. You next use the Secedit tool to implement local encryption on the shared hard drive to secure the local files for the network users. You then work on the Linux server. To your surprise there are no unauthorized root accounts, nor any unauthorized shares. You ensure that the permissions are correct on the shared objects, and run Bastille to lock down the server. You then work on the client machines. Before you physically sit at each machine, you run a Nessus scan from your office. Bringing the results with you, you go to each machine and address any issues as identified in the Nessus scan, remove any unauthorized applications

CYou being by running a Nessus scan from your office laptop on the systems in the network, first the servers, then the user workstations. After the scans are complete, you store the reports on your laptop, and you take your laptop to the server room.In the server room, you begin on the Windows servers. You implement a custom security template on each server using the Security Configuration and Analysis Snap-In, remove any unauthorized accounts, ensure that each system is updated with the latest patches, and ensure that the permissions on each shared object are as per policy. You then work on the Linux server, by addressing each point identified in the Nessus scan. You then lock the system with Bastille, ensure that each system is updated with the latest patches, and run a quick Tripwire scan to create a baseline for the system. You take your laptop with you as you go throughout the network to each user workstation, ensure that each system is updated with the latest patches, and you take care of each issue you found on the machines. There are a few systems that you find with unauthorized applications and you remove those applications.

DThe first thing you decide to do is plug your laptop into the server room, and run a full Nessus scan on the entire network, specifically looking for every backdoor vulnerability that the application can check. This takes some time to compile, but you eventually end up with a list of issues to address on each machine. You move on to the Linux server, and run a fast Tripwire check on the system to look for any additional vulnerabilities. Once that check is done, you install SSH so that all access by every user will be encrypted to the server, and you run Bastille to lock down the system.At the Windows systems, you address any issues found during the Nessus scan, you ensure that each system is updated with the latest patches, and you ensure that the systems are all functioning as fully secure and functional file servers to the network by implementing the HISECWEB.INF template in the Security Configuration and Analysis Snap-In. Finally, you work on each desktop machine by removing any vulnerabilities listed in the scan report. You remove a few pieces of unauthorized hardware and many unauthorized applications.

EYou begin by running a Nessus scan on each computer in the network, using the \hotfix switch to create a full report. The report identifies every vulnerability on each system and lists the specific changes you must make to each system to fix any found vulnerabilities. You take the report to the server room and start with the Linux server. On the server, you run through the steps as outlined in the Nessus report, and end by locking the system using Bastille. Then, you move to the Windows systems, again following the steps of the Nessus report, and ending by using the Security Configuration and Analysis Snap-In to implement the Gold Standard template on every server. Finally, you proceed to each user workstation. At each user machine, you follow each step for each system,based on your report. Once you have addressed all the vulnerabilities in the systems, you run a quick Secedit scan on each system to ensure that they are all locked down and that proper encryption is configured.

Show Answer

Correct Answer: C