SCP SC0-451 Part 2

QUESTION NO: 77
You are configuring a Cisco Router, and are creating Access Control Lists as part of the
security
of the network. When creating Wildcard Masks, which of the following rules apply?
A. If the wildcard mask bit is a 1, then do not check the corresponding bit of the IP
address for a
match.
B. If the wildcard mask bit is a 0, then do not check the corresponding bit of the IP
address for a
match.
C. If the wildcard mask bit is a 1, then do check the corresponding bit of the IP address
for a
match.
D. If the wildcard mask bit is a 0, then do check the corresponding bit of the IP address
for a
match.
E. To create a Wildcard Mask, always take the inverse of the Subnet Mask.
Answer: A,D
QUESTION NO: 78
You are configuring your new IDS machine, where you have recently installed Snort.
While you
are working with this machine, you wish to create some basic rules to test the ability to
log traffic
as you desire. Which of the following Snort rules will log any tcp traffic from any IP
address to any
port between 1 and 1024 on any host in the 10.0.10.0/24 network?
A. logtcp 0.0.0.0/24-> 10.0.10.0/24 1<> 1024
B. logtcp any any -> 10.0.10.0/24 1<>1024
C. log tcp any any-> 10.0.10.0/24 1:1024
D. log tcp 0.0.0.0/24-> 10.0.10.0/24 1:1024
E. logudp any any-> 10.0.10.0/24 1:1024
Answer: C
QUESTION NO: 79
During a network capture in Network Monitor, you capture some UDP traffic. In a UDP
Header,
what is the function of the first sixteen bits?
A. To define the upper layer protocol
B. To define the source port number
C. To define the destination port number
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 32
D. To define the IP Version
E. To define the type
Answer: B
QUESTION NO: 80
What type of wireless transmission utilizes the process shown in this image?
A. Frequency Hopping Spread Spectrum (FHSS)

B. Direct Sequence Spread Spectrum (DSSS)
C. LamarAnthell Transmission (LAT)
D. Digital Band Hopping (DBH)
E. Digital Channel Hopping (DCH)
Answer: B
QUESTION NO: 81
You are considering your options for a new firewall deployment. At which two layers of
the OSI
model does a simple (stateless) packet filtering firewall operate?
A. Data Link
B. Application
C. Session
D. Presentation
E. Network
Answer: A,E
QUESTION NO: 82
You are evaluating the security of different wireless media, and are considering the use
of
microwave technology. What are the two types of microwave transmissions used in
commercial
wireless networking?
A. Terrestrial
B. Line of sight
C. Diffused
D. Integrated
E. Satellite
Answer: A,E
QUESTION NO: 83
When logging in to a system that uses Challenge/Response authentication what is the
order of
steps a user must follow to complete the login process?
A. Smart Card ID entered into PC
B. Response number from Smart Card entered into PC
C. Challenge number issues to client
D. Number entered into Smart Card
E. a, b, c, d
F. a, d, c, b
G. a, c, d, b
H. c, a, d, b
Answer: C
QUESTION NO: 84
You are configuring a new IDS, running Snort, in your network. To better configure
Snort, you are
studying the configuration file. Which four of the following are the primary parts of the
Snort
configuration file?
A. Postprocessors
B. Variables
C. Preprocessors
D. Output Plug-ins
E. Rulesets
Answer: B,C,D,E
QUESTION NO: 85
Your network traffic has increased substantially over the last year, and you are looking
into your
caching options for frequently visited websites. What are the two types of caching that
ISA Server
2006 supports?
A. Reverse caching
B. Forward caching
C. Inverse caching
D. Recursive caching
E. Real-time caching
Answer: A,B
QUESTION NO: 86
You have been hired at a large company to manage network security issues. Prior to
your arrival,
there was no one dedicated to security, so you are starting at the beginning. You hold a
meeting
and are discussing the main functions and features of network security. One of your
assistants
asks what the function of Authentication in network security is. Which of the following
best
describes Authentication?
A. Data communications as well as emails need to be protected for privacy and
Authentication.
Authentication ensures the privacy of data on the network system.
B. Authentication is a security principle that ensures the continuous accuracy of data
and
information stored within network systems. Data must be kept from unauthorized
modification,
forgery, or any other form of corruption either from malicious threats or corruption that is
accidental
in nature. Upon receiving the email or data communication, authentication must be
verified to
ensure that the message has not been altered, modified, or added to or subtracted from
in transit
by unauthorized users.
C. The security must limit user privileges to minimize the risk of unauthorized access to
sensitive
information and areas of the network that only authorized users should only be allowed
to access.
D. Security must be established to prevent parties in a data transaction from denying
their
participation after the business transaction has occurred. This establishes
authentication for the
transaction itself for all parties involved in the transaction.
E. Authentication verifies users to be who they say they are. In data communications,
authenticating the sender is necessary to verify that the data came from the right
source. The
receiver is authenticated as well to verify that the data is going to the right destination.
Answer: E
QUESTION NO: 87
Your network is a mixed environment of Windows, Linux, and UNIX, computers. The
routers are
primarily Cisco and the network uses a T-1 to connect to the Internet. You are
experimenting with
setting up a mail server in a production environment for internal use only. You do not
want this
mail server to receive any requests from anywhere but the internal network. Therefore
you have
decided to block incoming SMTP traffic at the Firewall. Which port will you block at the
Firewall?
A. 23
B. 25
C. 53
D. 80
e. 110
Answer: B
QUESTION NO: 88
You have been given the task of implementing the wireless solution for your
organization's
campus. Which two antenna types are best suited for bridge applications connecting
two
buildings?
A. Yagi
B. Parabolic
C. Omni-directional
D. Di-polar
E. Mono-polar
Answer: A,B
QUESTION NO: 89
When a wireless client performs the initial process of communicating with an access
point, what is
this process called?
A. Association
B. Identification
C. Authentication
D. Authorization
E. Detection
Answer: A
QUESTION NO: 90
In the image, there are two nodes communicating via two access points that are
bridging together
two segments. In the middle packet, under the left access point, the Address 4: field is
blank. If
this packet is destined for the computer on the right side of the image, what must be the
value of
Address field 4 in this middle packet?
A. ABCD
B. 6789
C. 2345
D. 1234
E. CDEF
Answer: D
QUESTION NO: 91
You are configuring the new machine in your network that you wish to be used for Snort
in your
network. What is the switch used when telling Snort to apply the rules in the Snort
Configuration
file to packets processed by snort?
A. -c
B. -C
C. -r
D. -r
e. -p
Answer: A
QUESTION NO: 92
The exhibit shows a router with three interfaces EO, E1 and SO. Interfaces EO and El
are
connected to internal networks 192.168.10.0 and 192.168.20.0 respectively and
interface SO is
connected to the Internet.
The objective is to allow host 192.168.10.7 access to the Internet via ftp and deny
access to the
Internet to everyone else while allowing them to access resources amongst themselves.
From the
following, select all the access list statements that are required to make this possible.
A. access-list 153permit tcp 192.168.10.7 0.0.0.0 any eq ftp
B. access-list 21permit ip 192.168.10.7 0.0.0.0 any eq ftp
C. access-list 21 deny 0.0.0.0 255.255.255.255
D. int SO, ip access-group 21 out
E. int SO, ip access-group 153 out
F. int E1, ip access-group 153 in
Answer: A,E
QUESTION NO: 93
You have configured Snort and MySQL on your SuSe Linux machine. You wish to
enhance the
system by using BASE. What is the function of BASE on your Snort machine?
A. BASE is an Apache module, required for Snort database connectivity.
B. BASE is a web interface to analyze your Snort data.
C. BASE is a Snort plug-in for managing rule sets.
D. BASE is aphp plug-in required in Apache to use Snort.
E. BASE is used withADOdb to allow for Snort to use php in Apache.
Answer: B
QUESTION NO: 94
Your network is a mixed environment of Windows, Linux, and UNIX, computers. The
routers are
primarily Cisco and the network uses a T-1 to connect to the Internet. You are
experimenting with
setting up a mail server in a production environment for internal use only. You do not
want this mai
server to receive any requests from anywhere but the internal network. Therefore you
have
decided to block incoming SMTP traffic at the Firewall. Which port will you block at the
Firewall?
A. 23
B. 25
C. 53
D. 80
e. 110
Answer: B
QUESTION NO: 95
You have just installed ISA Server 2006 on a Windows Server in your network, and you
are
familiarizing yourself with the new firewall. What are the three basic areas of a newly
installed ISA
Server 2006 firewall?

A. Console Tree
B. Summary Pane
C. Advanced Pane
D. Details Pane
E. Task Pane
Answer: A,D,E
QUESTION NO: 96
When a wireless client performs the initial process of communicating with an access
point, what is
this process called?
A. Association
B. Identification
C. Authentication
D. Authorization
E. Detection
Answer: A
QUESTION NO: 97
When installing a firewall, what is the process by which you remove un-needed services
and
features from a machine to reduce the risk of vulnerabilities to the underlying OS
called?
A. Tightening
B. Cascading
C. Streamlining
D. Cleansing
E. Hardening
Answer: E
QUESTION NO: 98
While you
log traffic
address to any
A. logtcp 0.0.0.0/24 -> 10.0.10.0/24 1<>1024
B. logtcp any any -> 10.0.10.0/24 1<>1024
C. log tcp any any -> 10.0.10.0/24 1:1024
D. log tcp 0.0.0.0/24 -> 10.0.10.0/24 1:1024
E. logudp any any -> 10.0.10.0/24 1:1024
Answer: C
QUESTION NO: 99
You are configuring a new custom IPSec policy on your Windows Server 2003 machine.
On the
rules tab, you find the three default options under the IP Filter List. What are these three
default
options?
A. All TCP Traffic
B. All UDP Traffic
C. All IP Traffic
D. All ICMP Traffic
E. <Dynamic>
Answer: C,D,E
QUESTION NO: 100
You have recently taken over the security of a mid-sized network. You are reviewing the
current
configuration of the IPTables firewall, and notice the following rule:
ipchains -A output -p TCP -d ! 172.168.35.40 www
What is the function of this rule?
A. This rule for the output chain states that all www traffic on 172.168.35.40 from any IP
address is
allowed.
B. This rule for the input chain states that all TCP packets are able to get to the www
service on
any IP address except for 172.168.35.40.
C. This rule for the input chain states that all TCP packets are allowed to the
172.168.35.40 IP
address to any port other than 80.
D. This rule for the output chain states that all TCP packets are able to get to the www
service on
E. This rule for the output chain states that all TCP packets are allowed to the
172.168.35.40 IP
Answer: D
QUESTION NO: 101
You are introducing a co-worker to the security systems in place in your organization.
During the
discussion you begin talking about the network, and how it is implemented. You decide
to run a
packet capture to identify different aspects of network traffic for your co-worker. In the
packet
capture you are able to identify Protocol IDs. What is the IP protocol ID for TCP?
A. Protocol ID 1
B. Protocol ID 44
C. Protocol ID 6
D. Protocol ID 17
E. Protocol ID 4
Answer: C
QUESTION NO: 102
You have been given the task of implementing the wireless solution for your
organization's
campus. Which two antenna types are best suited for bridge applications connecting
two
buildings?
A. Yagi
B. Parabolic
C. Omni-directional
D. Di-polar
E. Mono-polar
Answer: A,B
QUESTION NO: 103
Network Monitor was run on the Windows Server 2003 during a network session. The
exhibit
shows the actual contents of the Network Monitor capture file.
The Hexadecimal value for the IP protocol and source ports have been circled in the
exhibit. The
contents of what combination of IP Protocol and Application Layer Protocol have been
captured
here?
A. TCP _TFTP (Control)
B. UDP _FTP (Control)
C. UDP _TFTP (Control)
D. TCP _FTP (Data)
E. UDP _FTP (Data)
Answer: D
QUESTION NO: 104
You were recently hired as the security administrator of a small business. You are
reviewing the
current state of security in the network and find that the current logging system must be
immediately modified. As the system is currently configured, auditing has no practical
value.
Which of the following are the reasons that the current auditing has little value?
A. The logs go unchecked.
B. The logs are automatically deleted after three months.
C. The logs are deleted using FIFO and capped at 500Kb.
D. The only auditing is successful file access events.
E. The logs are deleted using FIFO and capped at 5000Kb.
Answer: A,D
QUESTION NO: 105
ISA Server 2006 features extensive rule matching abilities. Which of the following lists
has the
proper order for how ISA Server 2006 checks rule elements that make up an Access
rule?
A. Protocol, Source Address and Port, Schedule, Destination Address, User Set, and
Content
Groups
B. Source Address and Port, Protocol, Schedule, Destination Address, User Set, and
Content
Groups
C. Source Address and Port, Destination Address, Schedule, Protocol, User Set, and
Content
Groups
D. Source Address and Port, Destination Address, Protocol, Schedule, User Set, and
Content
Groups
E. Protocol, Source Address and Port, Destination Address, User Set, Content Groups,
and
Schedule
Answer: A
QUESTION NO: 106
You are installing a new firewall and your CEO asks what the benefits will be to the
organization.
Which of the following are benefits to implementing a firewall?
A. Increased bandwidth
B. End node virus control
C. Central network traffic auditing
D. Increased ability to enforce policies
E. Efficient IP Address allocation
Answer: C,D
QUESTION NO: 107
You are reviewing the IDS logs and during your analysis you notice a user account that
had
attempted to log on to your network ten times one night between 3 and 4 AM. This is
quite
different from the normal pattern of this user account, as this user is only in the office
from 8AM to
6PM. Had your IDS detected this anomaly, which of the following types of detection best
describes
this event?
A. External Intrusion
B. Internal Intrusion
C. Misuse Detection
D. Behavioral Use Detection
E. Hybrid Intrusion Attempt
Answer: D
QUESTION NO: 108
current
ipchains -A output -p TCP -d ! 172.168.35.40 www
address is
allowed.
B. This rule for the input chain states that all TCP packets are able to get to the www
service on
C. This rule for the input chain states that all TCP packets are allowed to the
172.168.35.40 IP
service on
any IP address except for 172.168.35.40. E. This rule for the output chain states that all
TCP
packets are allowed to the 172.168.35.40 IP address to any port other than 80.
Answer: D
QUESTION NO: 109
You have been working with Snort, on your Windows Server 2003, for some time as a
packet
capture tool, and now wish to connect Snort to a database on your server. You install
MySQL as
the database, and are ready to configure Snort. If the database is named: snortdbl, has
a user
name of: snort, and a password of: snortpass, what is the configuration line you need to
add to
Snort?
A. output database: log,mysql, username:snort, password:snortpass, dbname:snortdbl,
host:localhost
B. output database: log:mysql: user=snort: password=snortpass: dbname=snortdbl:
host=localhost
C. output database: log;mysql; username:snort; password:snortpass; dbname:snortdbl;
host:localhost
D. output database logmysql user=snort password=snortpass dbname=snortdbl
host=localhost
E. output database: log,mysql, user=snort password=snortpass dbname=snortdbl

host=localhost
Answer: E
QUESTION NO: 110
As you analyze the settings of the Secure Server (Require Security) IPSec policy in
Windows
Server 2003, you are looking at the options available for encryption and integrity. Which
of the
following answers presents a legitimate combination for encryption and integrity in the
IPSec
policy?
A. Encryption: SHA1, Integrity: 3DES
B. Encryption: 3DES, Integrity: SHA1
C. Encryption: RSA, Integrity: MD5
D. Encryption: MD5, Integrity: RSA
E. Encryption: SHA1, Integrity: MD5
Answer: B
QUESTION NO: 111
During a network analysis session, you capture several TCP/IP sessions. You focus
your analysis
on the IP Headers. In an IP Header, what is the function of the first four bits?
A. To define the type
E. To define the upper layer protocol
Answer: D
QUESTION NO: 112
You are training some network administrators to analyze log files. Some of the logs
present IP
addresses in binary. You explain the usefulness of reading addresses in multiple
formats. You
demonstrate several conversions between decimal and binary. What is the decimal
equivalent of
the following binary IP address: 11001111.10001010.01101101.01110001
A. 197.138.119.113
B. 217.126.109.213
C. 217.138.119.113
D. 197.136.119.117
E. 207.138.109.113
Answer: E
QUESTION NO: 113
During a network capture, using Wireshark, you capture some ICMP traffic for analysis.
In an
ICMP Message, what is the function of the first eight bits?

A. To define the source port number
B. To define the type
Answer: B
QUESTION NO: 114
current
ipchains -A output -p TCP -d 172.168.35.40 ! www
address is
allowed.
B. This rule for the input chain states that all TCP packets are allowed to the
172.168.35.40 IP
C. This rule for the input chain states that all TCP packets are able to get to the www
service on
service on
E. This rule for the output chain states that all TCP packets are allowed to the
172.168.35.40 IP
Answer: E
QUESTION NO: 115
In the image, there are two nodes communicating via two access points that are
bridging together
two segments. In the middle packet, under the left access 4: field is blank. If this packet
is destined
for the computer on the right side of the image, what must be the value of Address field
4 in this
middle packet?
A. ABCD
B. 6789
C. 2345
D. 1234
E. CDEF
Answer: D
QUESTION NO: 116
The main reason you have been hired at a company is to bring the network security of
the
organization up to current standards. A high priority is to have a full security audit of the
network
as soon as possible. You have chosen an Independent Audit and are describing it to
your
coworkers. Which of the following best describes an Independent Audit?
A. An independent audit is usually conducted by external or outside resources and may
be a
review or audit of detailed audit logs.
B. The independent audit is usually done by the current network administrators who
ensure the
security measures are up to international standards.
C. The independent audit is typically done by an internal team who ensures the security
measures
are up to international standards.
D. The independent audit is usually done by internal resources to examine the current
daily and
on-going activities within a network system for compliance with an established security
policy.
E. The independent audit is typically done by a contracted outside team of security
experts who
check for policy compliance.
Answer: A
QUESTION NO: 117
At a policy meeting you have been given the task of creating the firewall policy. What
are the two
basic positions you can take when creating the policy?
A. To deny all traffic and permit only that which is required.
B. To permit only IP traffic and filter TCP traffic
C. To permit only TCP traffic and filter IP traffic
D. To permit all traffic and deny that which is required.
E. To include your internal IP address as blocked from incoming to prevent spoofing.
Answer: A,D
QUESTION NO: 118
You have decided to implement SSH for communicating to your router. What does 5SH
use to
establish a secure channel of communication?
A. RSA Public Key Cryptography
B. DES Public Key Cryptography
C. MD5 Private Key Cryptography
D. MD5 Public Key Cryptography
E. RSA Private Key Cryptography
Answer: A
QUESTION NO: 119

You have been hired at a large company to manage network. Prior to your arrival, there
was no
one dedicated to security, so you are starting at the beginning. You hold a meeting and
are
discussing the main functions and features of network security. One of your assistants
asks what
the function of Integrity in network security is. Which of the following best describes
Integrity?
A. The security must limit user privileges to minimize the risk of unauthorized access to
sensitive
information and areas of the network that only authorized users should only be allowed
to access.
B. Integrity verifies users to be who they say they are. In data communications, the
integrity of the
sender is necessary to verify that the data came from the right source. The receiver is
authenticated as well to verify that the data is going to the right destination.
C. Data communications as well as emails need to be protected for privacy and
Integrity. Integrity
ensures the privacy of data on the network system.
D. Integrity is a security principle that ensures the continuous accuracy of data and
information
stored within network systems. Data must be kept from unauthorized modification,
forgery, or any
other form of corruption either from malicious threats or corruption that is accidental in
nature.
Upon receiving the email or data communication, integrity must be verified to ensure
that the
message has not been altered, modified, or added to or subtracted from in transit by
unauthorized
users.
E. Security must be established to prevent parties in a data transaction from denying
their
participation after the business transaction has occurred. This establishes integrity for
the
transaction itself for all parties involved in the transaction.
Answer: D
QUESTION NO: 120
Your company has created it's security policy and it's time to get the firewall in place.
Your group
is trying to decide whether to build a firewall or buy one. What are some of the
downsides to
deciding to build a firewall rather than purchase one?
A. Weak (or no) management GUI.
B. Weak (or no) logging and alerting.

C. Weak rule configuration.
D. The OS cannot be hardened before implementing the firewall on it.
E. Weak (or no) real time monitoring.
Answer: A,B,E
QUESTION NO: 121
You are working on your company's IPTables Firewall; you wish to create a rule to
address traffic
using ports 1024 through 2048. Which of the following would you use during the
creation of your
rule?
A. p:1024 P:2048
B. P:1024 p2048
C. p=1024-2048
D. 1024-2048
E. 1024:2048
Answer: E
QUESTION NO: 122
If you configure an access-list to block the following networks, what are you trying to
protect
against? Network 127.0.0.0/8, Network 0.0.0.0/0 Network 10.0.0.0/8 Network
172.16.0.0/16, and
Network 192.168.0.0/16. "
A. You are trying to protect against hijacking
B. You are trying to protect against spoofing
C. You are trying to protect against sniffing
D. You are trying to protect against splicing
E. You are trying to protect against capturing
Answer: B
QUESTION NO: 123
You are configuring your Snort rules and you wish to tell Snort to log and send notice
when a type
of packet is received, what rule action syntax will you use?
A. Alert
B. Log
C. Pass
D. Activate
E. Dynamic
Answer: A
QUESTION NO: 124
If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set
to zero,
what type of WLAN is this frame a part of?
A. Mesh
B. Broadcast
C. Infrastructure
D. Hierarchical
E. Ad Hoc
Answer: E
QUESTION NO: 125
You are configuring a new custom IPSec policy on your Windows Server 2003 machine.
On the
rules tab, you find the three default options under the IP Filter List. What are these three
default
options?
A. All TCP Traffic
B. All UDP Traffic
C. All IP Traffic
D. All ICMP Traffic
E. <Dynamic>
Answer: C,D,E
QUESTION NO: 126
You are configuring your new Intrusion Detection System, and studying the true-false
matrix. You
read about the different types of alarms and events. Which of the following defines an
event where
an alarm is indicating an intrusion when there is no actual intrusion?
A. True-negative
B. False-positive
C. True-positive
D. False-negative
E. Absolute-positive
Answer: B
QUESTION NO: 127
Your office branch has been assigned the network address of 10.10.0.0/16 by the
Corporate HQ.
Presently your network addressing scheme has these addresses split into eight
networks as
shown below:
1: 10.10.0.0/19
2: 10.10.32.0/19
3: 10.10.64.0/19
4: 10.10.96.0/19
5: 10.10.128.0/19
6: 10.10.160.0/19
7: 10.10.192.0/19
8: 10.10.224.0/19
You need to take the currently unused block of network 10.10.160.0/19 and further
divide it into
eight networks for use by a satellite branch that is being designed on the fourth floor of
your
building. What will the new subnet mask be for these new networks?
A. 255.255.252.0
B. 255.255.0.0
C. 255.248.0.0
D. 255.255.240.0
E. 255.255.255.0
Answer: A
QUESTION NO: 128
You are the firewall administrator at your company and the network administrators have
decided to
implement a PPTP VPN solution, which of these ports would you need to allow through
the firewall
to allow these VPN sessions into your network?
A. 1723
B. 2397
C. 5273
D. 4378
E. 7135
Answer: A
QUESTION NO: 129
When you took over the security responsibilities at your office, you noticed there were
no warning
banners on any of the equipment. You have decided to create a warning login banner
on your
Cisco router. Which of the following shows the correct syntax for the banner creation?
A. banner login C Restricted access. Only authorized users allowed to access this
device. C
B. login banner C Restricted access. Only authorized users allowed to access this
device. C
C. banner loginRestricted access. Only authorized users allowed to access this device.
D. login bannerRestricted access. Only authorized users allowed to access this device.
E. banner logging C Restricted access. Only authorized users allowed to access this
device. C
Answer: A
QUESTION NO: 130
You are introducing a co-worker to the security systems in place in your organization.
During the
discussion you begin talking about the network, and how it is implemented. You decide
to run a
packet capture to identify different aspects of network traffic for your co-worker. In the
packet
capture you are able to identify Protocol IDs. What is the IP protocol ID for TCP?
A. Protocol ID 1
B. Protocol ID 44
C. Protocol ID 6
D. Protocol ID 17
E. Protocol ID 4
Answer: C
QUESTION NO: 131
You are a host in a network segment that has IP addresses in the range of
10.0.16.1~10.0.31.254.
You need to create an access control list that will filter your segment of addresses.
Which of the
following is the wildcard mask that will be used to filter your network segment?
A. 0.0.15.255
B. 0.0.16.254
C. 255.240.0.0
D. 0.0.240.0
E. 10.0.16.1/20
Answer: A
QUESTION NO: 132
During an analysis of your IPSec implementation, you capture traffic with Network
Monitor. You
are verifying that IP is properly identifying AH. When you look into IP, what protocol ID
would IP
identify with AH?
A. Protocol ID 0x800 (800)
B. Protocol ID 0x6 (6)
C. Protocol ID 0x15 (21)
D. Protocol ID 0x33 (51)
E. Protocol ID 0x1 (1)
Answer: D
QUESTION NO: 133
Your company has recently become security conscious and wishes to protect it's
electronic
assets. What is the first thing you should have in place before configuring rules for your
company's
firewall?
A. A Security Policy
B. AN IDS
C. A DNS server
D. An Email server
E. A WINS server
Answer: A
QUESTION NO: 134
While you
log traffic
address to any
A. logtcp 0.0.0.0/24 -> 10.0.10.0/24 1<>1024
B. logtcp any any -> 10.0.10.0/24 1<>1024
C. log tcp any any -> 10.0.10.0/24 1:1024
D. log tcp 0.0.0.0/24 -> 10.0.10.0/24 1:1024
E. logudp any any -> 10.0.10.0/24 1:1024
Answer: C
QUESTION NO: 135
You are configuring your new IDS machine, and are creating new rules. You enter the
following
rule:
Alert tcp any any -> 10.0.10.0/24 any (msg: "NULL scan detected"; flags: 0;)
What is the effect of this rule?
A. This is a logging rule, designed to capture NULL scans originating from the
10.0.10.0/24
network.
B. This is a logging rule, designed to capture NULL scans.
C. This is an alert rule, designed to notify you of NULL scans of the network in either
direction.
D. This is an alert rule, designed to notify you of NULL scans of the network in one
direction.
E. This is a logging rule, designed to notify you of NULL scans.
Answer: D
QUESTION NO: 136
following
rule:
Alert tcp any any -> any 23 (msg: "Telnet Connection Attempt";)
A. This is a logging rule, designed to capture any telnet attempts
B. This is an alert rule, designed to notify you of the use of telnet in either direction
C. This is an alert rule, designed to notify you of the use of telnet in one direction
D. This is a logging rule, designed to notify you of telnet connection attempts
E. This is an alert rule, designed to notify you of attempts to connect from any IP
address on port
23 to any IP address and any port on a remote host.
Answer: C
QUESTION NO: 137
Your organization has extensive resources that you must make available to authorized
users,
through your ISA Server 2006. From the following answers, select the one that is not a
feature of
ISA Server Content Publishing:
A. Secure Sockets Layer (SSL) Bridging
B. Web Caching and Delivery
C. Web Publishing Load Balancing
D. Enhanced Multi-factor Authentication
E. Robust Logging and Reporting
Answer: B
QUESTION NO: 138
You are configuring the IP addressing for your network. One of the subnets has been
defined with
addresses already. You run ifconfig on a host and determine that it has an address of
10.12.32.18/14. What is the broadcast address for this network?
A. 0.0.0.0
B. 10.255.255.255
C. 10.12.0.0
D. 10.12.255.255
E. 10.15.255.255
Answer: E
QUESTION NO: 139
In order to add to your layered defense, you wish to implement some security
configurations on
your router. If you wish to have the router work on blocking TCP SYN attacks, what do
you add to
the end of an ACL statement?
A. The IP addresses for allowed networks
B. The port range of allowed applications
C. The word Established
D. The word Log
E. The string: no serviceudp-small-servers
Answer: C
QUESTION NO: 140
exhibit
exhibit. The
captured
here?
C. UDP _TFTP (Control
D. TCP _FTP (Data)
E. UDP _FTP (Data)
Answer: D
QUESTION NO: 141
While you
log traffic
as you desire. Which of the following Snort rules will log any telnet traffic from any IP
address to
port 23 of the 10.0.10.0/24 network?
A. logudp any any -> 10.0.10.0/24 23
B. log anyany -> 10.0.10.0/24 telnet
C. logudp telnet any -> 10.0.10.0/255.255.255.0
D. log tcp telnet any -> 10.0.10.0/255.255.255.0
E. log tcp any any -> 10.0.10.0/24 23
Answer: E
QUESTION NO: 142
You are configuring your new Cisco router. During your configuration you wish to
eliminate any
security risks you can, as based on your organizational security policy. The policy states
that the
Cisco Discovery Protocol is not to be used on any interface on any of the routers. What
is the
command to turn off CDP for the entire router?
A. nocdp broadcast
B. cdp disable
C. nocdp enable
D. nocdp run
E. nocdp neighbors
Answer: D
QUESTION NO: 143
Which of the following is a potential weakness of a commercial firewall product that is
installed on
a hardened machine?
A. That you will not be able to use it in conjunction with personal firewalls on user's
desktop
machines.
B. You will have to give the vendor confidential network information.

C. You will be required to use the configuration that the vendor assigns you.
D. That the firewall's vendor may be compromised and your private information may
publicly
available.
E. That it may be vulnerable to attacks targeting the underlying Operating System.
Answer: E
QUESTION NO: 144
You are considering adding layers to your authentication system currently in place.
Reading
through some of the vendor literature on logon solutions, it frequently mentions two and
three
factor authentication. Your assistant asks you what the difference between the two is.
Select the
options that correctly describe two-factor and three-factor authentication:
A. Two-factor authentication is the process of providing something you have along with
something
you know.
B. Two-factor authentication is the process of providing two forms of authentication,
such as a
username and a password.
C. Two-factor authentication is the process of authenticating twice during the login
sequence to
verify user identity.
D. Three-factor authentication is the process of providing something you have along
with
something you know and something you are.
E. Three-factor authentication is the process of providing three forms of authentication,
such as
username, password, and sitting at the physical machine to login.
Answer: A,D
QUESTION NO: 145
following
rule:
Alert tcp any any -> 10.0.10.0/24 any (msg: "SYN-FIN scan detected"; flags: SF;)
A. This is an alert rule, designed to notify you of SYN-FIN scans of the network in one
direction.
B. This is an alert rule, designed to notify you of SYN-FIN scans of the network in either
direction.
C. This is a logging rule, designed to capture SYN-FIN scans.
D. This is a logging rule, designed to notify you of SYN-FIN scans.
E. This is an alert rule, designed to notify you of SYN-FIN scans originating from the
10.0.10.0/24
network.
Answer: A
QUESTION NO: 146
current
ipchains -A output -p TCP -s 10.0.10.0/24 -d 0.0.0.0/0 80 -j ACCEPT
A. This rule for the output chain states that any TCP traffic from the 10.0.10.0 network
and
destined for any IP address on port 80 is to be accepted.
B. This rule for the input chain states that any TCP traffic from the 10.0.10.0 network
and destined
for any IP address on port 80 is to be accepted.
C. This rule for the output chain states that all traffic from any network and destined for
the
10.0.10.0 network on port 80 is to be accepted.
D. This rule states that all web traffic from any network is to jump to the accept rule.
E. This rule states that all incoming web traffic from any network is to be output to the
accept rule.
Answer: A
QUESTION NO: 147
You were recently hired as the security administrator of a small business. You are
reviewing the
current state of security in the network and find that the current logging system must be
immediately modified. As the system is currently configured, auditing has no practical
value.
Which of the following are the reasons that the current auditing has little value?
A. The logs go unchecked.
B. The logs are automatically deleted after three months.
C. The logs are deleted using FIFO and capped at 500Kb.
D. The only auditing is successful file access events.
E. The logs are deleted using FIFO and capped at 5000Kb.
Answer: A,D
QUESTION NO: 148
In the command ipchains -N chain , what will the -N accomplish in the chain?
A. Calls up the next sequential chain
B. Create a new chain named "chain"
C. Calls up the chain named "chain"
D. Negate the current chain
E. Commit the new changes in the present chain
Answer: B
QUESTION NO: 149

If you wish to create a new rule in ISA Server 2006 so that all file attachments with an
.exe
extension that come through the firewall are dropped, what would you select in the
Toolbox to
create this rule?
A. Content Type
B. User Group
C. Destination Set
D. Protocol Set
E. Extension Type
Answer: A
QUESTION NO: 150
You are the firewall administrator for your company and you have just learned that the
Server
administrators are gearing up support an L2TP based VPN solution. You are told to be
sure that
your firewall rule sets will not hinder the performance of the VPN. Which port, from the
following
list, will you have to allow through the firewall?
A. TCP 1701
B. UDP 1701
C. TCP 443
D. UDP 443
E. TCP 1601
Answer: B
QUESTION NO: 151
You are in the process of configuring your network firewall policy. As you begin building
the
content of the policy you start to organize the document into sections. Which of the
following are
sections found in the firewall policy?
A. The Acceptable Use Statement
B. The Firewall Administrator Statement
C. The Network Connection Statement
D. The Incident Handling Statement
E. The Escalation Procedures Statement
Answer: A,B,C
QUESTION NO: 152
Your network is going to implement a new IPSec solution. Which of the following IPSec
components is used to define the security environment in which the two hosts
communicate?
A. Management Tools
B. Security Association API
C. IPSec Driver
D. IP Policy Agent
E. IP Security Policy and Security Association
Answer: E
QUESTION NO: 153
You have been given the task of building the new wireless networks for your office, and
you need
to verify that your equipment will not interfere with other wireless equipment
frequencies. What
wireless standard allows for up to 11 Mbps transmission rates and operates in the
2.4GHz range?
A. 802.11b
B. 802.11e
C. 802.11a
D. 802.11i
E. 802.11g
Answer: A
QUESTION NO: 154
The exhibit shows a router with three interfaces EO, E1 and SO. Interfaces EO and E1
are
interface SO is
The objective is to allow only network 192.168.20.0 to access e-commerce Web sites
on the
Internet, while allowing all internal hosts to access resources within the internal network.
From the
A. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 80
B. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 53
C. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 443
D. access-list 113 permit tcp 192.168.20.0 0.0.0.255 any It 1023
E. int SO, ip access-group 113 in
G. int SO, ip access-group 113 out
Answer: A,B,C,G
QUESTION NO: 155
It is a given that two computers that communicate using TCP/IP as the protocol must
use valid
addresses and media to do so. What combination of the following is required to create a
TCP/IP
socket?
A. The MAC Address, the IP Address and the IP Protocol ID

B. The IP Address, the IP Protocol ID and a Port number
C. The MAC Address and the IP Protocol ID
D. The MAC Address, the IP Protocol ID and a Port number
E. The Ethertype and a Port number
Answer: B
QUESTION NO: 156
To verify that your PPTP implementation is working as you intended, you sniff the
network after
the implementation has been completed. You are looking for specific values in the
captures that
will indicate to you the type of packets received. You analyze the packets, including
headers and
payload. PPTP works at which layer of the OSI model?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
E. Layer5
Answer: B
QUESTION NO: 157
During the configuration of your newly installed ISA Server 2006, you are creating new
rules.
Which three of the following answers are used to create a protocol rule in ISA Server
2006?
A. Filter
B. Name
C. Direction
D. Action
E. Network
Answer: B,D,E
QUESTION NO: 158
As you analyze the settings of the Secure Server (Require Security) IPSec policy in
Windows
Server 2003, you are looking at the options available for encryption and integrity. Which
of the
following answers presents a legitimate combination for encryption and integrity in the
IPSec
policy?
A. Encryption: SHA1, Integrity: 3DES
B. Encryption: 3DES, Integrity: SHA1
C. Encryption: RSA, Integrity: MD5
D. Encryption: MD5, Integrity: RSA
E. Encryption: SHA1, Integrity: MD5
Answer: B
QUESTION NO: 159
You have recently been contracted to implement a new firewall solution at a client site.
What are
the two basic forms firewall implementations?
A. Chaining
B. Stateful
C. DMZ
D. Stateless
E. KMZ
Answer: B,D
QUESTION NO: 160
You are configuring a L2TP solution between your office and your primary branch office.
The CEO
has requested a report on the benefits of using this technology. Which of the following
benefits
does L2TP (with IPSec) provide?
A. Bandwidth Management
B. Encryption
C. User Authentication
D. Packet Authentication
E. Key Management
Answer: B,D,E
QUESTION NO: 161
exhibit
exhibit. The
captured
here?
C. UDP _TFTP (Control)
D. TCP _FTP (Data)
E. UDP _FTP (Data)
Answer: D
QUESTION NO: 162
During a network analysis session, you capture several TCP/IP sessions. You focus
your analysis
on the IP Headers. In an IP Header, what is the function of the first four bits?
A. To define the type

Answer: D
QUESTION NO: 163
In order to properly manage the network traffic in your organization, you need a
complete
understanding of protocols and networking models. In regards to the 7-layer OSI model,
what is
the function of the Transport Layer?
A. The Transport layer allows two applications on different computers to establish, use,
and end a
session. This layer establishes dialog control between the two computers in a session,
regulating
which side transmits, plus when and how long it transmits.
B. The Transport layer manages logical addresses. It also determines the route from the
source to
the destination computer and manages traffic problems, such as routing, and controlling
the
congestion of data packets.
C. The Transport layer packages raw bits from the Physical (Layer 1) layer into frames
(structured
packets for data). Physical addressing (as opposed to network or logical addressing)
defines how
devices are addressed at the data link layer. This layer is responsible for transferring
frames from
one computer to another, without errors. After sending a frame, it waits for an
acknowledgment
from the receiving computer.
D. The Transport layer transmits bits from one computer to another and regulates the
transmission
of a stream of bits over a physical medium. For example, this layer defines how the
cable is
attached to the network adapter and what transmission technique is used to send data
over the
cable.
E. The Transport layer handles error recognition and recovery. It also repackages long
messages,
when necessary, into small packets for transmission and, at the receiving end, rebuilds
packets
into the original message. The corresponding Transport layer at the receiving end also
sends
receipt acknowledgments.
Answer: E
QUESTION NO: 164

You are configuring the IP addressing for your network. One of the subnets has been
defined with
addresses already. You run ifconfig on a host and determine that it has an address of
10.12.32.18/14. What is the broadcast address for this network?
A. 0.0.0.0
B. 10.255.255.255
C. 10.12.0.0
D. 10.12.255.255
E. 10.15.255.255
Answer: E
QUESTION NO: 165
In your current organization, you have been given the task of implementing the IPSec
solution. All
your servers are running Windows Server 2003, so you wish to use the built in policies.
What are
the three default IPSec policies in Windows Server 2003?
A. Server (Require Security)
B. Server (Request Security)
C. Client (Respond Only)
D. Client (Request Security)
E. Server (Respond Only)
Answer: A,B,C
QUESTION NO: 166
You are configuring the new Intrusion Detection System at your office. Your CEO asks
you what
the IDS will do for the organization. You tell the CEO about the three main components
of Network
Security and explain how an IDS can be used to meet two of those components. What
are the two
major components of network security that an IDS can meet?
A. Prevention
B. Analysis
C. Detection
D. Interpretation
E. Response
Answer: C,E
QUESTION NO: 167
You are installing a new firewall and your CEO asks what the benefits will be to the
organization.
Which of the following are benefits to implementing a firewall?
A. Increased bandwidth
B. End node virus control
C. Central network traffic auditing
D. Increased ability to enforce policies

E. Efficient IP Address allocation
Answer: C,D
QUESTION NO: 168
are
interface SO is
The objective is to allow two hosts, 192.168.20.16 and 192.168.10.7 access to the
Internet while
all other hosts are to be denied Internet access. All hosts on network 192.168.10.0 and
192.168.20.0 must be allowed to access resources on both internal networks. From the
following,
select all the access list statements that are required to make this possible.
A. access-list 53permit 192.168.20.16 0.0.0.0
B. access-list 80permit 192.168.20.16 0.0.0.0
C. access-list 53 deny 0.0.0.0 255.255.255.255
D. access-list 80permit 192.168.10.7 0.0.0.0
E. int SO, ip access-group 53 out
F. int SO, ip access-group 80 out
Answer: B,D,F
QUESTION NO: 169
the OSI
A. Data Link
B. Application
C. Session
D. Presentation
E. Network
Answer: A,E
QUESTION NO: 170
The following exhibit is a screen shot of a capture using Network Monitor. Examine the
details as
shown for a frame and identify which of the statements that follow best describes it.
A. This frame represents an ICMP echo message between the two hosts
B. This frame represents an IP broadcast trying to resolve the target IP address to its
MAC
address
C. This frame represents an Ethernet broadcast trying to resolve the target IP address
to its MAC
address
D. This frame represents a reply from the target machine with the appropriate resolution
E. This frame represents the first fragment of the three-way handshake.
Answer: C
QUESTION NO: 171
installed on
a hardened machine?
desktop
machines.
publicly
available.
Answer: E
QUESTION NO: 172
installed on
a hardened machine?
desktop
machines.
publicly
available.
Answer: E
QUESTION NO: 173
In order to perform promiscuous mode captures using the Wireshark capture tool on a
Windows
Server 2003 machine, what must first be installed?
A. IPv4 stack
B. IPv6 stack
C. WinPcap
D. Nothing, it will capture by default
E. At least two network adapters
Answer: C
QUESTION NO: 174
You have found a user in your organization who has managed to gain access to a
system that this
user was not granted the right to use. This user has just provided you with a working
example of
which of the following?
A. Intrusion
B. Misuse
C. Intrusion detection
D. Misuse detection
E. Anomaly detection
Answer: A
QUESTION NO: 175
You have recently been contracted to implement a new firewall solution at a client site.
What are
the two basic forms firewall implementations?
A. Chaining
B. Stateful
C. DMZ
D. Stateless
E. KMZ
Answer: B,D
QUESTION NO: 176
the OSI
A. Data Link
B. Application
C. Session
D. Presentation
E. Network
Answer: A,E
QUESTION NO: 177
Your organization has extensive resources that you must make available to authorized
users,
through your ISA Server 2006. From the following answers, select the one that is not a
feature of
ISA Server Content Publishing:
A. Secure Sockets Layer (SSL) Bridging
B. Web Caching and Delivery
C. Web Publishing Load Balancing
D. Enhanced Multi-factor Authentication
E. Robust Logging and Reporting
Answer: B
QUESTION NO: 178
are
interface SO is
The objective is to allow only network 192.168.20.0 to access e-commerce Web sites
on the
Internet, while allowing all internal hosts to access resources within the internal network.
From the
A. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 80
B. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 53
C. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 443
D. access-list 113 permittcp 192.168.20.0 0.0.0.255 any It 1023
E. int SO, ip access-group 113 in
G. int SO, ip access-group 113 out
Answer: A,B,C,G
QUESTION NO: 179
In your office, you are building the new wireless network, and you will need to install
several
access points. What do wireless access points use to counter multipath interference?
A. Multiple encryption algorithms
B. Multiple Antennas
C. Multiple radio frequencies
D. Duplicate packet transfer
E. Secondary transmissions
Answer: B
QUESTION NO: 180
One of the firewall choices you are thinking of implementing, in your network, is a proxy
server. A
proxy server can accomplish which of the following statements?
A. Cache web pages for increased performance
B. Operate at the Application layer of the OSI model
C. Allow direct communication between an internal and external host
D. Permit or deny traffic based upon type of service
E. Filter executables that are attached to an e-mail
Answer: A,B,D,E

SCP SC0-451 Part 2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SCP SC0-451 Part 2

Uploaded by

Copyright:

Available Formats

QUESTION NO: 77

A. Frequency Hopping Spread Spectrum (FHSS)

Server 2006 firewall?

E. output database: log,mysql, user=snort password=snortpass dbname=snortdbl

ICMP Message, what is the function of the first eight bits?

QUESTION NO: 119

B. Weak (or no) logging and alerting.

B. You will have to give the vendor confidential network information.

QUESTION NO: 149

A Composite Solution With Just One Click - Certification Guaranteed 62

C. To define the destination port number

QUESTION NO: 164

D. Increased ability to enforce policies

You might also like