Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

SCP SC0-402 Exam - Cheat-Test.com

Free SC0-402 Sample Questions:

1. You are creating the User Account section of your organizational security policy. From the following options, select the questions to use for the formation of this section?
A. Are users allowed to make copies of any operating system files (including, but not limited to /etc/passwd or the SAM)?
B. Who in the organization has the right to approve the request for new user accounts?
C. Are users allowed to have multiple accounts on a computer?
D. Are users allowed to share their user account with coworkers?
E. Are users required to use password-protected screensavers?
F. Are users allowed to modify files they do not own, but have write abilities?
Answer: BCD

2. You are examining a packet from an unknown host that was trying to ping one of your protected servers and notice that the packets it sent had an IPLen of 20 byes and DgmLen set to 60 bytes. What type of operating system should you believe this packet came from?
A. Linux
B. SCO
C. Windows
D. Mac OSX
E. Netware
Answer: C

3. You have found a user in your organization who has managed to gain access to a system that this user was not granted the right to use. This user has just provided you with a working example of which of the following?
A. Intrusion
B. Misuse
C. Intrusion detection
D. Misuse detection
E. Anomaly detection
Answer: A

4. You are configuring your new IDS machine, where you have recently installed Snort. While you are working with this machine, you wish to create some basic rules to test the ability to log traffic as you desire. Which of the following Snort rules will log any tcp traffic from any host other than 172.16.40.50 using any port, to any host in the 10.0.10.0/24 network using any port?
A. log udp ! 172.16.40.50/32 any -> 10.0.10.0/24 any
B. log tcp ! 172.16.40.50/32 any -> 10.0.10.0/24 any
C. log udp ! 172.16.40.50/32 any <> 10.0.10.0/24 any
D. log tcp ! 172.16.40.50/32 any <> 10.0.10.0/24 any
E. log tcp ! 172.16.40.50/32 any <- 10.0.10.0/24 any
Answer: B

5. As you increase the layers of security in your organization, you must watch the network behavior closely. How can a firewall have a negative impact on the performance of your network?
A. It can authorize sensitive information from the wrong host
B. It can block needed traffic
C. It can decrypt secure communications that were supposed to get past the firewall encrypted
D. It can restrict bandwidth based on QoS
E. It can filter packets that contain virus signatures
Answer: B

6. You are reviewing your company’s IPChains Firewall and see the command (minus the quotes) “ ! 10.10.10.216” as part of a rule, what does this mean?
A. Traffic destined for host 10.10.10.216 is exempt from filtering
B. Traffic originating from host 10.10.10.216 is exempt from filtering
C. Any host except 10.10.10.216
D. Only host 10.10.10.216
E. Traffic destined for 10.10.10.216 gets sent to the input filter.
F. Traffic originating from 10.10.10.216 gets sent to the input filter
Answer: C

7. You have just installed a new firewall and explained the benefits to your CEO. Next you are asked what some of the limitations of the firewall are. Which of the following are issues where a firewall cannot help to secure the network?
A. Poor Security Policy
B. Increased ability to enforce policies
C. End node virus control
D. Increased ability to enforce policies
E. Social Engineering
Answer: ACE

8. You have been chosen to manage the new security system that is to be implemented next month in your network. You are determining the type of access control to use. What are the two types of Access Control that may be implemented in a network?
A. Regulatory Access Control
B. Mandatory Access Control
C. Discretionary Access Control
D. Centralized Access Control
E. Distributed Access Control
Answer: BC

9. To manage the risk analysis of your organization you must first identify the method of analysis to use. Which of the following organizations defines the current standards of risk analysis methodologies?
A. NIST
B. CERT
C. F-ICRC
D. NBS
E. NSA
Answer: A

10. You were recently hired as the security administrator of a small business. You are reviewing the current state of security in the network and find that the current logging system must be immediately modified. As the system is currently configured, auditing has no practical value. Which of the following are the reasons that the current auditing has little value?
A. The logs go unchecked.
B. The logs are automatically deleted after three months.
C. The logs are deleted using FIFO and capped at 500Kb.
D. The only auditing is successful file access events.
E. The logs are deleted using FIFO and capped at 5000Kb.
Answer: AD

11. Which of the following defines the security policy to be used for securing communications between the VPN Client and Server?
A. Encapsulating Delimiters
B. Security Authentications
C. Encapsulating Security Payload
D. Security Associations
E. Authentication Header
Answer: D

12. After a meeting between the IT department leaders and a security consultant, they decide to implement a new IDS in your network. You are later asked to explain to your team the type of IDS that is going to be implemented. Which of the following best describes the centralized design of a Host-Based IDS?
A. In a Centralized design, sensors (also called agents) are placed on each key host throughout the network analyzing the network traffic for intrusion indicators. Once an incident is identified the sensor notifies the command console.
B. In a Centralized design, the agents is on the single command console as the one that performs the analysis. There is a significant advantage to this method. The intrusion data can be monitored in real-time.
C. In a Centralized design, the IDS uses what are known as agents (also called sensors). These agents are in fact small programs running on the hosts that are programmed to detect network traffic intrusions. They communicate with the command console, or a central computer controlling the IDS.
D. In a Centralized design, sensors are installed in key positions throughout the network, and they all report to the command console. The sensors in this case, are full detection engines that have the ability to sniff network packets, analyze for known signatures, and notify the console with an alert if an intrusion is detected.
E. In a Centralized design, the data is gathered and sent from the host to a centralized location. There is no significant performance drop on the hosts because the agents simply gather information and send them elsewhere for analysis. However, due to the nature of the design, there is no possibility of real-time detection and response.
Answer: E

13. You are reviewing the IDS logs and during your analysis you notice a user account that had attempted to log on to your network ten times one night between 3 and 4 AM. This is quite different from the normal pattern of this user account, as this user is only in the office from 8AM to 6PM. Had your IDS detected this anomaly, which of the following types of detection best describes this event?
A. External Intrusion
B. Internal Intrusion
C. Misuse Detection
D. Behavioral Use Detection
E. Hybrid Intrusion Attempt
Answer: D

14. You have finished configuration of your ISA server and are in the section where you secure the actual server itself. Of the three options presented to you, which of the following answer best describes the Limited Services option?
A. A Firewall that is a domain controller or an infrastructure server
B. A Firewall that is a stand-alone firewall
C. A Firewall that is a database server or an application server
D. A Firewall that is a stand-alone web server
E. A Firewall that is a domain controller and a web server
Answer: A

15. You have been given the task of installing a new firewall system for your network. You are analyzing the different implementation options. Which of the following best describes a Screened Host?
A. This is when one device is configured to run as a packet filter, granting or denying access based on the content of the headers.
B. This is when a packet is received on one interface and sent out another interface.
C. This is when a device has been configured with more than one network interface, and is running proxy software to forward packets back and forth between the interfaces.
D. This is when the device reads only the session layer and higher headers to grant or deny access to the packet.
E. This is when the network is protected by multiple devices, one running as a proxy server and another as a packet filter. The packet filter only accepting connections from the proxy server.
Answer: E

16. You have configured your network to use Firewall-1 and you manage it from the Management GUI. What are the three applications that make up the Management GUI for Firewall-1?
A. GUI Controller
B. Log Viewer
C. Status Viewer
D. Policy Editor
E. Packet Editor
Answer: BCD

17. While preparing to implement a new security policy at your company, you have researched the many reasons people are both accepting and resisting of new policies. Which of the following is not a reason for an employee to resist a new security policy?
A. The employee simply does not like change, and takes a while to get used to new things.
B. The employee is a new hire, and interprets the policy as a requirement and part of the new hire paperwork.
C. The employee is convinced the policy will impact his or her ability to do their job, which could be viewed as in the way of their career.
D. The employee simply likes to be in the middle, and “rock the boat.”
E. The employee is convinced the organization is spying on their every move, and do not want their work place to fall under the big-brother pattern.
Answer: B

18. What technology is being employed to resist SYN floods by having each side of the connection attempt create its own sequence number (This sequence number contains a synopsis of the connection so that if/when the connection attempt is finalized the fist part of the attempt can be re-created from the sequence number)?
A. SYN cookie
B. SYN floodgate
C. SYN gate
D. SYN damn
E. SYN flood break
Answer: A

19. To verify that your IPSec implementation is working as you intended, you sniff the network after the implementation has been completed. You are looking for specific values in the captures that will indicate to you the type of packets received. You analyze the packets, including headers and payload. IPSec works at which layer of the OSI model?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
E. Layer 5
Answer: C

20. After a meeting between the IT department leaders and a security consultant, they decided to implement a new IDS in your network. You are later asked to explain to your team the type of IDS that is going to be implemented. Which of the following best describes the distributed design of Host-Based IDS?
A. In a Distributed design, the network intrusion data is gathered and sent from the host to a single location. There is no significant performance drop on the hosts because the agents simply gather information and send them elsewhere for analysis. However, due to the nature of the design, there is no possibility of real-time detection and response.
B. In a Distributed design, the IDS uses what are known as agents (also called sensors) to capture the network intrusion data. These agents are in fact small programs running on the hosts that are programmed to detect intrusions upon the host. They communicate with the command console, or a central computer controlling the IDS.
C. In a Distributed design, the agents on the hosts are the ones that perform the analysis. There is a significant advantage to this method. The intrusion data can be monitored in real-time. The flip side to this is that the hosts themselves may experience a bit of a performance drop as their computer is engaged in this work constantly.
D. In a Distributed design, sensors (also called agents) are placed on each key host throughout the network analyzing the network traffic for intrusion indicators. Once an incident is identified the sensor notifies the command console.
E. In a Distributed design, sensors are installed in key positions throughout the network, and they all report to the command console. The sensors in this case, are full detection engines that have the ability to sniff network packets, analyze for known signatures, and notify the console with an alert if an intrusion is detected.
Answer: C

21. You are configuring your new IDS machine, and are creating new rules. You enter the following rule:
Alert tcp any any -> 10.0.10.0/24 any (msg: “SYN-FIN scan detected”; flags: SF;)
What is the effect of this rule?
A. This is an alert rule, designed to notify you of SYN-FIN scans of the network in one direction.
B. This is an alert rule, designed to notify you of SYN-FIN scans of the network in either direction.
C. This is a logging rule, designed to capture SYN-FIN scans.
D. This is a logging rule, designed to notify you of SYN-FIN scans.
E. This is an alert rule, designed to notify you of SYN-FIN scans originating from the 10.0.10.0/24 network.
Answer: A

22. In your network there is an ISA server running as the firewall. It is a simple design, a single machine with two network cards. You are configuring the Access Policies on this machine. What is the function of the Site and Content Rules section of the Access Policy?
A. Site and Content Rules determine which protocols can be used to communicate with the Internet.
B. Site and Content Rules determine if specified users will be able to access specified content on specified destination computers.
C. Site and Content Rules either allow or disallow specific packets destined for specific nodes on the network
D. Site and Content Rules either allow or disallow a specific port to the entire network.
E. Site and Content Rules determine if specific ports are to be accessed by specific subnets in the network.
Answer: B

23. Select the answers that correctly match the Firewall-1 component with their functions:
A. Firewalled Gateway: The machine running the VPN-1/FW-1 module.
B. Management Server: The machine on which the Security Policy is maintained.
C. GUI Client: The machine hosts a GUI that can configure the Management Server.
D. GUI Client: The machine running the VPN-1/FW-1 via a GUI.
E. Firewalled Gateway: The machine on which the Security Policy is maintained.
Answer: ABC

24. The organization you work for has recently decided to have a greater focus on security issues. You run the network, and are called in the meeting to discuss these changes. After the initial meeting you are asked to research and summarize the major issues of network security that you believe the organization should address. What are Network Security’s five major issues?
A. Authorization and Availability
B. Administration
C. Integrity
D. Confidentiality
E. Encapsulation
F. Encryption
G. Non-Repudiation
H Authentication
Answer: ACDGH

25. You have been hired at a large company to manage network security issues. Prior to your arrival, there was no one dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the main functions and features of network security. One of your assistants asks what the function of Integrity in network security is. Which of the following best describes Integrity?
A. The security must limit user privileges to minimize the risk of unauthorized access to sensitive information and areas of the network that only authorized users should only be allowed to access.
B. Integrity verifies users to be who they say they are. In data communications, the integrity of the sender is necessary to verify that the data came from the right source. The receiver is authenticated as well to verify that the data is going to the right destination.
C. Data communications as well as emails need to be protected for privacy and Integrity. Network security must provide a secure channel for the transmission of data and email that does not allow eavesdropping by unauthorized users. Integrity ensures the privacy of data on the network system.
D. Integrity is a security principle that ensures the continuous accuracy of data and information stored within network systems. Data must be kept from unauthorized modification, forgery, or any other form of corruption either from malicious threats or corruption that is accidental in nature. Upon receiving the email or data communication, integrity must be verified to ensure that the message has not been altered, modified, or added to or subtracted from in transit by unauthorized users.
E. Security must be established to prevent parties in a data transaction from denying their participation after the business transaction has occurred. This establishes integrity for the transaction itself for all parties involved in the transaction.
Answer: D

26. You have been chosen to manage the new security system that is to be implemented next month in your network. You are determining the type of access control to use. What are the two types of Access Control that may be implemented in a network?
A. Regulatory Access Control
B. Mandatory Access Control
C. Discretionary Access Control
D. Centralized Access Control
E. Distributed Access Control
Answer: BC

27. To increase the security of the network, you have decided to implement a solution using authentication tokens. You are explaining this to a coworker who is not familiar with tokens. What are Authentication Tokens?
A. An authentication token is a software program that is installed on each user computer. Upon execution of the program, each user will be authenticated into the network.
B. An authentication token is a hardware device that is to be installed, either via a parallel or serial port. Once the user has installed the token, he or she will be able to access the resources on the network that they have been granted access.
C. An authentication token is a portable device, such as a handheld computer, that stores an authenticating sequence, that the user will enter after logging into the system to gain access to network resources.
D. An authentication token is a software program that is installed on the main server of the network. As the user is logging in, the server will instruct the user for username and password.
E. An authentication token is a portable device used for authenticating a user, thereby allowing authorized access into a network system.
Answer: E

28. You have decided to implement a token system in your network for authentication purposes. The following lists the steps of The Challenge Response Process, authenticating with a server:
a. The user begins the logon sequence.
b. The user types in the User ID from the requesting PC.
c. Activate the token by changing the PIN to one known only to the user. User enters the chosen PIN on the token.
d. The NAS passes the PIN and User ID to the authentication server as part of the logon request.
e. The authentication server generates a random challenge and sends it back to the user via the connection through the NAS.
f. The user types the challenge into the token, which then encrypts it using its internal DES key.
g. It is then sent to the user where it appears on his requesting PC screen.
h. The token displays the encrypted response.
i. The user types the encrypted response into the requesting PC keyboard.
j. The authentication server sends a message to the NAS to allow the user access.
k. The authentication server receives the response and using the same DES key that the token used, processes it, and verifies the user and the token.
Please put these steps in the order required for the process to function properly?
A. a, c, b, d, e, g, f, h, i, k, j
B. c, a, b, d, e, g, f, h, i, k, j
C. a, b, c, d, e, f, g, h, i, j, k
D. c, a, b, d, e, f, g, h, i, j, k
E. a, b, c, d, e, g, f, h, i, k, j
Answer: B


© 2014 Cheat-Test.com, All Rights Reserved