Security Certified Program SC0-502 Test
SC0-502
QUESTION 1Now that you just possess Certkiller fairly less than control, you will be getting ready that will gohome to the night. You possess created beneficial advance about the network recently, andthings manage to become planning smoothly. On to your website out, everyone stop with the CEO's officeand express good night. You will be told which you will always be reaching while in the morning, so have a shot at toget in a very little while early.The next morning, you get towards the workplace 20 minutes previously in comparison with normal, and theCEO prevents by your office, "Thanks pertaining to being released a bit early. No problem really, Ijust needed to talk about on hand a present have to have we certainly have while using network.""OK, choose perfect ahead." You find out the network rather nicely by simply now, and so are ready forwhatever is usually tossed your current way."We are hiring a few brand new salespeople, plus they could all possibly be doing work at home or on theroad. I wish to be confident the fact that circle is still around safe, thinking that they might acquire access nomatter when that they are.""Not a problem," an individual reply. "I'll get the approach to get that carried out right away.""Thanks a lot, when you have almost any questions with regard to me, merely allow me to know."You tend to be relieved that there seems to be not really a major challenge and complete some foundation workfor establishing the newest remote computer repair users. After conversing with all the CEO more, you discover outthat this users is going to be functioning from there dwelling as a rule the actual time, together with incredibly littleaccess out of on the road locations.The remote pc help users tend to be all implementing Windows 2000 Professional, all of which be part of thedomain. The CEO includes bought the many remote pc help users company fresh Compaq laptops,just including the one included in the CEO's office, along with w hich the CEO requires home eachnight; full having DVDCD-burner drives,built-in WNICs, 17"LCD widescreendisplays, extra-large hard drives, some sort of gig of memory, and fast processing. 'I would like I wason the path for getting a single of those,' you think.You commence preparing in addition to consider you will put into practice a brand new VPN Server next tothe Web as well as FTP Server. You 're going for you to assign your online computer repair users IP Addresses:10.10.60.100~10.10.60.105, and can configure that models in order to run Windows 2000Professional.Based on this information, along with your understanding of the Certkiller network about thispoint, choose the top answer to the safe and sound remote computer repair person needs:}
A. You start with setting up the VPN server, and that is operating Windows 2000 Server.You create five different company accounts on which system, approving every one of them this Allow VirtualPrivate Connections proper inside Active Directory Users and Computers. You subsequently configurethe range involving IP Addresses to supply to the clientele as: 10.10.60.100 by means of 10.10.60.105.Next, an individual configure several IPSec Tunnel endpoints about the server, every single to use L2TP as theprotocol.Then, a person configure the clients. On each system, you configure a new shortcut within the desktopto use for connecting towards VPN. The shortcut is definitely designed to set-up an L2TP IPSec tunnelto the actual VPN server. The link themselves is definitely configured to be able to trade keys using the user'sISP to set-up a tunnel involving the user's ISP endpoint and also the Certkiller VPN Server.B. To start out the actual project, anyone first work within the lap tops you might have been given. On eachlaptop, anyone configure that system in making a particular Internet association for the user's ISP. SC0-502
Next, you configure some sort of shortcut on the computing for any VPN connection. You style and design theconnection to utilize L2TP, along with port blocking about outbound UDP five-hundred plus UDP 1701. Whena user double-clicks this computing tattoo you might have it configured to make an automatic tunnelto your VPN server.On your VPN server, everyone configure that program to use L2TP using port filtering with inboundUDP 500 in addition to UDP 1701. You create a static pool connected with assigned IP Address reservations forthe several remote pc help clients. You configure semi-automatic or fully automatic redirection around the VPN server throughout therouting plus remote computer support gain access to MMC, so as soon as the particular clientele has connected to the actual VPN server, heor she'll on auto-pilot always be redirected for you to this on the inside network, using all means availablein his or perhaps the woman's Network Neighborhood.C. You configure the p articular VPN clientele first, by installing that VPN High Encryption ServicePack. With this kind of installed, everyone configure the clientele to apply RSA, along with 1024-bit keys. Youconfigure a shortcut within the computing this instantly purposes that privatepublic key pair tocommunicate with all the VPN Server, no matter what exactly where a computer owner is regionally connected.On the particular VPN Server, in addition , you set up this VPN High Encryption Service Pack, andconfigure 1024-bit RSA encryption. You generate personal training new individual accounts, along with scholarhip themall rural obtain rights, applying Active Directory Sites plus Services. You configure theVPN company that will post the particular server's court major on the online computer repair people when your demand toconfigure that tunnel. Once the request is usually made, the actual VPN device will make the tunnel,from the actual host side, to the client.D. You choose to begin that configu ration to the VPN clients. You build a shortcut upon thedesktop for connecting towards the VPN Server. Your design is definitely this kind of in which an individual will simplydouble-click the actual shortcut and also the clientele will always make the VPN relationship on the server,using PPTP. You tend not to configure just about any filters upon that VPN client systems.On this VPN Server, a person primary configure routing and remote entry for the brand new accountsand allow these to own Dial-In access. You after that configure some sort of static IP Address beach forthe all 5 online computer repair users. Next, a person configure the online computer repair entry scheme to scholarhip remoteaccess, and you also implement these PPTP filtering:Inbound Protocol 47 (GRE) allowedInbound TCP source convey 0, destination interface 1723 allowedInbound TCP form interface 520, desired destination port 520 allowedOutbound Protocol 47 (GRE) allowedOutbound TCP source opening 1723, dest ination port 0 allowedOutbound TCP resource interface 520, location opening 520 allowedE. You elect to configure the particular VPN equipment first, by installing this VPN High EncryptionService Pack and the HISECVPN.INF built-in security web theme in the SecurityConfiguration as well as Analysis Snap-In. Once your Service wrap along with structure will be installed,you configure all 5 consumer accounts and a static billiards regarding IP Addresses pertaining to each account.You and then configure the particular PPTP support on the VPN server, without needing inbound oroutbound filters - from the protection in the Service Pack. You grant making each and every end user your rightto dial in the server remotely, and get over it to be able to your laptops.On each one laptop, anyone install this VPN High Encryption Service Pack, to help bring your securitylevel belonging to the notebooks around similar grade while the VPN server. You next configure a shortcuton each desktop compu ter that will controls this special move VPN connection from your consumer to theserver. SC0-502
Answer: D
QUESTION 2For several years an individual possess proved helpful using Certkiller doing temporary circle andsecurity consulting. Certkiller is usually a organization to produce real-estate listingsand records that will realtors in a number belonging to the encircling states. The provider is actually amenable forbusiness Monday as a result of Friday through 9 am to 6 pm, shut down most at night andweekends. Your do the job presently there has basically consisted of advice along with planning, in addition to youhave been frequently let down by the lack of execution plus follow through fromthe entire moment staff.On Tuesday, everyone received your name coming from Certkiller 's HR director, "Hello, I'd for instance toinform everyone which Red (the 100 % period older person circle administrator) will be don't withus, and also we'd want to understand in case you are engaged inside working with all of us entire time."You currently have very little other main clients, hence you r eply, "Sure, when do you really need meto acquire going?""Today," comes the fast along with primary response. Too fast, a person think."What is a urgency, exactly why can't this put it off until eventually tomorrow?""Red has been let go, along with he / she ended up being certainly not joyful with regards to it. We are concerned that will he / she may well havedone anything in order to our multilevel on how out.""OK, i want to receive sime good items ready, along with I'll often be over generally there shortly."You understood this would be untidy after you emerged in, however you did have some advantagein which you by now believed the particular network. You possessed advised several changes with thepast, none of them of which will end up being enforced by Red. While pulling with each other yourlaptop and other tools, a person take hold of your notes that have an overview from the network:Certkiller network notes: Single Internet access point, T1, connected to CertkillerCisc o router. Router provides E1 with a private internet plus ftp equipment in addition to E0 towards the LANswitch. LAN transition provides three servers, several printers, along with 100 customer machines. All themachines are jogging Windows 2000. Currently, they're just having their own principal website and email hosted by an ISP in Illinois.When you are free to Certkiller , the particular HR Director as well as CEO, both involving whom youalready know, meet you. The CEO updates a person of which Red seemed to be let go because of in order to difficultpersonality conflicts, between different reasons, along with the end of contract hasn't been cordial.You tend to be in order to signal the appropriate employment papers, and get appropriate for the job. You aregiven the remainder from the morning to have setup and running, however the firm is actually quiteconcerned within the protection of these network. Rightly so, people think, 'If these guyshad enforced actually 50 percent associated with my advice this specific might confident always be easier.' Youget your products set up inside your innovative oversized business office space, and obtain started. Forthe time you're working here, a person's IP Address is definitely 10.10.50.23 which has a hide associated with 16.One associated with your own primary responsibilities is to examine the particular router's configuration. You gaming console towards therouter, matter a new indicate running-config command, and get this particular output:MegaOne#show running-configBuilding configuration...Current configuration:!version 12.1 SC0-502
service udp-small-serversservice tcp-small-servers!hostname MegaOne!enable technique 5 various $1$7BSK3$H394yewhJ45JAFEWU73747.enable password clever!no ip name-serverno ip domain-lookupip routing!interface Ethernet0no shutdownip tackle 2.3.57.50 255.255.255.0no ip directed-broadcast!interface Ethernet1no shutdownip 10.10.40.101 255.255.0.0no ip directed-broadcast!interface Serial0no shutdownip 1.20.30.23 255.255.255.0no ip directed-broadcastclockrate 1024000bandwidth 1024encapsulation hdlc!ip option 0.0.0.0 0.0.0.0 1.20.30.45!line gaming system 0exec-timeout 0 0transport enter allline vty 0 4password remotelogin!endAfter analysis on the network, you recommend that this router possess a newconfiguration. Your target is always to generate your router develop into portion of your layered defense,and in the form of system set up to help you secure the actual network.You chat to the CEO to get a thought associated with what the ambitions in the router should often be in thenew configuration.All your own talks usually are to undergo the CEO;this is actually whomyou as well are generally to report to. SC0-502
"OK, I advise this the workforce be strictly constrained to only the services that will theymust entry for the Internet." You begin."I can realize that, but we've found generally had an open up policy. I much like the employeesto experience comfortable, instead of look including we have been viewing through all of these books the time. Pleaseleave the text open just for them to be able to whatever they have to get to. We canalways reevaluate that around a constant basis.""OK, in the event you insist, nevertheless for that record I feel instead of this policy.""Noted," does respond the particular CEO, fairly bluntly."All right, let's see, your individual web plus ftp server must become looked at by theInternet, restrained towards records on the particular server. We will keep apply that IllinoisISP that will coordinator our main website and to web host our email. What else, possibly there is anythingelse that needs to often be utilized on the Internet?""No, I feel that may be it. We have got a fairly straightforward network, we complete every thing in house.""All right, most of us have to aquire a thought set up as properly proper away for the safety measures policy.Can we collection one thing up for tomorrow?" a person ask."Let me see, I'll go back back later." With that this CEO leaves therefore you receive towork.Based for the tips you've got coming from Certkiller;knowing that router should bean integral portion of the security with the organization, choose the greatest method for theorganization's router problem:}
A. You back up the actual router config to a temporary position with your laptop. Friday night,you are available in to develop the revolutionary router configuration. Using your understanding of the particular network,and your chat considering the CEO, you develop in addition to put into action these routerconfiguration:MegaOne#configure terminalMegaOne(config)#no cdp runMegaOne(config)#no ip source-routeMegaOne(config)#no ip fingerMegaOne(config)#access-list 175 allow tcp virtually any 2.3.57.60 0.0.0.0 eq 80MegaOne(config)#access-list 175 allow for tcp just about any 2.3.57.60 0.0.0.0 eq 20MegaOne(config)#access-list 175 allow tcp virtually any 2.3.57.60 0.0.0.0 eq 21MegaOne(config)#access-list 175 allow for tcp any 10.10.0.0 0.0.255.255 establishedMegaOne(config)#access-list 175 deny ip 0.0.0.0 255.255.255.255 anyMegaOne(config)#access-list 175 not allow ip 10.0.0.0 0.255.255.255 anyMegaOne(config)#access-list 175 deny ip 127.0.0.0 0.255.255.255 anyMegaOne(config)#acces s-list 175 refuse ip 172.16.0.0 0.0.255.255 anyMegaOne(config)#access-list 175 refuse ip 192.168.0.0 0.0.255.255 anyMegaOne(config)#access-list 175 grant ip virtually any 10.10.0.0 0.0.255.255MegaOne(config)#access-list 175 grant udp virtually any 10.10.0.0 0.0.255.255MegaOne(config)#access-list 175 permit icmp every 10.10.0.0 0.0.255.255MegaOne(config)#interface serial 0MegaOne(config-if)#ip access-group 175 inMegaOne(config-if)#no ip moved broadcastMegaOne(config-if)#no ip unreachablesMegaOne(config-if)#Z
Original Resource :
Visit SC0-502 Link : SC0-502 Download PDF Link : SC0-502
access point vs router
Niciun comentariu:
Trimiteți un comentariu