SC0-402 Exam
Network Defense and Countermeasures (NDC)
- Exam Number/Code : SC0-402
- Exam Name : Network Defense and Countermeasures (NDC)
- Questions and Answers : 410 Q&As
- Update Time: 2010-06-28
- Price:
$ 160.00$ 58.00
Free SC0-402 Demo Download
TestInside offers free demo for SCP Certification SC0-402 exam (Network Defense and Countermeasures (NDC)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
Download SC0-402 Exam Pdf Demo
SCP SCP Certification SC0-402 exam braindumps questions and answers
¡¡
Exam : SCP SC0-402
Title : Network Defense and Countermeasures (NDC)
1. Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?
A. Trojan Horse Scan
B. Back Orifice Scan
C. NetBus Scan
D. Port Scan
E. Ping Sweep
Answer: B
2. What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts were part of a bigger intrusion, or would help discover infrequent attacks?
A. 5
B. 9
C. 12
D. 10
E. 4
Answer: C
3. After a meeting between the IT department leaders and a security consultant, they decide to implement a new IDS in your network. You are later asked to explain to your team the type of IDS that is going to be implemented. Which of the following best describes the centralized design of a Host-Based IDS?
A. In a Centralized design, sensors (also called agents) are placed on each key host throughout the network analyzing the network traffic for intrusion indicators. Once an incident is identified the sensor notifies the command console.
B. In a Centralized design, the agents is on the single command console as the one that performs the analysis. There is a significant advantage to this method. The intrusion data can be monitored in real-time.
C. In a Centralized design, the IDS uses what are known as agents (also called sensors). These agents are in fact small programs running on the hosts that are programmed to detect network traffic intrusions. They communicate with the command console, or a central computer controlling the IDS.
D. In a Centralized design, sensors are installed in key positions throughout the network, and they all report to the command console. The sensors in this case, are full detection engines that have the ability to sniff network packets, analyze for known signatures, and notify the console with an alert if an intrusion is detected.
E. In a Centralized design, the data is gathered and sent from the host to a centralized location. There is no significant performance drop on the hosts because the agents simply gather information and send them elsewhere for analysis. However, due to the nature of the design, there is no possibility of real-time detection and response.
Answer: E
4. Choose the best 3 responses
You have just installed a new firewall and explained the benefits to your CEO.
Next you are asked what some of the limitations of the firewall are. Which of the following are issues where a firewall cannot help to secure the network?
A. Poor Security Policy
B. Increased ability to enforce policies
C. End node virus control
D. Increased ability to enforce policies
E. Social Engineering
Answer: ACE
5. You are examining a packet from an unknown host that was trying to ping one of your protected servers and notice that the packets it sent had an IPLen of 20 byes and DgmLen set to 60 bytes.
What type of operating system should you believe this packet came from?
A. Linux
B. SCO
C. Windows
D. Mac OSX
E. Netware
Answer: C
6. Which of the following defines the security policy to be used for securing communications between the VPN Client and Server?
A. Encapsulating Delimiters
B. Security Authentications
C. Encapsulating Security Payload
D. Security Associations
E. Authentication Header
Answer: D
7. You have found a user in your organization who has managed to gain access to a system that this user was not granted the right to use. This user has just provided you with a working example of which of the following?
A. Intrusion
B. Misuse
C. Intrusion detection
D. Misuse detection
E. Anomaly detection
Answer: A
8. You are configuring your new IDS machine, where you have recently installed Snort. While you are working with this machine, you wish to create some basic rules to test the ability to log traffic as you desire. Which of the following Snort rules will log any tcp traffic from any host other than 172.16.40.50 using any port, to any host in the 10.0.10.0/24 network using any port?
A. log udp ! 172.16.40.50/32 any -> 10.0.10.0/24 any
B. log tcp ! 172.16.40.50/32 any -> 10.0.10.0/24 any
C. log udp ! 172.16.40.50/32 any <> 10.0.10.0/24 any
D. log tcp ! 172.16.40.50/32 any <> 10.0.10.0/24 any
E. log tcp ! 172.16.40.50/32 any <- 10.0.10.0/24 any
Answer: B
9. You are reviewing your companys IPChains Firewall and see the command (minus the quotes) ?! 10.10.10.216?as part of a rule, what does this mean?
A. Traffic destined for host 10.10.10.216 is exempt from filtering
B. Traffic originating from host 10.10.10.216 is exempt from filtering
C. Any host except 10.10.10.216
D. Only host 10.10.10.216
E. Traffic destined for 10.10.10.216 gets sent to the input filter.
F. Traffic originating from 10.10.10.216 gets sent to the input filter
Answer: C
10. Choose the best 2 responses
You have been chosen to manage the new security system that is to be implemented next month in your network. You are determining the type of access control to use. What are the two types of Access Control that may be implemented in a network?
A. Regulatory Access Control
B. Mandatory Access Control
C. Discretionary Access Control
D. Centralized Access Control
E. Distributed Access Control
Answer: BC
11. You are reviewing the IDS logs and during your analysis you notice a user account that had attempted to log on to your network ten times one night between 3 and 4 AM. This is quite different from the normal pattern of this user account, as this user is only in the office from 8AM to 6PM. Had your IDS detected this anomaly, which of the following types of detection best describes this event?
A. External Intrusion
B. Internal Intrusion
C. Misuse Detection
D. Behavioral Use Detection
E. Hybrid Intrusion Attempt
Answer: D
12. You have finished configuration of your ISA server and are in the section where you secure the actual server itself. Of the three options presented to you, which of the following answer best describes the Limited Services option?
A. A Firewall that is a domain controller or an infrastructure server
B. A Firewall that is a stand-alone firewall
C. A Firewall that is a database server or an application server
D. A Firewall that is a stand-alone web server
E. A Firewall that is a domain controller and a web server
Answer: A
13. Choose the best 3 responses
You are creating the User Account section of your organizational security policy. From the following options, select the questions to use for the formation of this section?
A. Are users allowed to make copies of any operating system files (including, but not limited to /etc/passwd or the SAM)?
B. Who in the organization has the right to approve the request for new user accounts?
C. Are users allowed to have multiple accounts on a computer?
D. Are users allowed to share their user account with coworkers?
E. Are users required to use password-protected screensavers?
F. Are users allowed to modify files they do not own, but have write abilities?
Answer: BCD
14. To manage the risk analysis of your organization you must first identify the method of analysis to use. Which of the following organizations defines the current standards of risk analysis methodologies?
A. NIST
B. CERT
C. F-ICRC
D. NBS
E. NSA
Answer: A
Click Online chat to talk with us , get more informations about SCP SCP Certification SC0-402 practice exam study guides questions and answers!
Exam Description
It is well known that SC0-402 exam test is the hot exam of SCP certification. TestInside offer you all the Q&A of the SC0-402 real test . It is the examination of the perfect combination and it will help you pass SC0-402 exam at the first time!
Why choose TestInside SC0-402 braindumps
Quality and Value for the SC0-402 Exam
100% Guarantee to Pass Your SC0-402 Exam
Downloadable, Interactive SC0-402 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.
TestInside SC0-402 Exam Features
Quality and Value for the SC0-402 Exam
TestInside Practice Exams for SCP SC0-402 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your SC0-402 Exam
If you prepare for the exam using our TestInside testing engine, we guarantee your success in the first attempt. If you do not pass the SCP Certification SC0-402 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.
SCP SC0-402 Downloadable, Printable Exams (in PDF format)
Our Exam SC0-402 Preparation Material provides you everything you will need to take your SC0-402 Exam. The SC0-402 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.
SC0-402 Downloadable, Interactive Testing engines
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our SCP SC0-402 Exam will provide you with free SC0-402 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the SC0-402 Exam:100% Guarantee to Pass Your SCP Certification exam and get your SCP Certification Certification.
http://www.wholetestinside.com/ The safer.easier way to get SCP Certification Certification.
My Shopping Cart
