SC0-502 Books, SC0-502 Training online - you can pass SCP SC0-502 Books easily, Some people say that to pass the SCP SC0-502 Books certification is tantamount to success, You worked in the SC0-502 Books IT industry, Whatever exam you SC0-502 Books choose to take, According to the survey SC0-502 Books, it does not mean your strength forever SC0-502 Books, so you only need to use the training material that guarantees SC0-502 Books you will pass the exam at the first time, and help you to become SC0-502 Books a strong IT expert, our SC0-502 Books products prove to be trusted, you give up taking SC0-502 Books the exam, so that you can have a longer SC0-502 Books time to prepare for the exam, And soon you will be able to prove your expertise SC0-502 Books knowledge and technology in IT industry
Having a SCP SC0-502 Exam Tests can enhance your employment prospects,and then you can have a lot of good jobs. ITbraindumps is a website very suitable to candidates who participate in the SCP certification SC0-502 Exam Tests. ITbraindumps can not only provide all the information related to the SCP certification SC0-502 Exam Tests for the candidates, but also provide a good learning opportunity for them. ITbraindumps be able to help you pass SCP certification SC0-502 Exam Tests successfully.
Exam Code: SC0-502Exam Name: Security Certified Program (SCP)
One year free update, No help, Full refund!
SC0-502 Exam Tests Total Q&A: 40 Questions and Answers
Last Update: 2016-10-12
SC0-502 Free download Detail: SC0-502 Exam Tests
Everyone has a utopian dream in own heart. Dreams of imaginary make people feel disheartened. In fact, as long as you take the right approach, everything is possible. You can pass the SCP SC0-502 Exam Tests easily. Why? Because you have ITbraindumps's SCP SC0-502 Exam Tests. ITbraindumps's SCP SC0-502 Exam Tests are the best training materials for IT certification. It is famous for the most comprehensive and updated by the highest rate. It also can save time and effort. With it, you will pass the exam easily. If you pass the exam, you will have the self-confidence, with the confidence you will succeed.
SC0-502 Free Demo Download: http://www.itbraindumps.com/SC0-502_exam.html
NO.1 Evaluate the rollout, test, and modify as needed to improve the overall security of the
Certkiller trusted network.
B. You design the plan for two weeks, and then you present it to Blue. Your plan follows
these critical steps:
1. Draft a Certification Practice Statement (CPS) to define what users will be allowed to
do with their certificates, and a Certificate Policy (CP) to define the technology used to
ensure the users are able to use their certificates as per the CPS.
2. Draft a CPF based on your own guidelines, including physical and technology
controls.
3. Design the system, outside of the executive office, to be a full hierarchy, with the Root
CA for the hierarchy located in the executive building. Every remote office will have a
subordinate CA, and every other building on the campus in Testbed will have a
subordinate CA.
4. In the executive building, you design the system to be a mesh CA structure, with one
CA per floor of the building.
5. Design the hierarchy with each remote office and building having it's own enrollment
CA.
6. Build a small test pilot program, to test the hierarchy, and integration with the existing
network.
7. Implement the CA hierarchy in the executive office, and get all users acclimated to the
system.
8. Implement the CA hierarchy in each other campus building in Testbed, and get all
users acclimated to the system.
9. One at a time, implement the CA hierarchy in each remote office; again getting all
users acclimated to the system.
10. Test the team in each location on proper use and understanding of the overall PKI and
their portion of the trusted network.
NO.2 For three years you have worked with Certkiller doing occasional network and
security consulting. Certkiller is a small business that provides real estate listings
and data to realtors in several of the surrounding states. The company is open for
business Monday through Friday from 9 am to 6 pm, closed all evenings and
weekends. Your work there has largely consisted of advice and planning, and you
have been frequently disappointed by the lack of execution and follow through from
the full time staff.
On Tuesday, you received a call from Certkiller 's HR director, "Hello, I'd like to
inform you that Red (the full time senior network administrator) is no longer with
us, and we would like to know if you are interested in working with us full time."
You currently have no other main clients, so you reply, "Sure, when do you need me
to get going?"
"Today," comes the fast and direct response. Too fast, you think.
"What is the urgency, why can't this wait until tomorrow?"
"Red was let go, and he was not happy about it. We are worried that he might have
done something to our network on the way out."
"OK, let me get some things ready, and I'll be over there shortly."
You knew this would be messy when you came in, but you did have some advantage
in that you already knew the network. You had recommended many changes in the
past, none of which would be implemented by Red. While pulling together your
laptop and other tools, you grab your notes which have an overview of the network:
Certkiller network notes: Single Internet access point, T1, connected to Certkiller
Cisco router. Router has E1 to a private web and ftp server and E0 to the LAN
switch. LAN switch has four servers, four printers, and 100 client machines. All the
machines are running Windows 2000. Currently, they are having their primary web
site and email hosted by an ISP in Illinois.
When you get to Certkiller , the HR Director and the CEO, both of whom you
already know, greet you. The CEO informs you that Red was let go due to difficult
personality conflicts, among other reasons, and the termination was not cordial.
You are to sign the proper employment papers, and get right on the job. You are
given the rest of the day to get setup and running, but the company is quite
concerned about the security of their network. Rightly so, you think, 'If these guys
had implemented even half of my recommendations this would sure be easier.' You
get your equipment setup in your new oversized office space, and get started. For
the time you are working here, your IP Address is 10.10.50.23 with a mask of \16.
One of your first tasks is to examine the router's configuration. You console into the
router, issue a show running-config command, and get the following output:
MegaOne#show running-config
Building configuration...
Current configuration:
!
version 12.1
service udp-small-servers
service tcp-small-servers
!
hostname MegaOne
!
enable secret 5 $1$7BSK3$H394yewhJ45JAFEWU73747.
enable password clever
!
no ip name-server
no ip domain-lookup
ip routing
!
interface Ethernet0
no shutdown
ip address 2.3.57.50 255.255.255.0
no ip directed-broadcast
!
interface Ethernet1
no shutdown
ip 10.10.40.101 255.255.0.0
no ip directed-broadcast
!
interface Serial0
no shutdown
ip 1.20.30.23 255.255.255.0
no ip directed-broadcast
clockrate 1024000
bandwidth 1024
encapsulation hdlc
!
ip route 0.0.0.0 0.0.0.0 1.20.30.45
!
line console 0
exec-timeout 0 0
transport input all
line vty 0 4
password remote
login
!
end
After analysis of the network, you recommend that the router have a new
configuration. Your goal is to make the router become part of your layered defense,
and to be a system configured to help secure the network.
You talk to the CEO to get an idea of what the goals of the router should be in the
new configuration. All your conversations are to go through the CEO; this is whom
you also are to report to.
"OK, I suggest that the employees be strictly restricted to only the services that they
must access on the Internet." You begin.
"I can understand that, but we have always had an open policy. I like the employees
to feel comfortable, and not feel like we are watching over them all the time. Please
leave the connection open so they can get to whatever they need to get to. We can
always reevaluate this in an ongoing basis."
"OK, if you insist, but for the record I am opposed to that policy."
"Noted," responds the CEO, somewhat bluntly.
"All right, let's see, the private web and ftp server have to be accessed by the
Internet, restricted to the accounts on the server. We will continue to use the Illinois
ISP to host our main web site and to host our email. What else, is there anything
else that needs to be accessed from the Internet?"
"No, I think that's it. We have a pretty simple network, we do everything in house."
"All right, we need to get a plan in place as well right away for a security policy.
Can we set something up for tomorrow?" you ask.
"Let me see, I'll get back to you later." With that the CEO leaves and you get to
work.
Based on the information you have from Certkiller ; knowing that the router must be
an integral part of the security of the organization, select the best solution to the
organization's router problem:}
A. With the office closed, you decide to build the new router configuration on Saturday.
Using your knowledge of the network, and your conversation with the CEO, you build
and implement the following router configuration:
MegaOne#configure terminal
MegaOne(config)#no cdp run
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21
MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established
MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 deny ip 0.0.0.0 255.255.255.255 any
MegaOne(config)#access-list 175 deny ip 10.0.0.0 0.255.255.255 any
MegaOne(config)#access-list 175 deny ip 127.0.0.0 0.255.255.255 any
MegaOne(config)#access-list 175 deny ip 172.16.0.0 0.0.255.255 any
MegaOne(config)#access-list 175 deny ip 192.168.0.0 0.0.255.255 any
MegaOne(config)#no ip source-route
MegaOne(config)#no ip finger
MegaOne(config)#interface serial 0
MegaOne(config-if)#ip access-group 175 in
MegaOne(config-if)#no ip directed broadcast
MegaOne(config-if)#no ip unreachables
MegaOne(config-if)#Z
MegaOne#
B. You backup the current router config to a temp location on your laptop. Early Monday
morning, you come in to build the new router configuration. Using your knowledge of
the network, and your conversation with the CEO, you build and implement the
following router configuration:
MegaOne#configure terminal
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21
MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established
MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255
MegaOne(config)#interface Serial 0
MegaOne(config-if)#ip access-group 175 in
MegaOne(config-if)#no cdp enable
MegaOne(config-if)#no ip directed broadcast
MegaOne(config-if)#no ip unreachables
MegaOne(config-if)#Z
MegaOne#
C. As soon as the office closes Friday, you get to work on the new router configuration.
Using your knowledge of the network, and your conversation with the CEO, you build
and implement the following router configuration:
MegaOne#configure terminal
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21
MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established
MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255
MegaOne(config)#interface Ethernet 0
MegaOne(config-if)#ip access-group 175 in
MegaOne(config)#interface Ethernet 1
MegaOne(config-if)#ip access-group 175 in
MegaOne(config-if)#Z
MegaOne#
D. You backup the current router config to a temp location on your laptop. Sunday night,
you come in to build the new router configuration. Using your knowledge of the network,
and your conversation with the CEO, you build and implement the following router
configuration:
MegaOne#configure terminal
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21
MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established
MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255
MegaOne(config)#interface Ethernet 0
MegaOne(config-if)#ip access-group 175 in
MegaOne(config-if)#no cdp enable
MegaOne(config)#interface Ethernet 1
MegaOne(config-if)#ip access-group 175 in
MegaOne(config-if)#no cdp enable
MegaOne(config-if)#Z
MegaOne#
E. You backup the current router config to a temp location on your laptop. Friday night,
you come in to build the new router configuration. Using your knowledge of the network,
and your conversation with the CEO, you build and implement the following router
configuration:
MegaOne#configure terminal
MegaOne(config)#no cdp run
MegaOne(config)#no ip source-route
MegaOne(config)#no ip finger
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 80
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 20
MegaOne(config)#access-list 175 permit tcp any 2.3.57.60 0.0.0.0 eq 21
MegaOne(config)#access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established
MegaOne(config)#access-list 175 deny ip 0.0.0.0 255.255.255.255 any
MegaOne(config)#access-list 175 deny ip 10.0.0.0 0.255.255.255 any
MegaOne(config)#access-list 175 deny ip 127.0.0.0 0.255.255.255 any
MegaOne(config)#access-list 175 deny ip 172.16.0.0 0.0.255.255 any
MegaOne(config)#access-list 175 deny ip 192.168.0.0 0.0.255.255 any
MegaOne(config)#access-list 175 permit ip any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 permit udp any 10.10.0.0 0.0.255.255
MegaOne(config)#access-list 175 permit icmp any 10.10.0.0 0.0.255.255
MegaOne(config)#interface serial 0
MegaOne(config-if)#ip access-group 175 in
MegaOne(config-if)#no ip directed broadcast
MegaOne(config-if)#no ip unreachables
MegaOne(config-if)#Z
MegaOne#
Answer: E
SC0-502 Practice Questions