SCP SC0-502的中の認証資格は一層重要になった

 

SC0-502的中について、あなたはどうやって思っているのですか。非常に人気があるSCPの認定試験の一つとして、この試験も大切です。しかし、試験の準備をよりよくできるために試験参考書を探しているときに、優秀な参考資料を見つけるのはたいへん難しいことがわかります。では、どうしたらいいでしょうか。大丈夫ですよ。JPshikenはあなたの望みを察して、受験生の皆さんの要望にこたえるために、一番良い試験SC0-502的中を提供してあげます。

SCPのSC0-502的中に受かるためにがんばって勉強していれば、JPshikenはあなたにヘルプを与えます。JPshiken が提供したSCPのSC0-502的中は実践の検査に合格したもので、最も良い品質であなたがSCPのSC0-502的中に合格することを保証します。

SC0-502試験番号:SC0-502問題集
試験科目:Security Certified Program (SCP)
最近更新時間:2016-10-07
問題と解答:全40問 SC0-502 認定試験
100%の返金保証。1年間の無料アップデート。

>> SC0-502 認定試験

 

NO.1 Certkiller is a company that makes state of the art aircraft for commercial and
government use. Recently Certkiller has been working on the next generation of low
orbit space vehicles, again for both commercial and governmental markets.
Certkiller has corporate headquarters in Testbed, Nevada, US
A. Testbed is a small
town, with a population of less than 50,000 people. Certkiller is the largest company
in town, where most families have at least one family member working there.
The corporate office in Testbed has 4,000 total employees, on a 40-acre campus
environment. The largest buildings are the manufacturing plants, which are right
next to the Research and Development labs. The manufacturing plants employee
approximately 1,000 people and the R&D labs employ 500 people. There is one
executive building, where approximately 500 people work. The rest of the employees
work in Marketing, Accounting, Press and Investor Relations, and so on. The entire
complex has a vast underground complex of tunnels that connect each building.
All critical functions are run from the Testbed office, with remote offices around the
world. The remote offices are involved in marketing and sales of Certkiller products.
These offices also perform maintenance on the Certkiller aircraft and will
occasionally perform R&D and on-site manufacturing.
There are 5 remote offices, located in: New York, California, Japan, India, and
England. Each of the remote offices has a dedicated T3 line to the Certkiller HQ,
and all network traffic is routed through the Testbed office - the remote offices do
not have direct Internet connections.
You had been working for two years in the New York office, and have been
interviewing for the lead security architect position in Testbed. The lead security
architect reports directly to the Chief Security Officer (CSO), who calls you to let
you know that you got the job. You are to report to Testbed in one month, just in
time for the annual meeting, and in the meantime you review the overview of the
Certkiller network.
Your first day in Certkiller Testbed, you get your office setup, move your things in
place, and about the time you turn on your laptop, there is a knock on your door. It
is Blue, the Chief Security Officer, who informs you that there is a meeting that you
need to attend in a half an hour.
With your laptop in hand, you come to the meeting, and are introduced to everyone.
Blue begins the meeting with a discussion on the current state of security in
Certkiller .
"For several years now, we have constantly been spending more and more money
on our network defense, and I feel confident that we are currently well defended."
Blue, puts a picture on the wall projecting the image of the network, and then
continues, "We have firewalls at each critical point, we have separate Internet
access for our public systems, and all traffic is routed through our controlled access
points. So, with all this, you might be wondering why I have concern."
At this point a few people seem to nod in agreement. For years, Certkiller has been
at the forefront of perimeter defense and security. Most in the meeting are not
aware that there is much else that could be done.
Blue continues, "Some of you know this, for the rest it is new news: MassiveCorp is
moving their offices to the town right next to us here. Now, as you all know,
MassiveCorp has been trying to build their orbital systems up to our standards for
years and have never been able to do so. So, from a security point of view, I am
concerned."
This is news to most people, Green, the Vice President of Research asks, "We have
the best in firewalls, we have the best in you and your systems, what are you
suggesting?"
Blue responds, "I suggest trust. Not with MassiveCorp, but in our own systems. We
must build trusted networks. We must migrate our network from one that is
well-defended to one that is well-defended and one that allows us to trust all the
network traffic."
The meeting continues for some time, with Blue leading the discussion on a whole
new set of technologies currently not used in the network. After some time, it is
agreed upon that Certkiller will migrate to a trusted networking environment.
The following week, Blue informs you that you will be working directly together on
the development of the planning and design of the trusted network. The network is
going to run a full PKI, with all clients and servers in the network using digital
certificates. You are grateful that in the past two years, Blue has had all the systems
changed to be running only Windows 2000, both server and professional systems,
running Active Directory. You think the consistent platform will make the PKI roll
out easier.
The entire Certkiller network is running Active Directory, with the domain
structure as in the following list:
Testbed. Certkiller .org
Newyork. Certkiller .org
California. Certkiller .org
Japan. Certkiller .org
India. Certkiller .org
England. Certkiller .org
Although you will be working in the Testbed office, the plan you develop will need
to include the entire Certkiller organization.
Based on this information, select the solution that describes the best plan for the
new trusted network of Certkiller :}
A. You design the plan for two weeks, and then you present it to Blue. Your plan follows
these critical steps:
1. Draft a Certification Practice Statement (CPS) to define what users will be allowed to
do with their certificates, and a Certificate Policy (CP) to define the technology used to
ensure the users are able to use their certificates as per the CPS.
2. Draft a CPF based on your own guidelines, including physical and technology
controls.
3. Design the system to be a full hierarchy, with the Root CA located in the executive
building. Every remote office will have a subordinate CA, and every other building on
the campus in Testbed will have a subordinate CA.
4. Design the hierarchy with each remote office and building having it's own enrollment
CA.

NO.2 Evaluate the rollout, test, and modify as needed to improve the overall security of the
Certkiller trusted network.
B. You design the plan for two weeks, and then you present it to Blue. Your plan follows
these critical steps:
1. Draft a Certification Practice Statement (CPS) to define what users will be allowed to
do with their certificates, and a Certificate Policy (CP) to define the technology used to
ensure the users are able to use their certificates as per the CPS.
2. Draft a CPF based on your own guidelines, including physical and technology
controls.
3. Design the system, outside of the executive office, to be a full hierarchy, with the Root
CA for the hierarchy located in the executive building. Every remote office will have a
subordinate CA, and every other building on the campus in Testbed will have a
subordinate CA.
4. In the executive building, you design the system to be a mesh CA structure, with one
CA per floor of the building.
5. Design the hierarchy with each remote office and building having it's own enrollment
CA.
6. Build a small test pilot program, to test the hierarchy, and integration with the existing
network.
7. Implement the CA hierarchy in the executive office, and get all users acclimated to the
system.
8. Implement the CA hierarchy in each other campus building in Testbed, and get all
users acclimated to the system.
9. One at a time, implement the CA hierarchy in each remote office; again getting all
users acclimated to the system.
10. Test the team in each location on proper use and understanding of the overall PKI and
their portion of the trusted network.

NO.3 Build a small test pilot program, to test the hierarchy, and integration with the existing
network.

NO.4 It has been quite some time since you were called in to address the network and
security needs of Certkiller . You feel good in what you have accomplished so far.
You have been able to get Certkiller to deal with their Security Policy issue, you have
secured the router, added a firewall, added intrusion detection, hardened the
Operating Systems, and more.
One thing you have not done however, is run active testing against the network from
the outside. This next level of testing is the final step, you decide, in wrapping up
this first stage of the new Certkiller network and security system. You setup a
meeting with the CEO to discuss.
"We have only one significant issue left to deal with here at Certkiller ," you begin.
"We need some really solid testing of our network and our security systems."
"Sounds fine to me, don't you do that all the time anyway? I mean, why meet about
this?"
"Well, in this case, I'd like to ask to bring in outside help. Folks who specialize in
this sort of thing. I can do some of it, but it is not my specialty, and the outside look
in will be better and more independent from an outside team."
"What does that kind of thing cost, how long will it take?"
"It will cost a bit of money, it won't be free, and with a network of our size, I think it
can be done pretty quick. Once this is done and wrapped up, I will be resigning as
the full time security and network pro here. I need to get back to my consulting
company full time. Remember, this was not to be a permanent deal. I can help you
with the interview, and this is the perfect time to wrap up that transition."
"All right, fair enough. Get me your initial project estimates, and then I can make a
more complete decision. And, I'll get HR on hiring a new person right away."
Later that afternoon you talk to the CEO and determine a budget for the testing.
Once you get back to your office, you are calling different firms and consultants,
and eventually you find a consulting group that you will work with.
A few days later you meet with the group in their office, and you describe what you
are looking for, and that their contact and person to report to is you. They ask what
is off limits, and your response is only that they cannot do anything illegal, to which
they agree and point out is written in their agreement as well.
With this outside consulting group and your knowledge of the network and
company, review and select the solution that will best provide for a complete test of
the security of Certkiller .}
A. The consulting group has identified the steps it will follow in testing the network. You
have asked to be kept up to date, and given an approximate schedule of events. You
intend to follow along with the test, with weekly reports.
The consultants surprise you with their initial strategy. They intend to spend nearly 100%
of their efforts over the first week on social engineering and other physical techniques,
using little to no technology. They have gained access to the building as a maintenance
crew, and will be coming into the office every night when employees are wrapping up for
the day.
All of their testing will be done through physical contact and informal questioning of the
employees. Once they finish that stage, they will run short and direct vulnerability
scanners on the systems that they feel will present weakness.
B. The consulting group has identified the steps it will follow in testing the network. You
have asked to be kept up to date, and given an approximate schedule of events. You
intend to follow along with the test, with weekly reports.
The consultants have decided on a direct strategy. They will work inside the Certkiller
office, with the group introducing themselves to the employees. They will directly
interview each employee, and perform extensive physical security checks of the network.
They will review and provide analysis on the security policy, and follow that with
electronic testing. They will run a single very robust vulnerability scanner on every
single client and server in the network, and document the findings of the scan.
C. The consulting group has identified the steps it will follow in testing the network. You
have asked to be kept up to date, and given an approximate schedule of events. You
intend to follow along with the test, with weekly reports.
The first thing the consultants will do is dumpster diving and physical surveillance,
looking for clues as to user information and other secret data that should not be outside of
the network. Once they have identified several targets through the dumpster diving, they
will run scans to match up and identify the workstations for those users.
After identifying the user workstations, they will run vulnerability checks on the systems,
to find holes, and if a hole is found they have been given permission to exploit the hole
and gain access of the system.
They will attempt to gain access to the firewall and router remotely, via password
guessing, and will test the response of the network to Denial of Service attacks. Finally,
they will call into Certkiller to see what information they can learn via social engineering.
D. The consulting group has identified the steps it will follow in testing the network. You
have asked to be kept up to date, and given an approximate schedule of events. You
intend to follow along with the test, with weekly reports.
The consultants will first run remote network surveillance to identify hosts, followed by
port scans and both passive and active fingerprinting. They will then run vulnerability
scanners on the identified systems, and attempt to exploit any found vulnerabilities. They
will next scan and test the router and firewall, followed by testing of the IDS rules.
They will then perform physical surveillance and dumpster diving to learn additional
information. This will be followed by password sniffing and cracking. Finally, they will
call into Certkiller to see what information they can learn via social engineering.
E. The consulting group has identified the steps it will follow in testing the network. You
have asked to be kept up to date, and given an approximate schedule of events. You
intend to follow along with the test, with weekly reports.
The consultants will start the process with remote network surveillance, checking to see
what systems and services are available remotely. They will run both passive and active
fingerprinting on any identified system. They will run customized vulnerability scanners
on the identified systems, and follow that through with exploits, including new zero-day
exploits they have written themselves.
They will next run scans on the router, firewall, and intrusion detection, looking to
identify operating systems and configurations of these devices. Once identified, they will
run customized scripts to gain access to these devices. Once they complete the testing on
the systems, they will dumpster dive to identify any leaked information.
Answer: D

SC0-502試験問題 SC0-502種類

JPshikenは最新のNSE4問題集と高品質のMB2-713問題と回答を提供します。JPshikenの400-351 VCEテストエンジンと400-201試験ガイドはあなたが一回で試験に合格するのを助けることができます。高品質の070-346 PDFトレーニング教材は、あなたがより迅速かつ簡単に試験に合格することを100%保証します。試験に合格して認証資格を取るのはそのような簡単なことです。

記事のリンク:http://www.jpshiken.com/SC0-502_shiken.html