616 お客様のコメント
質問 1:
You had been taking a short vacation, and when you come into work on Monday morning, Orange is already at your door, waiting to talk to you.
"We're got a problem," Orange says, "It seems that the password used by our Vice President of Engineering has been compromised. Over the weekend, we found this account had logged into the network 25 times. The Vice President was not even in the office over the weekend."
"Did we get the source of the compromise yet?"
"No, but it won't surprise me if it is our new neighbors at MassiveCorp. I need to you to come up with a realistic plan and bring it to me tomorrow afternoon. This problem must be resolved, and like everything else we do not have unlimited funds so keep that in mind."
Based on this information, choose the best solution to the password local authentication problem in the Executive building.}
A. Since you are aware of the significance of the password problems, you plan to address the
problem using technology. You write
up a plan for Orange that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a token-
based authentication system.
2.You will install the RSA SecurID time-based token system.
3.You will create SecurID user records for each user to match their domain accounts.
4.You will assign each user record a unique token.
5.You will hand deliver the tokens to the correct executive.
6.Users will be allowed to create their own PIN, which will be 4 characters long.
7.The tokens will replace all passwords for authentication into each user Windows system.
B. Since you are aware of the significance of the password problems, and since you do not have unlimited funds, you plan to address this problem through education and through awareness. You write up a plan for Orange that includes the following points: 1.All end users are to be trained on the methods of making strong passwords 2.All end users are instructed that they are to change their password at a minimum of every 30 days. 3.The administrative staff is to run password-checking utilities on all passwords every 30 days. 4.All end users are to be trained on the importance of never disclosing their password to any other individual. 5.All end users are to be trained on the importance of never writing down their passwords where they are clearly visible.
C. Since you are aware of the significance of the password problems, you plan to address the
problem using technology. You write up a plan for Orange that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a token-
based authentication system.
2.You will install the RSA SecurID challenge-response token system.
3.You will create SecurID user records for each user to match their domain accounts.
4.You will assign each user record a unique token.
5.You will hand deliver the tokens to the correct executive.
6.Users will be required to use tokencodes from the One-Time tokencode list. The tokencodes will
be alphanumeric and will be 4 characters long.
7.The tokens will replace all passwords for authentication into each user Windows system.
D. Since you are aware of the significance of the password problems, plan to address the problem
using technology. You write up a plan for Orange that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a
biometric solution.
2.You will install retinal scanners at every user desktop in the executive building.You will install
retinal scanners at every user? desktop in the executive building.2.You will install retinal scanners
at every user desktop in the executive building.You will install retinal scanners at every user?
desktop in the executive building.
3.You will personally enroll each user at each desktop.3.You will personally enroll each user at
each desktop.
4.You will instruct each user on the proper positioning and use of the scanner.4.You will instruct
each user on the proper positioning and use of the scanner.
5.The biometric system will replace all passwords for authentication into each user Windows
system.The biometric system will replace all passwords for authentication into each user?
Windows system.5.The biometric system will replace all passwords for authentication into each
user Windows system.The biometric system will replace all passwords for authentication into each
user? Windows system.
E. Since you are aware of the significance of the password problems, you plan to address the problem using technology. You write up a plan for Orange that includes the following points: 1.You will reconfigure the Testbed.globalcorp.org domain to control the password problem. 2.You will configure AD in this domain so that complex password policies are required. 3.The complex password policies will include:
a.Password length of at least 8 characters
b.Passwords must be alphanumeric
c.Passwords must meet Gold Standard of complexity
d.Passwords must be changed every 30 days
e.Passwords cannot be reused
正解:A
質問 2:
You have now seen to it that all end users and computers in the Testbed office have received their certificates. The administrative staff has been trained on their use and function in the network. The following day, you meet with Orange to discuss the progress.
"So far so good," starts Orange, "all the users have their certificates, all the computers have their certificates. I think we are moving forward at a solid pace. We have talked about the ways we will use our certificates, and we need to move towards securing our network traffic."
"I agree," you reply, "last week I ran a scheduled scan, and we still have vulnerability in our network traffic. The folks from MassiveCorp would love to have a sniffer running in here, I sure of that."
"That exactly the point. We need a system in place that will ensure that our network traffic is not so vulnerable to sniffing. We have to get some protection for our packets. I like you to design the system and then we can review it together."
The meeting ends a few minutes later, and you are back in your office working on the design. Choose the best solution for protecting the network traffic in the executive office of the Testbed campus:}
A. You decide that you will implement an IPSec solution, using the built-in functionality of Windows. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure each server in the network with a new IPSec policy. You choose to implement the default Server IPSec Policy. Using this policy you are sure that all communication both to and from the server will utilize IPSec. You reboot the servers that you can and use secedit to force the others to refresh their policy.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients, you use the default Client IPSec Policy. You reboot the client machines that you can and use secedit to force the others to refresh their policy.
B. After further analysis on the situation, you decide that you will need to block traffic in a more complete way at the border firewalls. You have decided that by implementing stricter border control, you will be able to manage the security risk of the packets that enter and leave the network better.
You implement a new firewall at each border crossing point. You will configure half of the firewalls with Checkpoint FW-1 NG and the other half with Microsoft ISA. By using two different firewalls, you are confident that you will be minimizing any mass vulnerability.
At each firewall you implement a new digital certificate for server authentication, and you configure the firewall to require every user to authenticate all user connections. You block all unauthorized traffic and run remote test scans to ensure that no information is leaking through.
Once the test scans are complete, you verify that all users are required to authenticate with the new firewall before their traffic is allowed to pass, and everything works as you planned.
C. You decide that you will implement an IPSec solution, using custom IPSec settings. You wish to utilize the digital certificates that are available in the network. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure a custom policy for the servers in the network. You verify that none of the default policies are currently implemented, and you create a new policy. Your new policy will use SHA for AH and SHA+3DES for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the servers that you can and use secedit to force the others to refresh their policy.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients, you verify that no default policy is enabled, and you create a policy that uses SHA for AH and SHA+3DES for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the client machines that you can and use secedit to force the others to refresh their policy.
D. You decide that you will implement an IPSec solution, using custom IPSec settings. You wish to utilize the digital certificates that are available in the network. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure a custom policy for the servers in the network. To increase strength, you will implement your custom policy on top of the default Server IPSec Policy. You verify that the policy is running, and then you create a new policy. Your new policy will use SHA+3DES for AH and SHA for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the servers that you can and use secedit to force the others to refresh the two policies.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients you also need the highest in security, so you will use a custom policy on the default policy. You verify that the default Client IPSec policy is enabled, and then you create a policy that uses SHA+3DES for AH and SHA for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the client machines that you can and use secedit to force the others to refresh the two policies.
E. You spend time analyzing the network and decide that the best solution is to take advantage of VPN technology. You will create one VPN endpoint in each building. Your plan is to create a unique tunnel between each building.
You first install a new Microsoft machine, and configure it to perform the functions of Routing and Remote Access. You then create a tunnel endpoint, and configure each machine to use L2TP to create the tunnel.
To increase security, you will implement full 256-bit encryption on each tunnel, and you will use 3DES on one half of the tunnels and AES on the other half of the tunnels. You will be sure that each tunnel uses the same algorithm on both ends, but by using two algorithms you are sure that you have increased the security of the network in a significant way.
正解:C
質問 3:
You have now seen to it that all end users and computers in the Testbed office have received their certificates. The administrative staff has been trained on their use and function in the network. The following day, you meet with Blue to discuss the progress.
"So far so good," starts Blue, "all the users have their certificates, all the computers have their certificates. I think we are moving forward at a solid pace. We have talked about the ways we will use our certificates, and we need to move towards securing our network traffic."
"I agree," you reply, "last week I ran a scheduled scan, and we still have vulnerability in our network traffic. The folks from MassiveCorp would love to have a sniffer running in here, I sure of that."
"That's exactly the point. We need a system in place that will ensure that our network traffic is not so vulnerable to sniffing. We have" to get some protection for our packets. I'd like you to design the system and then we can review it together."
The meeting ends a few minutes later, and you are back in your office working on the design. Choose the best solution for protecting the network traffic in the executive office of the Testbed campus:}
A. You decide that you will implement an IPSec solution, using the built-in functionality of Windows. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure each server in the network with a new IPSec policy. You choose to implement the default Server IPSec Policy. Using this policy you are sure that all communication both to and from the server will utilize IPSec. You reboot the servers that you can and use secedit to force the others to refresh their policy.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients, you use the default Client IPSec Policy. You reboot the client machines that you can and use secedit to force the others to refresh their policy.
B. After further analysis on the situation, you decide that you will need to block traffic in a more complete way at the border firewalls. You have decided that by implementing stricter border control, you will be able to manage the security risk of the packets that enter and leave the network better.
You implement a new firewall at each border crossing point. You will configure half of the firewalls with Checkpoint FW-1 NG and the other half with Microsoft ISA. By using two different firewalls, you are confident that you will be minimizing any mass vulnerability.
At each firewall you implement a new digital certificate for server authentication, and you configure the firewall to require every user to authenticate all user connections. You block all unauthorized traffic and run remote test scans to ensure that no information is leaking through.
Once the test scans are complete, you verify that all users are required to authenticate with the new firewall before their traffic is allowed to pass, and everything works as you planned.
C. You decide that you will implement an IPSec solution, using custom IPSec settings. You wish to utilize the digital certificates that are available in the network. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure a custom policy for the servers in the network. You verify that none of the default policies are currently implemented, and you create a new policy. Your new policy will use SHA for AH and SHA+3DES for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the servers that you can and use secedit to force the others to refresh their policy.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients, you verify that no default policy is enabled, and you create a policy that uses SHA for AH and SHA+3DES for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the client machines that you can and use secedit to force the others to refresh their policy.
D. You decide that you will implement an IPSec solution, using custom IPSec settings. You wish to utilize the digital certificates that are available in the network. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure a custom policy for the servers in the network. To increase strength, you will implement your custom policy on top of the default Server IPSec Policy. You verify that the policy is running, and then you create a new policy. Your new policy will use SHA+3DES for AH and SHA for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the servers that you can and use secedit to force the others to refresh the two policies.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients you also need the highest in security, so you will use a custom policy on the default policy. You verify that the default Client IPSec policy is enabled, and then you create a policy that uses SHA+3DES for AH and SHA for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the client machines that you can and use secedit to force the others to refresh the two policies.
E. You spend time analyzing the network and decide that the best solution is to take advantage of VPN technology. You will create one VPN endpoint in each building. Your plan is to create a unique tunnel between each building.
You first install a new Microsoft machine, and configure it to perform the functions of Routing and Remote Access. You then create a tunnel endpoint, and configure each machine to use L2TP to create the tunnel.
To increase security, you will implement full 256-bit encryption on each tunnel, and you will use 3DES on one half of the tunnels and AES on the other half of the tunnels. You will be sure that each tunnel uses the same algorithm on both ends, but by using two algorithms you are sure that you have increased the security of the network in a significant way.
正解:C
質問 4:
The network has been receiving quite a lot of inbound traffic, and although you have been given instructions to keep the network open, you want to know what is going on. You have decided to implement an Intrusion Detection System. You bring this up at the next meeting.
"After looking at our current network security, and the network traffic we are dealing with, I recommend that we implement an Intrusion Detection System," you begin.
"We don't have any more budget for security equipment, it will have to wait until next year." This is the reply from the CEO that you were anticipating.
"I realize that the budget is tight, but this is an important part of setting up security." You continue, "If I cannot properly identify all the network traffic, and have a system in place to respond to it, we might not know about an incident until after our information is found for sale on the open market." As expected, your last comment got the group thinking.
"What about false alarms?" asks the VP of sales, "I hear those things are always going off, and just end up wasting everyone time."
"That's a fair concern, but it is my concern. When we implement the system, I will fine tune it and adjust it until the alarms it generates are appropriate, and are generated when there is legitimately something to be concerned about. We are concerned with traffic that would indicate an attack; only then will the system send me an alert."
For a few minutes there was talk back and forth in the room, and then the CEO responds again to your inquiry, "I agree that this type of thing could be helpful. But, we simply don't have any more budget for it. Since it is a good idea, go ahead and find a way to implement this, but don't spend any money on it."
With this information, and your knowledge of MegaCorp, choose the answer that will provide the best solution for the IDS needs of MegaCorp:}
A. You configure a new dedicated machine just outside the router and install Snort on that machine. The machine logs all intrusions locally, and you will connect to the machine remotely once each morning to pull the log files to your local machine for analysis.
You run snort with the following command: Snort ev \snort\log snort.conf and using the following rule base:
Alert tcp any any <> any 80 Alert tcp any any <> 10.10.0.0\16 any (content: "Password"; msg:"Password transfer Possible";) Log tcp any any <- 10.10.0.0\16 23 Log tcp any any <> 10.10.0.0\16 1:1024
B. You install Snort on a dedicated machine just outside the router. The machine is designed to send alerts to you when appropriate. You implement the following rule set:
Alert udp any any -> 10.10.0.0\16 (msg: "O\S Fingerprint Detected"; flags: S12;)
Alert tcp any any -> 10.10.0.0\16 (msg: "Syn\Fin Scan Detected"; flags: SF;)
Alert tcp any any -> 10.10.0.0\16 (msg: "Null Scan Detected"; flags: 0;)
Log tcp any any -> 10.10.0.0\16 any
You then install Snort on the web and ftp server, also with this system designed to send you alerts
when appropriate. You implement the built-in scan.rules ruleset on the server.
C. You install your IDS on a dedicated machine just inside the router. The machine is designed to send alerts to you when appropriate. You begin the install by performing a new install of Windows on a clean hard drive.
You install ISS Internet Scanner and ISS System Scanner on the new system. System Scanner is configured to do full backdoor testing, full baseline testing, and full password testing. Internet Scanner is configured with a custom policy you made to scan for all vulnerabilities. You configure both scanners to generate automatic weekly reports and to send you alerts when an incident of note takes place on the network.
D. You install two computers to run your IDS. One will be a dedicated machine that is on the outside of the router, and the second will be on the inside of the router. You configure the machine on the outside of the router to run Snort, and you combine the default rules of several of the builtin rule sets. You combine the ddos.rules, dos.rules, exploit.rules, icmp.rules, and scan.rules.
On the system that is inside the router, running Snort, you also combine several of the built-in rule sets. You combine the scan.rules, web-cgi.rules, ftp.rules, web-misc.rules, and web-iis.rules.
You configure the alerts on the two systems to send you email messages when events are identified. After you implement the two systems, you run some external scans and tests using vulnerability checkers and exploit testing software. You modify your rules based on your tests.
E. You install Snort on a dedicated machine just inside the router. The machine is designed to send alerts to you when appropriate. You do have some concern that the system will have too many rules to operate efficiently. To address this, you decide to pull the critical rules out of the built-in rule sets, and create one simple rule set that is short and will cover all of the serious incidents that the network might experience.
alert udp any 19 <> $HOME_NET 7 (msg:"DOS UDP Bomb"; classtype:attempted-dos; sid:271; rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"DOS Teardrop attack"; id:242; fragbits:M; classtype:attempted-dos; sid:270; rev:1;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS TFN Probe"; id: 678; itype: 8; content: "1234"; classtype:attempted-recon; sid:221; rev:1;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING NMAP"; dsize: 0; itype: 8; classtype:attempted-recon; sid:469; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"SCAN XMAS";flags:SRAFPU; classtype:attempted-recon; sid:625; rev:1;)
alert tcp $HOME_NET 31337 -> $EXTERNAL_NET 80 (msg:"SCAN synscan microsoft"; id: 39426; flags: SF; classtype:attempted-recon; sid:633; rev:1;)
正解:D
You had been taking a short vacation, and when you come into work on Monday morning, Orange is already at your door, waiting to talk to you.
"We're got a problem," Orange says, "It seems that the password used by our Vice President of Engineering has been compromised. Over the weekend, we found this account had logged into the network 25 times. The Vice President was not even in the office over the weekend."
"Did we get the source of the compromise yet?"
"No, but it won't surprise me if it is our new neighbors at MassiveCorp. I need to you to come up with a realistic plan and bring it to me tomorrow afternoon. This problem must be resolved, and like everything else we do not have unlimited funds so keep that in mind."
Based on this information, choose the best solution to the password local authentication problem in the Executive building.}
A. Since you are aware of the significance of the password problems, you plan to address the
problem using technology. You write
up a plan for Orange that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a token-
based authentication system.
2.You will install the RSA SecurID time-based token system.
3.You will create SecurID user records for each user to match their domain accounts.
4.You will assign each user record a unique token.
5.You will hand deliver the tokens to the correct executive.
6.Users will be allowed to create their own PIN, which will be 4 characters long.
7.The tokens will replace all passwords for authentication into each user Windows system.
B. Since you are aware of the significance of the password problems, and since you do not have unlimited funds, you plan to address this problem through education and through awareness. You write up a plan for Orange that includes the following points: 1.All end users are to be trained on the methods of making strong passwords 2.All end users are instructed that they are to change their password at a minimum of every 30 days. 3.The administrative staff is to run password-checking utilities on all passwords every 30 days. 4.All end users are to be trained on the importance of never disclosing their password to any other individual. 5.All end users are to be trained on the importance of never writing down their passwords where they are clearly visible.
C. Since you are aware of the significance of the password problems, you plan to address the
problem using technology. You write up a plan for Orange that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a token-
based authentication system.
2.You will install the RSA SecurID challenge-response token system.
3.You will create SecurID user records for each user to match their domain accounts.
4.You will assign each user record a unique token.
5.You will hand deliver the tokens to the correct executive.
6.Users will be required to use tokencodes from the One-Time tokencode list. The tokencodes will
be alphanumeric and will be 4 characters long.
7.The tokens will replace all passwords for authentication into each user Windows system.
D. Since you are aware of the significance of the password problems, plan to address the problem
using technology. You write up a plan for Orange that includes the following points:
1.For all executives you recommend no longer using passwords, and instead migrating to a
biometric solution.
2.You will install retinal scanners at every user desktop in the executive building.You will install
retinal scanners at every user? desktop in the executive building.2.You will install retinal scanners
at every user desktop in the executive building.You will install retinal scanners at every user?
desktop in the executive building.
3.You will personally enroll each user at each desktop.3.You will personally enroll each user at
each desktop.
4.You will instruct each user on the proper positioning and use of the scanner.4.You will instruct
each user on the proper positioning and use of the scanner.
5.The biometric system will replace all passwords for authentication into each user Windows
system.The biometric system will replace all passwords for authentication into each user?
Windows system.5.The biometric system will replace all passwords for authentication into each
user Windows system.The biometric system will replace all passwords for authentication into each
user? Windows system.
E. Since you are aware of the significance of the password problems, you plan to address the problem using technology. You write up a plan for Orange that includes the following points: 1.You will reconfigure the Testbed.globalcorp.org domain to control the password problem. 2.You will configure AD in this domain so that complex password policies are required. 3.The complex password policies will include:
a.Password length of at least 8 characters
b.Passwords must be alphanumeric
c.Passwords must meet Gold Standard of complexity
d.Passwords must be changed every 30 days
e.Passwords cannot be reused
正解:A
質問 2:
You have now seen to it that all end users and computers in the Testbed office have received their certificates. The administrative staff has been trained on their use and function in the network. The following day, you meet with Orange to discuss the progress.
"So far so good," starts Orange, "all the users have their certificates, all the computers have their certificates. I think we are moving forward at a solid pace. We have talked about the ways we will use our certificates, and we need to move towards securing our network traffic."
"I agree," you reply, "last week I ran a scheduled scan, and we still have vulnerability in our network traffic. The folks from MassiveCorp would love to have a sniffer running in here, I sure of that."
"That exactly the point. We need a system in place that will ensure that our network traffic is not so vulnerable to sniffing. We have to get some protection for our packets. I like you to design the system and then we can review it together."
The meeting ends a few minutes later, and you are back in your office working on the design. Choose the best solution for protecting the network traffic in the executive office of the Testbed campus:}
A. You decide that you will implement an IPSec solution, using the built-in functionality of Windows. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure each server in the network with a new IPSec policy. You choose to implement the default Server IPSec Policy. Using this policy you are sure that all communication both to and from the server will utilize IPSec. You reboot the servers that you can and use secedit to force the others to refresh their policy.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients, you use the default Client IPSec Policy. You reboot the client machines that you can and use secedit to force the others to refresh their policy.
B. After further analysis on the situation, you decide that you will need to block traffic in a more complete way at the border firewalls. You have decided that by implementing stricter border control, you will be able to manage the security risk of the packets that enter and leave the network better.
You implement a new firewall at each border crossing point. You will configure half of the firewalls with Checkpoint FW-1 NG and the other half with Microsoft ISA. By using two different firewalls, you are confident that you will be minimizing any mass vulnerability.
At each firewall you implement a new digital certificate for server authentication, and you configure the firewall to require every user to authenticate all user connections. You block all unauthorized traffic and run remote test scans to ensure that no information is leaking through.
Once the test scans are complete, you verify that all users are required to authenticate with the new firewall before their traffic is allowed to pass, and everything works as you planned.
C. You decide that you will implement an IPSec solution, using custom IPSec settings. You wish to utilize the digital certificates that are available in the network. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure a custom policy for the servers in the network. You verify that none of the default policies are currently implemented, and you create a new policy. Your new policy will use SHA for AH and SHA+3DES for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the servers that you can and use secedit to force the others to refresh their policy.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients, you verify that no default policy is enabled, and you create a policy that uses SHA for AH and SHA+3DES for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the client machines that you can and use secedit to force the others to refresh their policy.
D. You decide that you will implement an IPSec solution, using custom IPSec settings. You wish to utilize the digital certificates that are available in the network. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure a custom policy for the servers in the network. To increase strength, you will implement your custom policy on top of the default Server IPSec Policy. You verify that the policy is running, and then you create a new policy. Your new policy will use SHA+3DES for AH and SHA for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the servers that you can and use secedit to force the others to refresh the two policies.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients you also need the highest in security, so you will use a custom policy on the default policy. You verify that the default Client IPSec policy is enabled, and then you create a policy that uses SHA+3DES for AH and SHA for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the client machines that you can and use secedit to force the others to refresh the two policies.
E. You spend time analyzing the network and decide that the best solution is to take advantage of VPN technology. You will create one VPN endpoint in each building. Your plan is to create a unique tunnel between each building.
You first install a new Microsoft machine, and configure it to perform the functions of Routing and Remote Access. You then create a tunnel endpoint, and configure each machine to use L2TP to create the tunnel.
To increase security, you will implement full 256-bit encryption on each tunnel, and you will use 3DES on one half of the tunnels and AES on the other half of the tunnels. You will be sure that each tunnel uses the same algorithm on both ends, but by using two algorithms you are sure that you have increased the security of the network in a significant way.
正解:C
質問 3:
You have now seen to it that all end users and computers in the Testbed office have received their certificates. The administrative staff has been trained on their use and function in the network. The following day, you meet with Blue to discuss the progress.
"So far so good," starts Blue, "all the users have their certificates, all the computers have their certificates. I think we are moving forward at a solid pace. We have talked about the ways we will use our certificates, and we need to move towards securing our network traffic."
"I agree," you reply, "last week I ran a scheduled scan, and we still have vulnerability in our network traffic. The folks from MassiveCorp would love to have a sniffer running in here, I sure of that."
"That's exactly the point. We need a system in place that will ensure that our network traffic is not so vulnerable to sniffing. We have" to get some protection for our packets. I'd like you to design the system and then we can review it together."
The meeting ends a few minutes later, and you are back in your office working on the design. Choose the best solution for protecting the network traffic in the executive office of the Testbed campus:}
A. You decide that you will implement an IPSec solution, using the built-in functionality of Windows. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure each server in the network with a new IPSec policy. You choose to implement the default Server IPSec Policy. Using this policy you are sure that all communication both to and from the server will utilize IPSec. You reboot the servers that you can and use secedit to force the others to refresh their policy.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients, you use the default Client IPSec Policy. You reboot the client machines that you can and use secedit to force the others to refresh their policy.
B. After further analysis on the situation, you decide that you will need to block traffic in a more complete way at the border firewalls. You have decided that by implementing stricter border control, you will be able to manage the security risk of the packets that enter and leave the network better.
You implement a new firewall at each border crossing point. You will configure half of the firewalls with Checkpoint FW-1 NG and the other half with Microsoft ISA. By using two different firewalls, you are confident that you will be minimizing any mass vulnerability.
At each firewall you implement a new digital certificate for server authentication, and you configure the firewall to require every user to authenticate all user connections. You block all unauthorized traffic and run remote test scans to ensure that no information is leaking through.
Once the test scans are complete, you verify that all users are required to authenticate with the new firewall before their traffic is allowed to pass, and everything works as you planned.
C. You decide that you will implement an IPSec solution, using custom IPSec settings. You wish to utilize the digital certificates that are available in the network. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure a custom policy for the servers in the network. You verify that none of the default policies are currently implemented, and you create a new policy. Your new policy will use SHA for AH and SHA+3DES for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the servers that you can and use secedit to force the others to refresh their policy.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients, you verify that no default policy is enabled, and you create a policy that uses SHA for AH and SHA+3DES for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the client machines that you can and use secedit to force the others to refresh their policy.
D. You decide that you will implement an IPSec solution, using custom IPSec settings. You wish to utilize the digital certificates that are available in the network. You decide that you wish for there to be maximum strength, and therefore you choose to implement IPSec using both AH and ESP.
First, you configure a custom policy for the servers in the network. To increase strength, you will implement your custom policy on top of the default Server IPSec Policy. You verify that the policy is running, and then you create a new policy. Your new policy will use SHA+3DES for AH and SHA for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the servers that you can and use secedit to force the others to refresh the two policies.
Next, with the help of the administrative staff, you will configure each client in the network. For the clients you also need the highest in security, so you will use a custom policy on the default policy. You verify that the default Client IPSec policy is enabled, and then you create a policy that uses SHA+3DES for AH and SHA for ESP. You make sure that the policy is to include all IP traffic, and for Authentication Method, you use the certificate that is assigned to each server. You reboot the client machines that you can and use secedit to force the others to refresh the two policies.
E. You spend time analyzing the network and decide that the best solution is to take advantage of VPN technology. You will create one VPN endpoint in each building. Your plan is to create a unique tunnel between each building.
You first install a new Microsoft machine, and configure it to perform the functions of Routing and Remote Access. You then create a tunnel endpoint, and configure each machine to use L2TP to create the tunnel.
To increase security, you will implement full 256-bit encryption on each tunnel, and you will use 3DES on one half of the tunnels and AES on the other half of the tunnels. You will be sure that each tunnel uses the same algorithm on both ends, but by using two algorithms you are sure that you have increased the security of the network in a significant way.
正解:C
質問 4:
The network has been receiving quite a lot of inbound traffic, and although you have been given instructions to keep the network open, you want to know what is going on. You have decided to implement an Intrusion Detection System. You bring this up at the next meeting.
"After looking at our current network security, and the network traffic we are dealing with, I recommend that we implement an Intrusion Detection System," you begin.
"We don't have any more budget for security equipment, it will have to wait until next year." This is the reply from the CEO that you were anticipating.
"I realize that the budget is tight, but this is an important part of setting up security." You continue, "If I cannot properly identify all the network traffic, and have a system in place to respond to it, we might not know about an incident until after our information is found for sale on the open market." As expected, your last comment got the group thinking.
"What about false alarms?" asks the VP of sales, "I hear those things are always going off, and just end up wasting everyone time."
"That's a fair concern, but it is my concern. When we implement the system, I will fine tune it and adjust it until the alarms it generates are appropriate, and are generated when there is legitimately something to be concerned about. We are concerned with traffic that would indicate an attack; only then will the system send me an alert."
For a few minutes there was talk back and forth in the room, and then the CEO responds again to your inquiry, "I agree that this type of thing could be helpful. But, we simply don't have any more budget for it. Since it is a good idea, go ahead and find a way to implement this, but don't spend any money on it."
With this information, and your knowledge of MegaCorp, choose the answer that will provide the best solution for the IDS needs of MegaCorp:}
A. You configure a new dedicated machine just outside the router and install Snort on that machine. The machine logs all intrusions locally, and you will connect to the machine remotely once each morning to pull the log files to your local machine for analysis.
You run snort with the following command: Snort ev \snort\log snort.conf and using the following rule base:
Alert tcp any any <> any 80 Alert tcp any any <> 10.10.0.0\16 any (content: "Password"; msg:"Password transfer Possible";) Log tcp any any <- 10.10.0.0\16 23 Log tcp any any <> 10.10.0.0\16 1:1024
B. You install Snort on a dedicated machine just outside the router. The machine is designed to send alerts to you when appropriate. You implement the following rule set:
Alert udp any any -> 10.10.0.0\16 (msg: "O\S Fingerprint Detected"; flags: S12;)
Alert tcp any any -> 10.10.0.0\16 (msg: "Syn\Fin Scan Detected"; flags: SF;)
Alert tcp any any -> 10.10.0.0\16 (msg: "Null Scan Detected"; flags: 0;)
Log tcp any any -> 10.10.0.0\16 any
You then install Snort on the web and ftp server, also with this system designed to send you alerts
when appropriate. You implement the built-in scan.rules ruleset on the server.
C. You install your IDS on a dedicated machine just inside the router. The machine is designed to send alerts to you when appropriate. You begin the install by performing a new install of Windows on a clean hard drive.
You install ISS Internet Scanner and ISS System Scanner on the new system. System Scanner is configured to do full backdoor testing, full baseline testing, and full password testing. Internet Scanner is configured with a custom policy you made to scan for all vulnerabilities. You configure both scanners to generate automatic weekly reports and to send you alerts when an incident of note takes place on the network.
D. You install two computers to run your IDS. One will be a dedicated machine that is on the outside of the router, and the second will be on the inside of the router. You configure the machine on the outside of the router to run Snort, and you combine the default rules of several of the builtin rule sets. You combine the ddos.rules, dos.rules, exploit.rules, icmp.rules, and scan.rules.
On the system that is inside the router, running Snort, you also combine several of the built-in rule sets. You combine the scan.rules, web-cgi.rules, ftp.rules, web-misc.rules, and web-iis.rules.
You configure the alerts on the two systems to send you email messages when events are identified. After you implement the two systems, you run some external scans and tests using vulnerability checkers and exploit testing software. You modify your rules based on your tests.
E. You install Snort on a dedicated machine just inside the router. The machine is designed to send alerts to you when appropriate. You do have some concern that the system will have too many rules to operate efficiently. To address this, you decide to pull the critical rules out of the built-in rule sets, and create one simple rule set that is short and will cover all of the serious incidents that the network might experience.
alert udp any 19 <> $HOME_NET 7 (msg:"DOS UDP Bomb"; classtype:attempted-dos; sid:271; rev:1;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"DOS Teardrop attack"; id:242; fragbits:M; classtype:attempted-dos; sid:270; rev:1;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS TFN Probe"; id: 678; itype: 8; content: "1234"; classtype:attempted-recon; sid:221; rev:1;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING NMAP"; dsize: 0; itype: 8; classtype:attempted-recon; sid:469; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"SCAN XMAS";flags:SRAFPU; classtype:attempted-recon; sid:625; rev:1;)
alert tcp $HOME_NET 31337 -> $EXTERNAL_NET 80 (msg:"SCAN synscan microsoft"; id: 39426; flags: SF; classtype:attempted-recon; sid:633; rev:1;)
正解:D
岩田** -
口コミを見てPass4TestさんのこのSC0-502の問題集を買いました、入り口の入り口である基本的なところまで説明してありとても解りやすいと思いました、買ってよかったです