SCP SC0-502 問題集

質問 1：
The MegaCorp network has been running smoothly for some time now. You are growing confident that you have taken care of all the critical needs, and that the network is moving towards a new state of maturity in the current configuration. You head out of the office on Friday at noon, since you have put in lots of long hours over the lat month.
On Monday, you are driving into the office, and you happen to look at the speed limit sign that is on the road right next to MegaCorp. On the sign, in black paint, you see the following symbol:
Compaq
)(
Not good, you think, someone has been wardriving your office complex. That better not be in my office. The office building that MegaCorp is in has many other offices and companies, MegaCorp is not the only tenant.
When you get inside, you check all your primary systems, router, firewall, and servers, looking for quick and fast signs of trouble. There does not seem to be any trouble so far. You check through your Snort logs, and so far so good. You are starting to think that whatever the war drivers found, it was not part of MegaCorp.
You know that the MegaCorp policy does not allow for wireless devices, and you have neither installed nor approved any wireless for the network. Since it is still early (you get in at 7:30 on Mondays), you do not have anyone to talk to about adding any wireless devices.
Select the solution that will allow you to find any unauthorized wireless devices in the network in the least amount of time, and with the least disruption to the office and employees.}
A. You take your laptop, which has a built-in wireless network card, and you enable it. You had not enabled the card before, as you know that wireless is not used in this network. You do a quick install of NetStumbler and watch on screen to see what might come up sitting in your office. A few seconds after the WNIC is initialized and NetStumbler is running, you see the following line in NetStumbler: MAC: 46EAB5FD7C43, SSID: Dell, Channel: 11, Type: Peer, Beacon: 100. You expand channel 11 on the left side of NetStumbler, and see that MAC 46EAB5FD7C43 is bolded.
You are surprised to find that there is a wireless device running in the network, and now you are off to see if you can locate the physical device. You take your laptop and head out of your office. You get about 20 feet away from the office when you are stopped by the HR director, who needs help with a laser printer. You also stop to chat about your findings with the CEO, who has just come in to the office. You put your laptop back in your office, to check later in the day.
Although you did not isolate the physical location of the device, you are confident that you have indeed found a rogue device. As soon as you locate the device, you will make a report for the CEO, and see to it that the device is removed immediately.
B. You decide to spend a full hour and a half from 8:00 to 9:30 going over your logs and data. Until then, you wrap up some early email and pull the log files together to review.
It takes some time to gather all the log files that you can find, but you are able to get everything you need. You get the log form the Router, the Firewall, the IDS, the internal servers, and the web and ftp server. For the next 90 minutes you do nothing other than study the logs looking for unusual traffic, or anything that would be a trigger to you that there has been an intruder in the network.
First, you spend time on the router logs. On the routers you see a series of the following events: %SYS-5-CONFIG_I: Configured from console by vty1 (10.10.50.23) This is an event you consider, and dismiss as not from an attacker.
You then analyze the firewall, and again there you find that there are no logs indicating an intruder is present. All the IP traffic is from authorized IP Addresses. The IDS logs yield similar results. Only authorized traffic from hosts that have legitimate IP Addresses from the inside of the network.
Analyzing the server logs brings you to the same conclusion. All four severs show that the only access has been from the authorized hosts in the network, that no foreign IP Addresses have even attempted a connection into the private servers. The web\ftp server that has a public IP Address has had some failed attempts, but these are all in the realm of what you expect, nothing there stands out to you as well.
After your hour and half, you feel that you have gone through all the logs, and that there is no evidence that there has been any unauthorized access into any of your network resources, and you conclude that the wireless device is not in your office.
C. You take your laptop, initialize your WNIC, plug in your external antenna, and enable NetStumbler. You are glad that you keep all your gear nearby, even when you don normally use it. You would have had a 40 minute round trip drive to go home and get your own wardriving equipment.
By 8:30 you have found several wireless devices, but are not sure which, if any might be in your office. The output from NetStumbler shows the following:
MAC:46EAB5FD7C43, SSID:Dell, Channel:11, Type:Peer, Beacon:100 MAC:AB3B3E23AB45, SSID:Cisco, Channel:9, Type:AP, Beacon:85 MAC:000625513AAE, SSID:Compaq, Channel:7, Type:Peer, WEP, Beacon:67 MAC:000C4119420F, SSID:Private, Channel:11, Type:AP, Beacon:55
The one you are most interested in is the Compaq device, as although you know the war drivers might have just written it down, you want to look for Compaq devices first. The Compaq is also an AP, so your suspicion is high. You walk around the office, watching for the numbers in NetStumbler to adjust.
As you walk towards the street, you note the strength of the Compaq device weakens, by the time you get near the windows the signal is very weak. So, you turn around and walk away from the street, and sure enough the signal gets stronger. You actually walk out the main office door into the building interior courtyard. Across the courtyard you find the signal stronger and stronger.
After you walk around for some time, you are sure that you have isolated the signal as coming from an office inside the building and exactly opposite MegaCorp. The device is not in your office, and you will report this to the CEO. You will also ask the CEO if you should inform the neighbor that their network is possibly at risk due to their wireless network use.
D. You take your laptop, initialize your WNIC, plug in your external antenna, and enable NetStumbler. You are glad that you keep all your gear nearby, even when you don't normally use it. It is not yet 8:00, and you will be able to walk the office freely, looking for any rogue device.
You turn on the laptop, and turn on your WNIC and NetStumbler. Right away, you see the
following line: MAC: 46EAB5FD7C43, SSID: Dell, Channel: 11, Type: Peer, Beacon: 100. You
think that is what you were expecting, and you go on looking for the unauthorized device.
You walk around the office for a while, and see no fluctuation in the numbers, and do not see any
other devices on screen. By 8:30, most of the employees have come into the office. You meet the
CEO, who is just coming into the office and give a short report on what you are doing. Everyone
you meet has their lunches, work files, briefcases or laptop bags, and they get settled in like any
other day. You get pulled into several conversations with your co-workers as they get started.
At 9:10, you get back to your laptop and you look down at your screen to see what NetStumbler
has to show. There are now two lines, versus the one that was there before:
MAC: 46EAB5FD7C4, SSID: Dell, Channel: 11, Type: Peer, Beacon: 100.
MAC: 000BCDA36ED, SSID: Compaq, Channel: 9, Type: Peer, Beacon: 75.
You close your laptop confident that you now know the exact location of the rogue device, which
you have identified as a Compaq laptop, running in peer mode, and you go to address the device
immediately.
E. Since the company has a clear policy against the use of wireless devices, and since you know each employee you are fairly confident that the device in question is not inside the MegaCorp office. You schedule from 8:00 to 8:30 to do a visual walkthrough of the facilities.
At 8:00, you grab your notebook, which has a network map and other reference notes, and you begin your walkthrough. You walk into every office, except for the CEO office, which is locked, and access is not granted.
You spend several minutes in each office, and you spend some time in the open area where the majority of the employees work. You do not see any wireless access points, and you do not see any wireless antennas sticking up anywhere. It takes you more than the half an hour you allocated.
By 9:00, the office has filled up, and most people are getting their workweek started. You see the CEO walking in, and motion that you have a question. You say, "I am doing a quick walkthrough of the office, there might be a wireless device in here, and I know they are not allowed, so I am checking to see if I can find it." "As far as I know, there are no wireless devices in the network. We don't allow it, and I know that no one has asked me to put in wireless." "That what I thought. I sure we don't have any running here." You reply. You are confident the wireless problem is in another office.
正解：D

質問 2：
Now that you have MegaCorp somewhat under control, you are getting ready to go home for the night. You have made good progress on the network recently, and things seem to be going smoothly. On your way out, you stop by the CEO office and say good night. You are told that you will be meeting in the morning, so try to get in a few minutes early.
The next morning, you get to the office 20 minutes earlier than normal, and the CEO stops by your office, "Thanks for coming in a bit early. No problem really, I just wanted to discuss with you a current need we have with the network."
"OK, go right ahead." You know the network pretty well by now, and are ready for whatever is thrown your way.
"We are hiring 5 new salespeople, and they will all be working from home or on the road. I want to be sure that the network stays safe, and that they can get access no matter where they are."
"Not a problem," you reply. "Il get the plan for this done right away."
"Thanks a lot, if you have any questions for me, just let me know."
You are relieved that there was not a major problem and do some background work for integrating the new remote users. After talking with the CEO more, you find out that the users will be working from there home nearly all the time, with very little access from on the road locations.
The remote users are all using Windows 2000 Professional, and will be part of the domain. The CEO has purchased all the remote users brand new Compaq laptops, just like the one used in the CEO's office, and which the CEO takes home each night; complete with DVD\CD-burner drives, built-in WNICs, 17" LCD widescreen displays, oversized hard drives, a gig of memory, and fast processing. wish I was on the road to get one of those, you think.
You start planning and decide that you will implement a new VPN Server next to the Web and FTP Server. You are going to assign the remote users IP Addresses: 10.10.60.100~10.10.60.105, and will configure the systems to run Windows 2000 Professional.
Based on this information, and your knowledge of the MegaCorp network up to this point, choose the best solution for the secure remote user needs:}
A. You begin with configuring the VPN server, which is running Windows 2000 Server. You create five new accounts on that system, granting each of them the Allow Virtual Private Connections right in Active Directory Users and Computers. You then configure the range of IP Addresses to provide to the clients as: 10.10.60.100 through 10.10.60.105. Next, you configure five IPSec Tunnel endpoints on the server, each to use L2TP as the protocol.
Then, you configure the clients. On each system, you configure a shortcut on the desktop to use to connect to the VPN. The shortcut is configured to create an L2TP IPSec tunnel to the VPN server. The connection itself is configured to exchange keys with the user ISP to create a tunnel between the user ISP endpoint and the MegaCorp VPN Server.
B. You choose to configure the VPN server first, by installing the VPN High Encryption Service Pack and the HISECVPN.INF built-in security template through the Security Configuration and Analysis Snap-In. Once the Service pack and template are installed, you configure five user accounts and a static pool of IP Addresses for each account.
You then configure the PPTP service on the VPN server, without using inbound or outbound filters due to the protection of the Service Pack. You grant each user the right to dial into the server remotely, and move on to the laptops.
On each laptop, you install the VPN High Encryption Service Pack, to bring the security level of the laptops up to the same level as the VPN server. You then configure a shortcut on each desktop that controls the direct transport VPN connection from the client to the server.
C. You configure the VPN clients first, by installing the VPN High Encryption Service Pack. With this installed, you configure the clients to use RSA, with 1024-bit keys. You configure a shortcut on the desktop that automatically uses the private\public key pair to communicate with the VPN Server, regardless of where the user is locally connected.
On the VPN Server, you also install the VPN High Encryption Service Pack, and configure 1024bit RSA encryption. You create five new user accounts, and grant them all remote access rights, using Active Directory Sites and Services. You configure the VPN service to send the server's public key to the remote users upon the request to configure the tunnel. Once the request is made, the VPN server will build the tunnel, from the server side, to the client.
D. You decide to start the configuration on the VPN clients. You create a shortcut on the desktop to connect to the VPN Server. Your design is such that the user will simply double-click the shortcut and the client will make the VPN connection to the server, using PPTP. You do not configure any filters on the VPN client systems.
On the VPN Server, you first configure routing and remote access for the new accounts and allow them to have Dial-In access. You then configure a static IP Address pool for the five remote users. Next, you configure the remote access policy to grant remote access, and you implement the following PPTP filtering:
Inbound Protocol 47 (GRE) allowed Inbound TCP source port 0, destination port 1723 allowed Inbound TCP source port 520, destination port 520 allowed Outbound Protocol 47 (GRE) allowed Outbound TCP source port 1723, destination port 0 allowed Outbound TCP source port 520, destination port 520 allowed
E. To start the project, you first work on the laptops you have been given. On each laptop, you configure the system to make a single Internet connection to the user's ISP. Next, you configure a shortcut on the desktop for the VPN connection. You design the connection to use L2TP, with port filtering on outbound UDP 500 and UDP 1701. When a user double-clicks the desktop icon you have it configured to make an automatic tunnel to the VPN server.
On the VPN server, you configure the system to use L2TP with port filtering on inbound UDP 500 and UDP 1701. You create a static pool of assigned IP Address reservations for the five remote clients. You configure automatic redirection on the VPN server in the routing and remote access MMC, so once the client has connected to the VPN server, he or she will automatically be redirection to the inside network, with all resources available in his or her Network Neighborhood.
正解：D

質問 3：
Now that you have MegaCorp somewhat under control, you are getting ready to go home for the night. You have made good progress on the network recently, and things seem to be going smoothly. On your way out, you stop by the CEO office and say good night. You are told that you will be meeting in the morning, so try to get in a few minutes early.
The next morning, you get to the office 20 minutes earlier than normal, and the CEO stops by your office, "Thanks for coming in a bit early. No problem really, I just wanted to discuss with you a current need we have with the network."
"OK, go right ahead." You know the network pretty well by now, and are ready for whatever is thrown your way.
"We are hiring 5 new salespeople, and they will all be working from home or on the road. I want to be sure that the network stays safe, and that they can get access no matter where they are."
"Not a problem," you reply. "Il get the plan for this done right away."
"Thanks a lot, if you have any questions for me, just let me know."
You are relieved that there was not a major problem and do some background work for integrating the new remote users. After talking with the CEO more, you find out that the users will be working from there home nearly all the time, with very little access from on the road locations.
The remote users are all using Windows 2000 Professional, and will be part of the domain. The CEO has purchased all the remote users brand new Compaq laptops, just like the one used in the CEO office, and which the CEO takes home each night; complete with DVD\CD-burner drives, built-in WNICs, 17" LCD widescreen displays, oversized hard drives, a gig of memory, and fast processing. wish I was on the road to get one of those, you think.
You start planning and decide that you will implement a new VPN Server next to the Web and FTP Server. You are going to assign the remote users IP Addresses: 10.10.60.100~10.10.60.105, and will configure the systems to run Windows 2000 Professional.
Based on this information, and your knowledge of the MegaCorp network up to this point, choose the best solution for the secure remote user needs:}
A. You begin with configuring the VPN server, which is running Windows 2000 Server. You create five new accounts on that system, granting each of them the Allow Virtual Private Connections right in Active Directory Users and Computers. You then configure the range of IP Addresses to provide to the clients as: 10.10.60.100 through 10.10.60.105. Next, you configure five IPSec Tunnel endpoints on the server, each to use L2TP as the protocol.
Then, you configure the clients. On each system, you configure a shortcut on the desktop to use to connect to the VPN. The shortcut is configured to create an L2TP IPSec tunnel to the VPN server. The connection itself is configured to exchange keys with the user ISP to create a tunnel between the user ISP endpoint and the MegaCorp VPN Server.
B. To start the project, you first work on the laptops you have been given. On each laptop, you configure the system to make a single Internet connection to the user ISP. Next, you configure a shortcut on the desktop for the VPN connection. You design the connection to use L2TP, with port filtering on outbound UDP 500 and UDP 1701. When a user double-clicks the desktop icon you have it configured to make an automatic tunnel to the VPN server.
On the VPN server, you configure the system to use L2TP with port filtering on inbound UDP 500 and UDP 1701. You create a static pool of assigned IP Address reservations for the five remote clients. You configure automatic redirection on the VPN server in the routing and remote access MMC, so once the client has connected to the VPN server, he or she will automatically be redirected to the inside network, with all resources available in his or her Network Neighborhood.
C. You decide to start the configuration on the VPN clients. You create a shortcut on the desktop to connect to the VPN Server. Your design is such that the user will simply double-click the shortcut and the client will make the VPN connection to the server, using PPTP. You do not configure any filters on the VPN client systems.
On the VPN Server, you first configure routing and remote access for the new accounts and allow them to have Dial-In access. You then configure a static IP Address pool for the five remote users. Next, you configure the remote access policy to grant remote access, and you implement the following PPTP filtering:
Inbound Protocol 47 (GRE) allowed Inbound TCP source port 0, destination port 1723 allowed Inbound TCP source port 520, destination port 520 allowed Outbound Protocol 47 (GRE) allowed Outbound TCP source port 1723, destination port 0 allowed Outbound TCP source port 520, destination port 520 allowed
D. You configure the VPN clients first, by installing the VPN High Encryption Service Pack. With this installed, you configure the clients to use RSA, with 1024-bit keys. You configure a shortcut on the desktop that automatically uses the private\public key pair to communicate with the VPN Server, regardless of where the user is locally connected.
On the VPN Server, you also install the VPN High Encryption Service Pack, and configure 1024bit RSA encryption. You create five new user accounts, and grant them all remote access rights, using Active Directory Sites and Services. You configure the VPN service to send the server public key to the remote users upon the request to configure the tunnel. Once the request is made, the VPN server will build the tunnel, from the server side, to the client.
E. You choose to configure the VPN server first, by installing the VPN High Encryption Service Pack and the HISECVPN.INF built-in security template through the Security Configuration and Analysis Snap-In. Once the Service pack and template are installed, you configure five user accounts and a static pool of IP Addresses for each account.
You then configure the PPTP service on the VPN server, without using inbound or outbound filters ?due to the protection of the Service Pack. You grant each user the right to dial into the server remotely, and move on to the laptops.
On each laptop, you install the VPN High Encryption Service Pack, to bring the security level of the laptops up to the same level as the VPN server. You then configure a shortcut on each desktop that controls the direct transport VPN connection from the client to the server.
正解：C

質問 4：
It has been quite some time since you were called in to address the network and security needs of MegaCorp. You feel good in what you have accomplished so far. You have been able to get MegaCorp to deal with their Security Policy issue, you have secured the router, added a firewall, added intrusion detection, hardened the Operating Systems, and more.
One thing you have not done however, is run active testing against the network from the outside. This next level of testing is the final step, you decide, in wrapping up this first stage of the new MegaCorp network and security system. You setup a meeting with the CEO to discuss.
"We have only one significant issue left to deal with here at MegaCorp," you begin. "We need some really solid testing of our network and our security systems."
"Sounds fine to me, don't you do that all the time anyway? I mean, why meet about this?"
"Well, in this case, I'd like to ask to bring in outside help. Folks who specialize in this sort of thing. I can do some of it, but it is not my specialty, and the outside look in will be better and more independent from an outside team."
"What does that kind of thing cost, how long will it take?"
"It will cost a bit of money, it won't be free, and with a network of our size, I think it can be done pretty quick. Once this is done and wrapped up, I will be resigning as the full time security and network pro here. I need to get back to my consulting company full time. Remember, this was not to be a permanent deal. I can help you with the interview, and this is the perfect time to wrap up that transition."
"All right, fair enough. Get me your initial project estimates, and then I can make a more complete decision. And, Il get HR on hiring a new person right away."
Later that afternoon you talk to the CEO and determine a budget for the testing. Once you get back to your office, you are calling different firms and consultants, and eventually you find a consulting group that you will work with.
A few days later you meet with the group in their office, and you describe what you are looking for, and that their contact and person to report to is you. They ask what is off limits, and your response is only that they cannot do anything illegal, to which they agree and point out is written in their agreement as well.
With this outside consulting group and your knowledge of the network and company, review and select the solution that will best provide for a complete test of the security of MegaCorp.}
A. The consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.
The consultants will first run remote network surveillance to identify hosts, followed by port scans and both passive and active fingerprinting. They will then run vulnerability scanners on the identified systems, and attempt to exploit any found vulnerabilities. They will next scan and test the router and firewall, followed by testing of the IDS rules.
They will then perform physical surveillance and dumpster diving to learn additional information. This will be followed by password sniffing and cracking. Finally, they will call into MegaCorp to see what information they can learn via social engineering.
B. The consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.
The consultants have decided on a direct strategy. They will work inside the MegaCorp office, with the group introducing themselves to the employees. They will directly interview each employee, and perform extensive physical security checks of the network.
They will review and provide analysis on the security policy, and follow that with electronic testing. They will run a single very robust vulnerability scanner on every single client and server in the network, and document the findings of the scan.
C. The consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.
The consultants surprise you with their initial strategy. They intend to spend nearly 100% of their efforts over the first week on social engineering and other physical techniques, using little to no technology. They have gained access to the building as a maintenance crew, and will be coming into the office every night when employees are wrapping up for the day.
All of their testing will be done through physical contact and informal questioning of the employees. Once they finish that stage, they will run short and direct vulnerability scanners on the systems that they feel will present weakness.
D. The consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.
The consultants will start the process with remote network surveillance, checking to see what systems and services are available remotely. They will run both passive and active fingerprinting on any identified system. They will run customized vulnerability scanners on the identified systems, and follow that through with exploits, including new zero-day exploits they have written themselves.
They will next run scans on the router, firewall, and intrusion detection, looking to identify operating systems and configurations of these devices. Once identified, they will run customized scripts to gain access to these devices. Once they complete the testing on the systems, they will dumpster dive to identify any leaked information.
E. The consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.
The first thing the consultants will do is dumpster diving and physical surveillance, looking for clues as to user information and other secret data that should not be outside of the network. Once they have identified several targets through the dumpster diving, they will run scans to match up and identify the workstations for those users.
After identifying the user workstations, they will run vulnerability checks on the systems, to find holes, and if a hole is found they have been given permission to exploit the hole and gain access of the system.
They will attempt to gain access to the firewall and router remotely, via password guessing, and will test the response of the network to Denial of Service attacks. Finally, they will call into MegaCorp to see what information they can learn via social engineering.
正解：A