carolsmith62's picture
From carolsmith62 rss RSS  subscribe Subscribe

SC0-402 Practice Tests & Exams 

CertMagic.com is a place where you can find various types of SC0-402 exam certifications preparation material. CertMagic’s full range of study material for the SC0-402 exam helps you to be prepared for the SC0-402 exam fully and enter the exam centre with full confidence.We provide you easy, simple and updated study material. After preparing from the SC0-402 exam material prepared by us we guarantee you that you will be a certified professional. We guarantee that with CertMagic SC0-402 study material, you will pass the Certification exam.

 

 
 
Tags:  SC0-402 Exams  SC0-402 Certification  SC0-402 Training  SC0-402 Practice Exams  SC0-402 Tests  SC0-402 Exam Materials  SC0-402 download 
Views:  321
Published:  November 20, 2009
 
0
download

Share plick with friends Share
save to favorite
Report Abuse Report Abuse
 
Related Plicks
640-802 Practice Tests & Exams

640-802 Practice Tests & Exams

From: carolsmith62
Views: 2808 Comments: 0

CertMagic.com is a place where you can find various types of 640-802 exam certifications preparation material. CertMagic’s full range of study material for the 640-802 exam helps you to be prepared for the 640-802 exam full (more)

 
642-542 Practice Tests & Exams

642-542 Practice Tests & Exams

From: carolsmith62
Views: 2642 Comments: 0
CertMagic.com is a place where you can find various types of 642-542 exam certifications preparation material. CertMagic’s full range of study material for the 642-542 exam helps you to be prepared for the 642-542 exam fully and enter the exam centr (more)

 
4h0-100 Exam

4h0-100 Exam

From: Seal.heart
Views: 503 Comments: 0
CertMagic.com is a place where you can find various types of 4h0-100 exam certifications preparation material. CertMagic’s full range of study material for the 4h0-100 exam helps you to be prepared for the 4h0-100 exam fully and enter the exam centr (more)

 
See all 
 
More from this user
MB7-221 Practice Tests & Exam

MB7-221 Practice Tests & Exam

From: carolsmith62
Views: 1356
Comments: 0

000-301 Practice Tests & Exams

000-301 Practice Tests & Exams

From: carolsmith62
Views: 1470
Comments: 0

4H0-100 Practice Tests & Exams

4H0-100 Practice Tests & Exams

From: carolsmith62
Views: 1011
Comments: 0

650-175 Practice Tests & Exams

650-175 Practice Tests & Exams

From: carolsmith62
Views: 1060
Comments: 0

000-743 Practice Tests & Exams

000-743 Practice Tests & Exams

From: carolsmith62
Views: 1014
Comments: 0

HP0-763 Practice Tests & Exams

HP0-763 Practice Tests & Exams

From: carolsmith62
Views: 1339
Comments: 0

See all 
 
 
 URL:          AddThis Social Bookmark Button
Embed Thin Player: (fits in most blogs)
Embed Full Player :
 
 

Name

Email (will NOT be shown to other users)

 

 
 
Comments: (watch)
 
 
Notes:
 
Slide 1: SC0-402 Exam Code: SC0-402 Network Design and Countermeasures Demo Version To Access Full Version, Please go to www.certmagic.com -1- http://www.certmagic.com
Slide 2: SC0-402 1. You are creating the User Account section of your organizational security policy. From the following options, select the questions to use for the formation of this section? A. Are users allowed to make copies of any operating system files (including, but not limited to /etc/passwd or the SAM)? B. Who in the organization has the right to approve the request for new user accounts? C. Are users allowed to have multiple accounts on a computer? D. Are users allowed to share their user account with coworkers? E. Are users required to use password-protected screensavers? F. Are users allowed to modify files they do not own, but have write abilities? Answer: BCD 2. You are examining a packet from an unknown host that was trying to ping one of your protected servers and notice that the packets it sent had an IPLen of 20 byes and DgmLen set to 60 bytes. What type of operating system should you believe this packet came from? A. Linux B. SCO C. Windows D. Mac OSX E. Netware Answer: C 3. You have found a user in your organization who has managed to gain access to a system that this user was not granted the right to use. This user has just provided you with a working example of which of the following? A. Intrusion B. Misuse C. Intrusion detection D. Misuse detection E. Anomaly detection Answer: A 4. You are configuring your new IDS machine, where you have recently installed Snort. While you are working with this machine, you wish to create some basic rules to test the ability to log traffic as you desire. Which of the following Snort rules will log any tcp traffic from any host other than 172.16.40.50 using any port, to any host in the 10.0.10.0/24 network using any port? A. log udp ! 172.16.40.50/32 any -> 10.0.10.0/24 any B. log tcp ! 172.16.40.50/32 any -> 10.0.10.0/24 any C. log udp ! 172.16.40.50/32 any <> 10.0.10.0/24 any D. log tcp ! 172.16.40.50/32 any <> 10.0.10.0/24 any E. log tcp ! 172.16.40.50/32 any <- 10.0.10.0/24 any Answer: B 5. What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts were part of a bigger intrusion, or would help discover infrequent attacks? -2- http://www.certmagic.com
Slide 3: SC0-402 A. 5 B. 9 C. 12 D. 10 E. 4 Answer: C 6. You are reviewing your company’s IPChains Firewall and see the command (minus the quotes) “ ! 10.10.10.216” as part of a rule, what does this mean? A. Traffic destined for host 10.10.10.216 is exempt from filtering B. Traffic originating from host 10.10.10.216 is exempt from filtering C. Any host except 10.10.10.216 D. Only host 10.10.10.216 E. Traffic destined for 10.10.10.216 gets sent to the input filter. F. Traffic originating from 10.10.10.216 gets sent to the input filter Answer: C 7. You have just installed a new firewall and explained the benefits to your CEO. Next you are asked what some of the limitations of the firewall are. Which of the following are issues where a firewall cannot help to secure the network? A. Poor Security Policy B. Increased ability to enforce policies -3- http://www.certmagic.com
Slide 4: SC0-402 C. End node virus control D. Increased ability to enforce policies E. Social Engineering Answer: ACE 8. You have been chosen to manage the new security system that is to be implemented next month in your network. You are determining the type of access control to use. What are the two types of Access Control that may be implemented in a network? A. Regulatory Access Control B. Mandatory Access Control C. Discretionary Access Control D. Centralized Access Control E. Distributed Access Control Answer: BC 9. To manage the risk analysis of your organization you must first identify the method of analysis to use. Which of the following organizations defines the current standards of risk analysis methodologies? A. NIST B. CERT C. F-ICRC D. NBS E. NSA Answer: A 10. Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file? -4- http://www.certmagic.com
Slide 5: SC0-402 A. Trojan Horse Scan B. Back Orifice Scan C. NetBus Scan D. Port Scan E. Ping Sweep Answer: B 11. Which of the following defines the security policy to be used for securing communications between the VPN Client and Server? A. Encapsulating Delimiters B. Security Authentications C. Encapsulating Security Payload D. Security Associations E. Authentication Header Answer: D 12. After a meeting between the IT department leaders and a security consultant, they decide to implement a new IDS in your network. You are later asked to explain to your team the type of IDS that is going to be implemented. Which of the following best describes the centralized design of a Host-Based IDS? A. In a Centralized design, sensors (also called agents) are placed on each key host throughout the network analyzing the network traffic for intrusion indicators. Once an incident is identified the sensor notifies the command console. B. In a Centralized design, the agents is on the single command console as the one that performs the analysis. There is a significant advantage to this method. The intrusion data can be monitored in real-time. C. In a Centralized design, the IDS uses what are known as agents (also called sensors). These agents are in fact small programs running on the hosts that are programmed to detect network traffic intrusions. They communicate with the command console, or a central computer controlling the IDS. D. In a Centralized design, sensors are installed in key positions throughout the network, and they all report to the command console. The sensors in this case, are full detection engines that have the ability to sniff network packets, analyze for known signatures, and notify the console with an alert if an intrusion is detected. E. In a Centralized design, the data is gathered and sent from the host to a centralized location. There is no significant performance drop on the hosts because the agents simply gather information and send them elsewhere for analysis. However, due to the nature of the design, there is no possibility of real-time detection and response. Answer: E 13. You are reviewing the IDS logs and during your analysis you notice a user account that had attempted to log on to your network ten times one night between 3 and 4 AM. This is quite different from the normal pattern of this user account, as this user is only in the office from 8AM to 6PM. Had your IDS detected this anomaly, which of the following types of detection best describes this event? A. External Intrusion B. Internal Intrusion C. Misuse Detection D. Behavioral Use Detection E. Hybrid Intrusion Attempt Answer: D 14. You have finished configuration of your ISA server and are in the section where you secure the actual server itself. Of the three options presented to you, which of the following answer best describes the Limited Services option? A. A Firewall that is a domain controller or an infrastructure server B. A Firewall that is a stand-alone firewall C. A Firewall that is a database server or an application server D. A Firewall that is a stand-alone web server E. A Firewall that is a domain controller and a web server Answer: A 15. You have been given the task of installing a new firewall system for your network. You are analyzing the different implementation options. Which of the following best describes a Screened Host? A. This is when one device is configured to run as a packet filter, granting or denying access based on the content of the headers. B. This is when a packet is received on one interface and sent out another interface. C. This is when a device has been configured with more than one network interface, and is running proxy software to forward packets back and forth between the interfaces. D. This is when the device reads only the session layer and higher headers to grant or deny access to the packet. -5- http://www.certmagic.com
Slide 6: SC0-402 E. This is when the network is protected by multiple devices, one running as a proxy server and another as a packet filter. The packet filter only accepting connections from the proxy server. Answer: E 16. You have configured your network to use Firewall-1 and you manage it from the Management GUI. What are the three applications that make up the Management GUI for Firewall-1? A. GUI Controller B. Log Viewer C. Status Viewer D. Policy Editor E. Packet Editor Answer: BCD 17. While preparing to implement a new security policy at your company, you have researched the many reasons people are both accepting and resisting of new policies. Which of the following is not a reason for an employee to resist a new security policy? A. The employee simply does not like change, and takes a while to get used to new things. B. The employee is a new hire, and interprets the policy as a requirement and part of the new hire paperwork. C. The employee is convinced the policy will impact his or her ability to do their job, which could be viewed as in the way of their career. D. The employee simply likes to be in the middle, and “rock the boat.” E. The employee is convinced the organization is spying on their every move, and do not want their work place to fall under the bigbrother pattern. Answer: B 18. What technology is being employed to resist SYN floods by having each side of the connection attempt create its own sequence number (This sequence number contains a synopsis of the connection so that if/when the connection attempt is finalized the fist part of the attempt can be re-created from the sequence number)? A. SYN cookie B. SYN floodgate C. SYN gate D. SYN damn E. SYN flood break Answer: A 19. To verify that your IPSec implementation is working as you intended, you sniff the network after the implementation has been completed. You are looking for specific values in the captures that will indicate to you the type of packets received. You analyze the packets, including headers and payload. IPSec works at which layer of the OSI model? A. Layer 1 B. Layer 2 C. Layer 3 D. Layer 4 E. Layer 5 Answer: C 20. After a meeting between the IT department leaders and a security consultant, they decided to implement a new IDS in your network. You are later asked to explain to your team the type of IDS that is going to be implemented. Which of the following best describes the distributed design of Host-Based IDS? A. In a Distributed design, the network intrusion data is gathered and sent from the host to a single location. There is no significant performance drop on the hosts because the agents simply gather information and send them elsewhere for analysis. However, due to the nature of the design, there is no possibility of real-time detection and response. B. In a Distributed design, the IDS uses what are known as agents (also called sensors) to capture the network intrusion data. These agents are in fact small programs running on the hosts that are programmed to detect intrusions upon the host. They communicate with the command console, or a central computer controlling the IDS. C. In a Distributed design, the agents on the hosts are the ones that perform the analysis. There is a significant advantage to this method. The intrusion data can be monitored in real-time. The flip side to this is that the hosts themselves may experience a bit of a performance drop as their computer is engaged in this work constantly. D. In a Distributed design, sensors (also called agents) are placed on each key host throughout the network analyzing the network traffic for intrusion indicators. Once an incident is identified the sensor notifies the command console. -6- http://www.certmagic.com
Slide 7: SC0-402 E. In a Distributed design, sensors are installed in key positions throughout the network, and they all report to the command console. The sensors in this case, are full detection engines that have the ability to sniff network packets, analyze for known signatures, and notify the console with an alert if an intrusion is detected. Answer: C -7- http://www.certmagic.com

   
Time on Slide Time on Plick
Slides per Visit Slide Views Views by Location