SCP SC0-502 exam questions
products by Testkingworld.net
Security Certified Program SC0-502 Test
Now because you have something Certkiller under control, you are always ready to go
home for the night. They have made good progress on the network from
made recently and things seem to go smoothly. On your way out, say you stop by the CEO office
and good night. She tells you to meet in the morning to be, so try
get in a few minutes early.
The next morning you get in the office 20 minutes earlier than normal, and the
CEO stops by your office, “Thanks for coming in a bit early. really no problem, I just wanted
discuss with you a current demand we have with the network. ”
“OK, go to right.” You know the network very well now, and are ready for whatever
“We hire 5 new sales people are throwing it, and they are all at home or on the road
work. I want to be sure that the network remains secure and that they do not access br > no matter where they are. “
” No problem “, to answer you. “I designed the’ll immediately done.”
“Thank you, if you have any questions for me, please let me know.”
relieved that there are not a big problem and do some background work
to integrate the new remote users. After a meeting with the CEO more you find out
that users will work from there home almost all the time, with very little
access from the road sites.
The remote users are all running Windows 2000 Professional and will be part of the
domain. The CEO has bought all remote users new Compaq laptops,
used just like in the office of the CEO and the CEO will be home every night
, complete with DVD CD-RW drives, built WNICs-in, 17 “LCD widescreen display
, large hard drives, a gig of RAM and a fast processing.” I wish I was on the street
get one of those, “you think.
You plan and decide that you implement a new VPN server as the web and FTP server
will assign to the remote user IP addresses.
is 10.10.60.100 10.10.60.105 ~, and configure the systems to run Windows 2000 Professional
on the basis of this information and knowledge about The Certkiller network
up to this point, select the best solution for secure remote user needs}
A. Use the configuration of the VPN server, start Windows 2000 Server
create five new accounts on this system, configure the grant of any of them the Allow Virtual Private Connections
right into Active Directory Users and Computers then to the range of IP addresses
deliver to customers such as:.. 10.10.60.100 10.10.60.105 by
next five configure IPSec tunnel endpoints on the server on each use L2TP protocol
Then configure the customers. each system, configure a shortcut on the desktop
used to connect the VPN connection. The link is configured to create an L2TP IPSec tunnels to the VPN
server. compound itself be configured to start with the key user
ISP exchange, a tunnel between the user and the ISP to create endpoint Certkiller VPN server.
B. To the project, you must first work on the laptops you have given.
On each laptop, configure the system on a single Internet connection of the user’s ISP.
SC0 make -502
Next, you configure a shortcut on the desktop for the VPN connection. you design using the L2TP connection
, with port filtering on outgoing UDP 500 and UDP 1701. If
a user double-clicking the desktop icon you have it configured to automatic tunnel
to the VPN server. The VPN server
make the system configure L2TP with port filter for incoming
UDP 500 and UDP 1701 to create. a static Pool is the IP address assigned to reserve
the five remote clients. Configure the automatic forwarding on the VPN server in the Routing and Remote Access MMC
, so once the client to the VPN server is connected
he or she will be automatically redirected to the inside network, with all available resources
in its network environment.
C. the VPN client, first by installing the VPN-High Encryption Service Pack
. This is installed, configure the clients of RSA with 1024-bit key used.
configure a shortcut on the desktop that will automatically use the public private key pair for the . Communication with the VPN server
, regardless of where the user is connected locally
The VPN server, install the VPN High Encryption Service Pack, and configure
1024 – bit RSA encryption. create five new user accounts, and they
all remote access rights using Active Directory Sites and Services. Configure the VPN service
the public key of the server on the to send remote users to configure the request
the tunnel. Once the request is made, the VPN server is the tunnel,
from the server side, to the client.
D. decide to start the build configuration to the VPN clients. you create a shortcut on the desktop
to the VPN server to connect. Their design is such that the user simply double-click on the link
, and the client VPN connection to the server,
with PPTP. you did not configure all filters on the VPN client systems.
on the VPN server, first configure Routing and Remote Access for
new accounts and allow them to have dial-in access then configure a static IP address pool for the five remote users
Next configure the remote access policy for remote access to grant and implement
you .. the following PPTP filtering:
¹ inbound protocol 47 (GRE) allows
¹ Inbound TCP source port 0, destination port 1723 allows
¹ Inbound TCP source port 520, destination port 520 allows
¹ outbound protocol 47 (GRE)
¹ outbound TCP source port allows 1723, destination port 0 allowed
¹ outbound TCP source port 520, destination port 520 allows
E. You choose the configuration of the VPN server first by installing the VPN High Encryption Pack and Service
HISECVPN.INF integrated security features artwork by the Security
and Analysis snap-in. Once the service pack and templates are installed, configure
five user accounts and a static. pool of IP addresses for each account
then configure the PPTP service to the VPN server without incoming or outgoing filter
-. the protection of the Service Pack, you grant each user the right
dial into the server remotely and then go to the laptop.
on any laptop, install the VPN High Encryption Service Pack to the security level of laptops
place on the same level as the VPN server. Then, you configure a link
on each desktop that direct transport VPN connection from client to server
For three years, you do occasionally Certkiller network and security consulting
worked Certkiller is a small company that Property
and provides. data brokers in some of the surrounding states. The company is open for business
Monday to Friday from 09.00 bis 06.00 Clock Clock,
all closed evenings and weekends. your employment is largely of consultation and planning has passed and you
were frequently disappointed by the lack of execution and track
of full-time employees.
On Tuesday, they received a call from Certkiller ‘s HR director: “Hi, I would like to inform you that
Red (full-time Senior Network Administrator) no longer
us, and we would like to know if you are interested in working with us are full-time. “
You currently have no other major customers, they answer:” Sure, if you need me
go? get “
” Today, “comes the quick and direct answer. too fast, you think.
” What is the urgency, why can not this wait until tomorrow? “
” Red was going on, and he was not happy about it. We are concerned that he may have done little to
for our network on the way out. “
” OK, let me finish a few things, and I will be there shortly. “
They knew this would be messy, if you came in, but you have a certain advantage in
that you already knew the network.
They had many changes in the past, none of which implemented by Red would be recommended during the bundling your
laptop and other tools, grab your notes, which have an overview of the network.
Certkiller network notes: Single internet access point, T1, connected to Certkiller
Cisco router. router E1 to a private Web or FTP server and E0 to the LAN switch
. LAN switch has four servers, four printers and 100 client computers. All
machines run on Windows 2000. Currently they have their primary web site
and e-mail from an ISP in Illinois.
If you are on Certkiller, the HR Director and CEO, both of you already know ,
greet you. The CEO informed that Red was let go due to difficult
personality conflicts, among other things, not the termination of cordially.
are you with the proper employment papers to sign, .. and get right on the job you are
to install the rest of the day and got it to work where, but the company is very concerned about the security of their network
is right, you think: “If these implemented
guys even had half of my recommendations this would certainly be easier. “Your device setup
in your new office space to get on big start, and.
For the time you are working here, your IP address 10.10.50.23 with a mask.
One of your first tasks is to configure the router to check the
router has a show running-config console, and get the following output.
MegaOne # show running-config Building configuration
… Current configuration: version 12.1
enable secret 5 $ BSK3 H394yewhJ45JAFEWU73747.
an IP name server />
IP routing interface Ethernet0
no shutdown ip address 255.255.255.0 22.214.171.124 addressed
no IP – mission
interface Ethernet1 no shutdown
IP 10.10.40.101 255.255.0.0
no IP directed broadcast
255.255.255.0 no ip directed-broadcast
clock rate 1.024 million
bandwidth 1024 encapsulation hdlc
ip route 0.0.0.0 0.0.0.0 126.96.36.199
line console 0 exec-timeout 0 0
transport input all line vty 0 4
remote login password
After analysis of the network, you recommend that the router have a new
configuration. Your goal is to configured the router to a part of your multi-layered defense,
and a system to ensure safety on the network.
you talk to the boss to get an idea of what the objectives of the router should be in the
“OK, I suggest, dass employees strictly, only the services they
via the Internet access must be restricted. “You begin.
” I can understand, but we always had an open policy. I like the staff
feel comfortable and not feel like we are watching over them all the time. Please
leave open the connection to them on what to have to know they can get. We can always revisit these
running in a basis. “
” OK, if you insist, but for the record that I am, that the policy on. “
” Remarked, “replied the manager, a little dull.
” Well, let’s see, the private Web and FTP servers must be limited by the
Internet, on the accounts on the server will be accessed. We will continue to use the Illinois
ISP to host our website and our e-mail host. What it’s something else that
be accessed from the Internet do? “
” No, I think that’s it. We have a pretty simple network, we do everything in the house. “
” Well, we have a plan in place and now have to get for a security policy.
Can we for today? “You ask.
” Let me see, I will later. “With that the CEO is leaving and work on getting
information you have on the basis Certkiller;. To know that router must be an integral part of the safety of the organization
, choose the best solution for the organization
A. Backup the current router config to a temporary directory on your laptop
Friday night to get into the new router configuration . to build up your knowledge of the network,
and the conversation with the CEO, build and implement the following router configuration
MegaOne # configure terminal
MegaOne (config ) # no cdp run
MegaOne (config) # no ip source-route
MegaOne (config) # no IP finger
MegaOne (config) # access-list 175 permit tcp any eq 80 0.0.0.0 188.8.131.52
MegaOne (config) # access-list 175 permit tcp any eq 20 0.0.0.0 184.108.40.206
MegaOne (config) # access-list 175 permit tcp any eq 21 0.0. 0.0 220.127.116.11
MegaOne (config) # access-list 175 permit tcp any 10.10.0.0 0.0.255.255 established
MegaOne (config) # access-list 175 deny ip any 0.0.0.0 255.255.255.255
MegaOne (config) # access-list deny ip 10.0.0.0 0.255.255.255-175 each
MegaOne (config) # access-list 175 deny ip 127.0.0.0 0.255.255.255 any
MegaOne (config ) # access-list 175 deny ip 172.16.0.0 0.0.255.255 any
MegaOne (config) # access-list 175 deny ip 192.168.0.0 0.0.255.255 any
MegaOne (config) # access-list 175 enable IP permit 10.10.0.0 0.0.255.255 any
MegaOne (config) # access-list 175 udp any 10.10.0.0 0.0 .255.255
MegaOne (config) # access-list 175 permit icmp any 10:10 .0.0 0.0.255.255
MegaOne (config) # interface serial 0
MegaOne (config-if) # ip access-group 175 in
MegaOne (config-if) # no ip directed broadcast
MegaOne (config-if) # no ip
MegaOne (config-if) # Z
Visit SC0-502 Link: SC0-502
Download PDF Link: SC0-502
original resource: http://www.testkingworld.net
Visit SC0-502 Link: SC0-502
SCP SC0-402 SCP SC0 Test Download
-411 Test Download SCP SC0-451 Test
SCP SC0-471 Test Download
SCP SC0-501 SCP SC0
Test Download Download Test-502