Professional Documents
Culture Documents
You are configuring a Cisco Router, and are creating Access Control Lists as part of the
security
of the network. When creating Wildcard Masks, which of the following rules apply?
A. If the wildcard mask bit is a 1, then do not check the corresponding bit of the IP
address for a
match.
B. If the wildcard mask bit is a 0, then do not check the corresponding bit of the IP
address for a
match.
C. If the wildcard mask bit is a 1, then do check the corresponding bit of the IP address
for a
match.
D. If the wildcard mask bit is a 0, then do check the corresponding bit of the IP address
for a
match.
E. To create a Wildcard Mask, always take the inverse of the Subnet Mask.
Answer: A,D
QUESTION NO: 78
You are configuring your new IDS machine, where you have recently installed Snort.
While you
are working with this machine, you wish to create some basic rules to test the ability to
log traffic
as you desire. Which of the following Snort rules will log any tcp traffic from any IP
address to any
port between 1 and 1024 on any host in the 10.0.10.0/24 network?
A. logtcp 0.0.0.0/24-> 10.0.10.0/24 1<> 1024
B. logtcp any any -> 10.0.10.0/24 1<>1024
C. log tcp any any-> 10.0.10.0/24 1:1024
D. log tcp 0.0.0.0/24-> 10.0.10.0/24 1:1024
E. logudp any any-> 10.0.10.0/24 1:1024
Answer: C
QUESTION NO: 79
During a network capture in Network Monitor, you capture some UDP traffic. In a UDP
Header,
what is the function of the first sixteen bits?
A. To define the upper layer protocol
B. To define the source port number
C. To define the destination port number
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 32
D. To define the IP Version
E. To define the type
Answer: B
QUESTION NO: 80
What type of wireless transmission utilizes the process shown in this image?
studying the configuration file. Which four of the following are the primary parts of the
Snort
configuration file?
A. Postprocessors
B. Variables
C. Preprocessors
D. Output Plug-ins
E. Rulesets
Answer: B,C,D,E
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 34
QUESTION NO: 85
Your network traffic has increased substantially over the last year, and you are looking
into your
caching options for frequently visited websites. What are the two types of caching that
ISA Server
2006 supports?
A. Reverse caching
B. Forward caching
C. Inverse caching
D. Recursive caching
E. Real-time caching
Answer: A,B
QUESTION NO: 86
You have been hired at a large company to manage network security issues. Prior to
your arrival,
there was no one dedicated to security, so you are starting at the beginning. You hold a
meeting
and are discussing the main functions and features of network security. One of your
assistants
asks what the function of Authentication in network security is. Which of the following
best
describes Authentication?
A. Data communications as well as emails need to be protected for privacy and
Authentication.
Authentication ensures the privacy of data on the network system.
B. Authentication is a security principle that ensures the continuous accuracy of data
and
information stored within network systems. Data must be kept from unauthorized
modification,
forgery, or any other form of corruption either from malicious threats or corruption that is
accidental
in nature. Upon receiving the email or data communication, authentication must be
verified to
ensure that the message has not been altered, modified, or added to or subtracted from
in transit
by unauthorized users.
C. The security must limit user privileges to minimize the risk of unauthorized access to
sensitive
information and areas of the network that only authorized users should only be allowed
to access.
D. Security must be established to prevent parties in a data transaction from denying
their
participation after the business transaction has occurred. This establishes
authentication for the
transaction itself for all parties involved in the transaction.
E. Authentication verifies users to be who they say they are. In data communications,
authenticating the sender is necessary to verify that the data came from the right
source. The
receiver is authenticated as well to verify that the data is going to the right destination.
Answer: E
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 35
QUESTION NO: 87
Your network is a mixed environment of Windows, Linux, and UNIX, computers. The
routers are
primarily Cisco and the network uses a T-1 to connect to the Internet. You are
experimenting with
setting up a mail server in a production environment for internal use only. You do not
want this
mail server to receive any requests from anywhere but the internal network. Therefore
you have
decided to block incoming SMTP traffic at the Firewall. Which port will you block at the
Firewall?
A. 23
B. 25
C. 53
D. 80
e. 110
Answer: B
QUESTION NO: 88
You have been given the task of implementing the wireless solution for your
organization's
campus. Which two antenna types are best suited for bridge applications connecting
two
buildings?
A. Yagi
B. Parabolic
C. Omni-directional
D. Di-polar
E. Mono-polar
Answer: A,B
QUESTION NO: 89
When a wireless client performs the initial process of communicating with an access
point, what is
this process called?
A. Association
B. Identification
C. Authentication
D. Authorization
E. Detection
Answer: A
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 36
QUESTION NO: 90
In the image, there are two nodes communicating via two access points that are
bridging together
two segments. In the middle packet, under the left access point, the Address 4: field is
blank. If
this packet is destined for the computer on the right side of the image, what must be the
value of
Address field 4 in this middle packet?
A. ABCD
B. 6789
C. 2345
D. 1234
E. CDEF
Answer: D
QUESTION NO: 91
You are configuring the new machine in your network that you wish to be used for Snort
in your
network. What is the switch used when telling Snort to apply the rules in the Snort
Configuration
file to packets processed by snort?
A. -c
B. -C
C. -r
D. -r
e. -p
Answer: A
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 37
QUESTION NO: 92
The exhibit shows a router with three interfaces EO, E1 and SO. Interfaces EO and El
are
connected to internal networks 192.168.10.0 and 192.168.20.0 respectively and
interface SO is
connected to the Internet.
The objective is to allow host 192.168.10.7 access to the Internet via ftp and deny
access to the
Internet to everyone else while allowing them to access resources amongst themselves.
From the
following, select all the access list statements that are required to make this possible.
A. access-list 153permit tcp 192.168.10.7 0.0.0.0 any eq ftp
B. access-list 21permit ip 192.168.10.7 0.0.0.0 any eq ftp
C. access-list 21 deny 0.0.0.0 255.255.255.255
D. int SO, ip access-group 21 out
E. int SO, ip access-group 153 out
F. int E1, ip access-group 153 in
Answer: A,E
QUESTION NO: 93
You have configured Snort and MySQL on your SuSe Linux machine. You wish to
enhance the
system by using BASE. What is the function of BASE on your Snort machine?
A. BASE is an Apache module, required for Snort database connectivity.
B. BASE is a web interface to analyze your Snort data.
C. BASE is a Snort plug-in for managing rule sets.
D. BASE is aphp plug-in required in Apache to use Snort.
E. BASE is used withADOdb to allow for Snort to use php in Apache.
Answer: B
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 38
QUESTION NO: 94
Your network is a mixed environment of Windows, Linux, and UNIX, computers. The
routers are
primarily Cisco and the network uses a T-1 to connect to the Internet. You are
experimenting with
setting up a mail server in a production environment for internal use only. You do not
want this mai
server to receive any requests from anywhere but the internal network. Therefore you
have
decided to block incoming SMTP traffic at the Firewall. Which port will you block at the
Firewall?
A. 23
B. 25
C. 53
D. 80
e. 110
Answer: B
QUESTION NO: 95
You have just installed ISA Server 2006 on a Windows Server in your network, and you
are
familiarizing yourself with the new firewall. What are the three basic areas of a newly
installed ISA
You are configuring a new custom IPSec policy on your Windows Server 2003 machine.
On the
rules tab, you find the three default options under the IP Filter List. What are these three
default
options?
A. All TCP Traffic
B. All UDP Traffic
C. All IP Traffic
D. All ICMP Traffic
E. <Dynamic>
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 40
Answer: C,D,E
QUESTION NO: 100
You have recently taken over the security of a mid-sized network. You are reviewing the
current
configuration of the IPTables firewall, and notice the following rule:
ipchains -A output -p TCP -d ! 172.168.35.40 www
What is the function of this rule?
A. This rule for the output chain states that all www traffic on 172.168.35.40 from any IP
address is
allowed.
B. This rule for the input chain states that all TCP packets are able to get to the www
service on
any IP address except for 172.168.35.40.
C. This rule for the input chain states that all TCP packets are allowed to the
172.168.35.40 IP
address to any port other than 80.
D. This rule for the output chain states that all TCP packets are able to get to the www
service on
any IP address except for 172.168.35.40.
E. This rule for the output chain states that all TCP packets are allowed to the
172.168.35.40 IP
address to any port other than 80.
Answer: D
QUESTION NO: 101
You are introducing a co-worker to the security systems in place in your organization.
During the
discussion you begin talking about the network, and how it is implemented. You decide
to run a
packet capture to identify different aspects of network traffic for your co-worker. In the
packet
capture you are able to identify Protocol IDs. What is the IP protocol ID for TCP?
A. Protocol ID 1
B. Protocol ID 44
C. Protocol ID 6
D. Protocol ID 17
E. Protocol ID 4
Answer: C
QUESTION NO: 102
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 41
You have been given the task of implementing the wireless solution for your
organization's
campus. Which two antenna types are best suited for bridge applications connecting
two
buildings?
A. Yagi
B. Parabolic
C. Omni-directional
D. Di-polar
E. Mono-polar
Answer: A,B
QUESTION NO: 103
Network Monitor was run on the Windows Server 2003 during a network session. The
exhibit
shows the actual contents of the Network Monitor capture file.
The Hexadecimal value for the IP protocol and source ports have been circled in the
exhibit. The
contents of what combination of IP Protocol and Application Layer Protocol have been
captured
here?
A. TCP _TFTP (Control)
B. UDP _FTP (Control)
C. UDP _TFTP (Control)
D. TCP _FTP (Data)
E. UDP _FTP (Data)
Answer: D
QUESTION NO: 104
You were recently hired as the security administrator of a small business. You are
reviewing the
current state of security in the network and find that the current logging system must be
immediately modified. As the system is currently configured, auditing has no practical
value.
Which of the following are the reasons that the current auditing has little value?
A. The logs go unchecked.
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 42
B. The logs are automatically deleted after three months.
C. The logs are deleted using FIFO and capped at 500Kb.
D. The only auditing is successful file access events.
E. The logs are deleted using FIFO and capped at 5000Kb.
Answer: A,D
QUESTION NO: 105
ISA Server 2006 features extensive rule matching abilities. Which of the following lists
has the
proper order for how ISA Server 2006 checks rule elements that make up an Access
rule?
A. Protocol, Source Address and Port, Schedule, Destination Address, User Set, and
Content
Groups
B. Source Address and Port, Protocol, Schedule, Destination Address, User Set, and
Content
Groups
C. Source Address and Port, Destination Address, Schedule, Protocol, User Set, and
Content
Groups
D. Source Address and Port, Destination Address, Protocol, Schedule, User Set, and
Content
Groups
E. Protocol, Source Address and Port, Destination Address, User Set, Content Groups,
and
Schedule
Answer: A
QUESTION NO: 106
You are installing a new firewall and your CEO asks what the benefits will be to the
organization.
Which of the following are benefits to implementing a firewall?
A. Increased bandwidth
B. End node virus control
C. Central network traffic auditing
D. Increased ability to enforce policies
E. Efficient IP Address allocation
Answer: C,D
QUESTION NO: 107
You are reviewing the IDS logs and during your analysis you notice a user account that
had
attempted to log on to your network ten times one night between 3 and 4 AM. This is
quite
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 43
different from the normal pattern of this user account, as this user is only in the office
from 8AM to
6PM. Had your IDS detected this anomaly, which of the following types of detection best
describes
this event?
A. External Intrusion
B. Internal Intrusion
C. Misuse Detection
D. Behavioral Use Detection
E. Hybrid Intrusion Attempt
Answer: D
QUESTION NO: 108
You have recently taken over the security of a mid-sized network. You are reviewing the
current
configuration of the IPTables firewall, and notice the following rule:
ipchains -A output -p TCP -d ! 172.168.35.40 www
What is the function of this rule?
A. This rule for the output chain states that all www traffic on 172.168.35.40 from any IP
address is
allowed.
B. This rule for the input chain states that all TCP packets are able to get to the www
service on
any IP address except for 172.168.35.40.
C. This rule for the input chain states that all TCP packets are allowed to the
172.168.35.40 IP
address to any port other than 80.
D. This rule for the output chain states that all TCP packets are able to get to the www
service on
any IP address except for 172.168.35.40. E. This rule for the output chain states that all
TCP
packets are allowed to the 172.168.35.40 IP address to any port other than 80.
Answer: D
QUESTION NO: 109
You have been working with Snort, on your Windows Server 2003, for some time as a
packet
capture tool, and now wish to connect Snort to a database on your server. You install
MySQL as
the database, and are ready to configure Snort. If the database is named: snortdbl, has
a user
name of: snort, and a password of: snortpass, what is the configuration line you need to
add to
Snort?
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 44
A. output database: log,mysql, username:snort, password:snortpass, dbname:snortdbl,
host:localhost
B. output database: log:mysql: user=snort: password=snortpass: dbname=snortdbl:
host=localhost
C. output database: log;mysql; username:snort; password:snortpass; dbname:snortdbl;
host:localhost
D. output database logmysql user=snort password=snortpass dbname=snortdbl
host=localhost
The main reason you have been hired at a company is to bring the network security of
the
organization up to current standards. A high priority is to have a full security audit of the
network
as soon as possible. You have chosen an Independent Audit and are describing it to
your
coworkers. Which of the following best describes an Independent Audit?
A. An independent audit is usually conducted by external or outside resources and may
be a
review or audit of detailed audit logs.
B. The independent audit is usually done by the current network administrators who
ensure the
security measures are up to international standards.
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 47
C. The independent audit is typically done by an internal team who ensures the security
measures
are up to international standards.
D. The independent audit is usually done by internal resources to examine the current
daily and
on-going activities within a network system for compliance with an established security
policy.
E. The independent audit is typically done by a contracted outside team of security
experts who
check for policy compliance.
Answer: A
QUESTION NO: 117
At a policy meeting you have been given the task of creating the firewall policy. What
are the two
basic positions you can take when creating the policy?
A. To deny all traffic and permit only that which is required.
B. To permit only IP traffic and filter TCP traffic
C. To permit only TCP traffic and filter IP traffic
D. To permit all traffic and deny that which is required.
E. To include your internal IP address as blocked from incoming to prevent spoofing.
Answer: A,D
QUESTION NO: 118
You have decided to implement SSH for communicating to your router. What does 5SH
use to
establish a secure channel of communication?
A. RSA Public Key Cryptography
B. DES Public Key Cryptography
C. MD5 Private Key Cryptography
D. MD5 Public Key Cryptography
E. RSA Private Key Cryptography
Answer: A
B. Broadcast
C. Infrastructure
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 50
D. Hierarchical
E. Ad Hoc
Answer: E
QUESTION NO: 125
You are configuring a new custom IPSec policy on your Windows Server 2003 machine.
On the
rules tab, you find the three default options under the IP Filter List. What are these three
default
options?
A. All TCP Traffic
B. All UDP Traffic
C. All IP Traffic
D. All ICMP Traffic
E. <Dynamic>
Answer: C,D,E
QUESTION NO: 126
You are configuring your new Intrusion Detection System, and studying the true-false
matrix. You
read about the different types of alarms and events. Which of the following defines an
event where
an alarm is indicating an intrusion when there is no actual intrusion?
A. True-negative
B. False-positive
C. True-positive
D. False-negative
E. Absolute-positive
Answer: B
QUESTION NO: 127
Your office branch has been assigned the network address of 10.10.0.0/16 by the
Corporate HQ.
Presently your network addressing scheme has these addresses split into eight
networks as
shown below:
1: 10.10.0.0/19
2: 10.10.32.0/19
3: 10.10.64.0/19
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 51
4: 10.10.96.0/19
5: 10.10.128.0/19
6: 10.10.160.0/19
7: 10.10.192.0/19
8: 10.10.224.0/19
You need to take the currently unused block of network 10.10.160.0/19 and further
divide it into
eight networks for use by a satellite branch that is being designed on the fourth floor of
your
building. What will the new subnet mask be for these new networks?
A. 255.255.252.0
B. 255.255.0.0
C. 255.248.0.0
D. 255.255.240.0
E. 255.255.255.0
Answer: A
QUESTION NO: 128
You are the firewall administrator at your company and the network administrators have
decided to
implement a PPTP VPN solution, which of these ports would you need to allow through
the firewall
to allow these VPN sessions into your network?
A. 1723
B. 2397
C. 5273
D. 4378
E. 7135
Answer: A
QUESTION NO: 129
When you took over the security responsibilities at your office, you noticed there were
no warning
banners on any of the equipment. You have decided to create a warning login banner
on your
Cisco router. Which of the following shows the correct syntax for the banner creation?
A. banner login C Restricted access. Only authorized users allowed to access this
device. C
B. login banner C Restricted access. Only authorized users allowed to access this
device. C
C. banner loginRestricted access. Only authorized users allowed to access this device.
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 52
D. login bannerRestricted access. Only authorized users allowed to access this device.
E. banner logging C Restricted access. Only authorized users allowed to access this
device. C
Answer: A
QUESTION NO: 130
You are introducing a co-worker to the security systems in place in your organization.
During the
discussion you begin talking about the network, and how it is implemented. You decide
to run a
packet capture to identify different aspects of network traffic for your co-worker. In the
packet
capture you are able to identify Protocol IDs. What is the IP protocol ID for TCP?
A. Protocol ID 1
B. Protocol ID 44
C. Protocol ID 6
D. Protocol ID 17
E. Protocol ID 4
Answer: C
QUESTION NO: 131
You are a host in a network segment that has IP addresses in the range of
10.0.16.1~10.0.31.254.
You need to create an access control list that will filter your segment of addresses.
Which of the
following is the wildcard mask that will be used to filter your network segment?
A. 0.0.15.255
B. 0.0.16.254
C. 255.240.0.0
D. 0.0.240.0
E. 10.0.16.1/20
Answer: A
QUESTION NO: 132
During an analysis of your IPSec implementation, you capture traffic with Network
Monitor. You
are verifying that IP is properly identifying AH. When you look into IP, what protocol ID
would IP
identify with AH?
A. Protocol ID 0x800 (800)
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 53
B. Protocol ID 0x6 (6)
C. Protocol ID 0x15 (21)
D. Protocol ID 0x33 (51)
E. Protocol ID 0x1 (1)
Answer: D
QUESTION NO: 133
Your company has recently become security conscious and wishes to protect it's
electronic
assets. What is the first thing you should have in place before configuring rules for your
company's
firewall?
A. A Security Policy
B. AN IDS
C. A DNS server
D. An Email server
E. A WINS server
Answer: A
QUESTION NO: 134
You are configuring your new IDS machine, where you have recently installed Snort.
While you
are working with this machine, you wish to create some basic rules to test the ability to
log traffic
as you desire. Which of the following Snort rules will log any tcp traffic from any IP
address to any
port between 1 and 1024 on any host in the 10.0.10.0/24 network?
A. logtcp 0.0.0.0/24 -> 10.0.10.0/24 1<>1024
B. logtcp any any -> 10.0.10.0/24 1<>1024
C. log tcp any any -> 10.0.10.0/24 1:1024
D. log tcp 0.0.0.0/24 -> 10.0.10.0/24 1:1024
E. logudp any any -> 10.0.10.0/24 1:1024
Answer: C
QUESTION NO: 135
You are configuring your new IDS machine, and are creating new rules. You enter the
following
rule:
Alert tcp any any -> 10.0.10.0/24 any (msg: "NULL scan detected"; flags: 0;)
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 54
What is the effect of this rule?
A. This is a logging rule, designed to capture NULL scans originating from the
10.0.10.0/24
network.
B. This is a logging rule, designed to capture NULL scans.
C. This is an alert rule, designed to notify you of NULL scans of the network in either
direction.
D. This is an alert rule, designed to notify you of NULL scans of the network in one
direction.
E. This is a logging rule, designed to notify you of NULL scans.
Answer: D
QUESTION NO: 136
You are configuring your new IDS machine, and are creating new rules. You enter the
following
rule:
Alert tcp any any -> any 23 (msg: "Telnet Connection Attempt";)
What is the effect of this rule?
A. This is a logging rule, designed to capture any telnet attempts
B. This is an alert rule, designed to notify you of the use of telnet in either direction
C. This is an alert rule, designed to notify you of the use of telnet in one direction
D. This is a logging rule, designed to notify you of telnet connection attempts
E. This is an alert rule, designed to notify you of attempts to connect from any IP
address on port
23 to any IP address and any port on a remote host.
Answer: C
QUESTION NO: 137
Your organization has extensive resources that you must make available to authorized
users,
through your ISA Server 2006. From the following answers, select the one that is not a
feature of
ISA Server Content Publishing:
A. Secure Sockets Layer (SSL) Bridging
B. Web Caching and Delivery
C. Web Publishing Load Balancing
D. Enhanced Multi-factor Authentication
E. Robust Logging and Reporting
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 55
Answer: B
QUESTION NO: 138
You are configuring the IP addressing for your network. One of the subnets has been
defined with
addresses already. You run ifconfig on a host and determine that it has an address of
10.12.32.18/14. What is the broadcast address for this network?
A. 0.0.0.0
B. 10.255.255.255
C. 10.12.0.0
D. 10.12.255.255
E. 10.15.255.255
Answer: E
QUESTION NO: 139
In order to add to your layered defense, you wish to implement some security
configurations on
your router. If you wish to have the router work on blocking TCP SYN attacks, what do
you add to
the end of an ACL statement?
A. The IP addresses for allowed networks
B. The port range of allowed applications
C. The word Established
D. The word Log
E. The string: no serviceudp-small-servers
Answer: C
QUESTION NO: 140
Network Monitor was run on the Windows Server 2003 during a network session. The
exhibit
shows the actual contents of the Network Monitor capture file.
The Hexadecimal value for the IP protocol and source ports have been circled in the
exhibit. The
contents of what combination of IP Protocol and Application Layer Protocol have been
captured
here?
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 56
A. TCP _TFTP (Control)
B. UDP _FTP (Control)
C. UDP _TFTP (Control
D. TCP _FTP (Data)
E. UDP _FTP (Data)
Answer: D
QUESTION NO: 141
You are configuring your new IDS machine, where you have recently installed Snort.
While you
are working with this machine, you wish to create some basic rules to test the ability to
log traffic
as you desire. Which of the following Snort rules will log any telnet traffic from any IP
address to
port 23 of the 10.0.10.0/24 network?
A. logudp any any -> 10.0.10.0/24 23
B. log anyany -> 10.0.10.0/24 telnet
C. logudp telnet any -> 10.0.10.0/255.255.255.0
D. log tcp telnet any -> 10.0.10.0/255.255.255.0
E. log tcp any any -> 10.0.10.0/24 23
Answer: E
QUESTION NO: 142
You are configuring your new Cisco router. During your configuration you wish to
eliminate any
security risks you can, as based on your organizational security policy. The policy states
that the
Cisco Discovery Protocol is not to be used on any interface on any of the routers. What
is the
command to turn off CDP for the entire router?
A. nocdp broadcast
B. cdp disable
C. nocdp enable
D. nocdp run
E. nocdp neighbors
Answer: D
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 57
QUESTION NO: 143
Which of the following is a potential weakness of a commercial firewall product that is
installed on
a hardened machine?
A. That you will not be able to use it in conjunction with personal firewalls on user's
desktop
machines.
E. This is an alert rule, designed to notify you of SYN-FIN scans originating from the
10.0.10.0/24
network.
Answer: A
QUESTION NO: 146
You have recently taken over the security of a mid-sized network. You are reviewing the
current
configuration of the IPTables firewall, and notice the following rule:
ipchains -A output -p TCP -s 10.0.10.0/24 -d 0.0.0.0/0 80 -j ACCEPT
What is the function of this rule?
A. This rule for the output chain states that any TCP traffic from the 10.0.10.0 network
and
destined for any IP address on port 80 is to be accepted.
B. This rule for the input chain states that any TCP traffic from the 10.0.10.0 network
and destined
for any IP address on port 80 is to be accepted.
C. This rule for the output chain states that all traffic from any network and destined for
the
10.0.10.0 network on port 80 is to be accepted.
D. This rule states that all web traffic from any network is to jump to the accept rule.
E. This rule states that all incoming web traffic from any network is to be output to the
accept rule.
Answer: A
QUESTION NO: 147
You were recently hired as the security administrator of a small business. You are
reviewing the
current state of security in the network and find that the current logging system must be
immediately modified. As the system is currently configured, auditing has no practical
value.
Which of the following are the reasons that the current auditing has little value?
A. The logs go unchecked.
B. The logs are automatically deleted after three months.
C. The logs are deleted using FIFO and capped at 500Kb.
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 59
D. The only auditing is successful file access events.
E. The logs are deleted using FIFO and capped at 5000Kb.
Answer: A,D
QUESTION NO: 148
In the command ipchains -N chain , what will the -N accomplish in the chain?
A. Calls up the next sequential chain
B. Create a new chain named "chain"
C. Calls up the chain named "chain"
D. Negate the current chain
E. Commit the new changes in the present chain
Answer: B
C. IPSec Driver
D. IP Policy Agent
E. IP Security Policy and Security Association
Answer: E
QUESTION NO: 153
You have been given the task of building the new wireless networks for your office, and
you need
to verify that your equipment will not interfere with other wireless equipment
frequencies. What
wireless standard allows for up to 11 Mbps transmission rates and operates in the
2.4GHz range?
A. 802.11b
B. 802.11e
C. 802.11a
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 61
D. 802.11i
E. 802.11g
Answer: A
QUESTION NO: 154
The exhibit shows a router with three interfaces EO, E1 and SO. Interfaces EO and E1
are
connected to internal networks 192.168.10.0 and 192.168.20.0 respectively and
interface SO is
connected to the Internet.
The objective is to allow only network 192.168.20.0 to access e-commerce Web sites
on the
Internet, while allowing all internal hosts to access resources within the internal network.
From the
following, select all the access list statements that are required to make this possible.
A. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 80
B. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 53
C. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 443
D. access-list 113 permit tcp 192.168.20.0 0.0.0.255 any It 1023
E. int SO, ip access-group 113 in
F. int E1, ip access-group 113 in
G. int SO, ip access-group 113 out
Answer: A,B,C,G
QUESTION NO: 155
It is a given that two computers that communicate using TCP/IP as the protocol must
use valid
addresses and media to do so. What combination of the following is required to create a
TCP/IP
socket?
A. The MAC Address, the IP Address and the IP Protocol ID
SCP SC0-451: Practice Exam
Answer: B
QUESTION NO: 159
You have recently been contracted to implement a new firewall solution at a client site.
What are
the two basic forms firewall implementations?
A. Chaining
B. Stateful
C. DMZ
D. Stateless
E. KMZ
Answer: B,D
QUESTION NO: 160
You are configuring a L2TP solution between your office and your primary branch office.
The CEO
has requested a report on the benefits of using this technology. Which of the following
benefits
does L2TP (with IPSec) provide?
A. Bandwidth Management
B. Encryption
C. User Authentication
D. Packet Authentication
E. Key Management
Answer: B,D,E
QUESTION NO: 161
Network Monitor was run on the Windows Server 2003 during a network session. The
exhibit
shows the actual contents of the Network Monitor capture file.
The Hexadecimal value for the IP protocol and source ports have been circled in the
exhibit. The
contents of what combination of IP Protocol and Application Layer Protocol have been
captured
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 64
here?
A. TCP _TFTP (Control)
B. UDP _FTP (Control)
C. UDP _TFTP (Control)
D. TCP _FTP (Data)
E. UDP _FTP (Data)
Answer: D
QUESTION NO: 162
During a network analysis session, you capture several TCP/IP sessions. You focus
your analysis
on the IP Headers. In an IP Header, what is the function of the first four bits?
A. To define the type
B. To define the source port number
address
D. This frame represents a reply from the target machine with the appropriate resolution
E. This frame represents the first fragment of the three-way handshake.
Answer: C
QUESTION NO: 171
Which of the following is a potential weakness of a commercial firewall product that is
installed on
a hardened machine?
A. That you will not be able to use it in conjunction with personal firewalls on user's
desktop
machines.
B. You will have to give the vendor confidential network information.
C. You will be required to use the configuration that the vendor assigns you.
D. That the firewall's vendor may be compromised and your private information may
publicly
available.
E. That it may be vulnerable to attacks targeting the underlying Operating System.
Answer: E
QUESTION NO: 172
Which of the following is a potential weakness of a commercial firewall product that is
installed on
a hardened machine?
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 69
A. That you will not be able to use it in conjunction with personal firewalls on user's
desktop
machines.
B. You will have to give the vendor confidential network information.
C. You will be required to use the configuration that the vendor assigns you.
D. That the firewall's vendor may be compromised and your private information may
publicly
available.
E. That it may be vulnerable to attacks targeting the underlying Operating System.
Answer: E
QUESTION NO: 173
In order to perform promiscuous mode captures using the Wireshark capture tool on a
Windows
Server 2003 machine, what must first be installed?
A. IPv4 stack
B. IPv6 stack
C. WinPcap
D. Nothing, it will capture by default
E. At least two network adapters
Answer: C
QUESTION NO: 174
You have found a user in your organization who has managed to gain access to a
system that this
user was not granted the right to use. This user has just provided you with a working
example of
which of the following?
A. Intrusion
B. Misuse
C. Intrusion detection
D. Misuse detection
E. Anomaly detection
Answer: A
QUESTION NO: 175
You have recently been contracted to implement a new firewall solution at a client site.
What are
the two basic forms firewall implementations?
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 70
A. Chaining
B. Stateful
C. DMZ
D. Stateless
E. KMZ
Answer: B,D
QUESTION NO: 176
You are considering your options for a new firewall deployment. At which two layers of
the OSI
model does a simple (stateless) packet filtering firewall operate?
A. Data Link
B. Application
C. Session
D. Presentation
E. Network
Answer: A,E
QUESTION NO: 177
Your organization has extensive resources that you must make available to authorized
users,
through your ISA Server 2006. From the following answers, select the one that is not a
feature of
ISA Server Content Publishing:
A. Secure Sockets Layer (SSL) Bridging
B. Web Caching and Delivery
C. Web Publishing Load Balancing
D. Enhanced Multi-factor Authentication
E. Robust Logging and Reporting
Answer: B
QUESTION NO: 178
The exhibit shows a router with three interfaces EO, E1 and SO. Interfaces EO and E1
are
connected to internal networks 192.168.10.0 and 192.168.20.0 respectively and
interface SO is
connected to the Internet.
The objective is to allow only network 192.168.20.0 to access e-commerce Web sites
on the
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 71
Internet, while allowing all internal hosts to access resources within the internal network.
From the
following, select all the access list statements that are required to make this possible.
A. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 80
B. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 53
C. access-list 113permit tcp 192.168.20.0 0.0.0.255 any eq 443
D. access-list 113 permittcp 192.168.20.0 0.0.0.255 any It 1023
E. int SO, ip access-group 113 in
F. int E1, ip access-group 113 in
G. int SO, ip access-group 113 out
Answer: A,B,C,G
QUESTION NO: 179
In your office, you are building the new wireless network, and you will need to install
several
access points. What do wireless access points use to counter multipath interference?
A. Multiple encryption algorithms
B. Multiple Antennas
C. Multiple radio frequencies
D. Duplicate packet transfer
E. Secondary transmissions
Answer: B
QUESTION NO: 180
One of the firewall choices you are thinking of implementing, in your network, is a proxy
server. A
proxy server can accomplish which of the following statements?
A. Cache web pages for increased performance
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 72
B. Operate at the Application layer of the OSI model
C. Allow direct communication between an internal and external host
D. Permit or deny traffic based upon type of service
E. Filter executables that are attached to an e-mail
Answer: A,B,D,E
SCP SC0-451: Practice Exam
A Composite Solution With Just One Click - Certification Guaranteed 73