Exam Code: SC0402 Vendor: IBM Exam Name: Network Defense and Countermeasures (NDC) Cert Name: SCP/SCNP/
Get 30% Discount on SC0402 Economy Pack Economy Pack Includes: 1. SC0402 Economy Pack Comes with 30% Discount 2. SC0402 Practice Test Software And PDF 3. SC0402 Verified Answers And SC0402 Free Updates 4. Instantly Available to Start SC0402 Exam Preparation 5. SC0402 Multiple Learning Modes 6. 24/7 Support on Email and Live Chat Only $111 $99
SC0402 PDF (Questions And Answers)
Format: SC0402 PDF Available for All Devices SC0402 Verified Questions 100% passing guarantee
Only $79 $69
Certification exams in general Giving a certification exam is no mean feat; on it rests the establishment of one’s future career and reputation; thus one must firstly know that according to whichever career they have chosen, they can give a certification exam accordingly. Keeping this mind, one must also think very cleverly of which preparatory material to use.
IBM SC0402 Exam product features Our IBM SC0402 exam products bear features such as giving you access to a PDF which has all of the same questions and answers to the ones in the SCP/SCNP/ certification exam followed by Pass4sureit’s practice test software on which you could test the skills you have recently acquired.
There are many sites that provide preparation material for IBM SCP/SCNP/ SC0402 exam. Keep your eyes open and make a gentle decision while purchasing IBM SC0402 Network Defense and Countermeasures (NDC) exam product. I am going to tell you the most authentic source for IBM SC0402 exam preparation.
Reliability of SC0402 exam product Pass4sureit Our IBM SC0402 Network Defense and Countermeasures (NDC) exam products are highly reliable as they provide you with updated material all the time and they do not ask for or abuse your personal information
Free Updates of SC0402 exam We also provide free updates of SCP/SCNP/ SC0402 exam that we send straight to your inbox, free of charge till your success.
Refund policy for Network Defense and Countermeasures (NDC) exam We provide refunds in a little over seven days if you are dissatisfied with the quality of our SC0 402 Network Defense and Countermeasures (NDC) exam product or feel that it can not really help you out. Once your purchase our product; your success will become our responsibility.
Security and Privacy Pass4sureit We will also ensure that all of your private data remains secure due to Pass4sureit’s high security protocols such as McAfee, Norton antivirus or even SSL64.We will also ensure that your personal data fed online remains private as we will ascertain that it is not made use of by viruses or stolen by hackers.
Selfassessment feature of IBM SC0402 Practice Software Our IBM SC0402 Network Defense and Countermeasures (NDC) exam product will also surely make you realize how well you are improving over time as you continue to practice and use our SCP/SCNP/ certification exam product. You can assess and improve yourself with the help of selfassessment feature.
User friendly interface of IBM SC0402 exam product Our SC0402 SCP/SCNP/ certification exam products have a highly user friendly interface that will make working with it via clients and customers much easier.
Customizable learning experience We also offer a highly customizable learning experience as you can set your exam preferences according to your preparation objective. We would recommend you to try our free demo and if it fulfills your expectations then you ought to buy the entire SC0402 certification exam
SCP SC0-402
Exam Name: Network Defense and Countermeasures (NDC)
http://www.pass4sureit.com/SC0-402-practicetest.html
Product: Demo
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
Question: 1 You are creating the User Account section of your organizational security policy. From the following options, select the questions to use for the formation of this section? A. Are users allowed to make copies of any operating system files (including, but not limited to /etc/passwd or the SAM)? B. Who in the organization has the right to approve the request for new user accounts? C. Are users allowed to have multiple accounts on a computer? D. Are users allowed to share their user account with coworkers? E. Are users required to use password-protected screensavers? F. Are users allowed to modify files they do not own, but have write abilities?
Answer: BCD Question: 2 You are examining a packet from an unknown host that was trying to ping one of your protected servers and notice that the packets it sent had an IPLen of 20 byes and DgmLen set to 60 bytes. What type of operating system should you believe this packet came from? A. Linux B. SCO C. Windows D. Mac OSX E. Netware
Answer: C Question: 3 You have found a user in your organization who has managed to gain access to a system that this user was not granted the right to use. This user has just provided you with a working example of which of the following? A. Intrusion B. Misuse C. Intrusion detection D. Misuse detection E. Anomaly detection
Answer: A Page |2 Page |2
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
Question: 4 You are configuring your new IDS machine, where you have recently installed Snort. While you are working with this machine, you wish to create some basic rules to test the ability to log traffic as you desire. Which of the following Snort rules will log any tcp traffic from any host other than 172164050 using any port, to any host in the 100100/24 network using any port? A. log udp ! 172164050/32 any -> 100100/24 any B. log tcp ! 172164050/32 any -> 100100/24 any C. log udp ! 172164050/32 any <> 100100/24 any D. log tcp ! 172164050/32 any <> 100100/24 any E. log tcp ! 172164050/32 any <- 100100/24 any
Answer: B Question: 5 What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts were part of a bigger intrusion, or would help discover infrequent attacks?
A. 5 B. 9 C. 12 D. 10 E. 4
Answer: C Page |3 Page |3
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
Question: 6 You are reviewing your company’s IPChains Firewall and see the command (minus the quotes) “ ! 101010216” as part of a rule, what does this mean? A. Traffic destined for host 101010216 is exempt from filtering B. Traffic originating from host 101010216 is exempt from filtering C. Any host except 101010216 D. Only host 101010216 E. Traffic destined for 101010216 gets sent to the input filter. F. Traffic originating from 101010216 gets sent to the input filter
Answer: C Question: 7 You have just installed a new firewall and explained the benefits to your CEO. Next you are asked what some of the limitations of the firewall are. Which of the following are issues where a firewall cannot help to secure the network? A. Poor Security Policy B. Increased ability to enforce policies C. End node virus control D. Increased ability to enforce policies E. Social Engineering
Answer: ACE Question: 8 You have been chosen to manage the new security system that is to be implemented next month in your network. You are determining the type of access control to use. What are the two types of Access Control that may be implemented in a network? A. Regulatory Access Control B. Mandatory Access Control C. Discretionary Access Control D. Centralized Access Control E. Distributed Access Control
Answer: BC Question: 9 Page |4 Page |4
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
To manage the risk analysis of your organization you must first identify the method of analysis to use. Which of the following organizations defines the current standards of risk analysis methodologies? A. NIST B. CERT C. F-ICRC D. NBS E. NSA
Answer: A Question: 10 Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?
A. Trojan Horse Scan B. Back Orifice Scan C. NetBus Scan D. Port Scan E. Ping Sweep
Answer: B Question: 11
Page |5 Page |5
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
Which of the following defines the security policy to be used for securing communications between the VPN Client and Server? A. Encapsulating Delimiters B. Security Authentications C. Encapsulating Security Payload D. Security Associations E. Authentication Header
Answer: D Question: 12 After a meeting between the IT department leaders and a security consultant, they decide to implement a new IDS in your network. You are later asked to explain to your team the type of IDS that is going to be implemented. Which of the following best describes the centralized design of a HostBased IDS? A. In a Centralized design, sensors (also called agents) are placed on each key host throughout the network analyzing the network traffic for intrusion indicators. Once an incident is identified the sensor notifies the command console. B. In a Centralized design, the agents is on the single command console as the one that performs the analysis. There is a significant advantage to this method. The intrusion data can be monitored in realtime. C. In a Centralized design, the IDS uses what are known as agents (also called sensors). These agents are in fact small programs running on the hosts that are programmed to detect network traffic intrusions. They communicate with the command console, or a central computer controlling the IDS. D. In a Centralized design, sensors are installed in key positions throughout the network, and they all report to the command console. The sensors in this case, are full detection engines that have the ability to sniff network packets, analyze for known signatures, and notify the console with an alert if an intrusion is detected. E. In a Centralized design, the data is gathered and sent from the host to a centralized location. There is no significant performance drop on the hosts because the agents simply gather information and send them elsewhere for analysis. However, due to the nature of the design, there is no possibility of real-time detection and response.
Answer: E Question: 13 You are reviewing the IDS logs and during your analysis you notice a user account that had attempted to log on to your network ten times one night between 3 and 4 AM. This is quite different from the normal pattern of this user account, as this user is only in the office from 8AM to 6PM. Had your IDS detected this anomaly, which of the following types of detection best describes this event? A. External Intrusion B. Internal Intrusion Page |6 Page |6
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
C. Misuse Detection D. Behavioral Use Detection E. Hybrid Intrusion Attempt
Answer: D Question: 14 You have finished configuration of your ISA server and are in the section where you secure the actual server itself. Of the three options presented to you, which of the following answer best describes the Limited Services option? A. A Firewall that is a domain controller or an infrastructure server B. A Firewall that is a stand-alone firewall C. A Firewall that is a database server or an application server D. A Firewall that is a stand-alone web server E. A Firewall that is a domain controller and a web server
Answer: A Question: 15 You have been given the task of installing a new firewall system for your network. You are analyzing the different implementation options. Which of the following best describes a Screened Host? A. This is when one device is configured to run as a packet filter, granting or denying access based on the content of the headers. B. This is when a packet is received on one interface and sent out another interface. C. This is when a device has been configured with more than one network interface, and is running proxy software to forward packets back and forth between the interfaces. D. This is when the device reads only the session layer and higher headers to grant or deny access to the packet. E. This is when the network is protected by multiple devices, one running as a proxy server and another as a packet filter. The packet filter only accepting connections from the proxy server.
Answer: E Question: 16 You have configured your network to use Firewall-1 and you manage it from the Management GUI. What are the three applications that make up the Management GUI for Firewall-1?
Page |7 Page |7
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
A. GUI Controller B. Log Viewer C. Status Viewer D. Policy Editor E. Packet Editor
Answer: BCD Question: 17 While preparing to implement a new security policy at your company, you have researched the many reasons people are both accepting and resisting of new policies. Which of the following is not a reason for an employee to resist a new security policy? A. The employee simply does not like change, and takes a while to get used to new things. B. The employee is a new hire, and interprets the policy as a requirement and part of the new hire paperwork. C. The employee is convinced the policy will impact his or her ability to do their job, which could be viewed as in the way of their career. D. The employee simply likes to be in the middle, and â&#x20AC;&#x153;rock the boat.â&#x20AC;? E. The employee is convinced the organization is spying on their every move, and do not want their work place to fall under the bigbrother pattern.
Answer: B Question: 18 What technology is being employed to resist SYN floods by having each side of the connection attempt create its own sequence number (This sequence number contains a synopsis of the connection so that if/when the connection attempt is finalized the fist part of the attempt can be re-created from the sequence number)? A. SYN cookie B. SYN floodgate C. SYN gate D. SYN damn E. SYN flood break
Answer: A Question: 19 To verify that your IPSec implementation is working as you intended, you sniff the network after the implementation has been completed. You are looking for specific values in the captures that will Page |8 Page |8
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
indicate to you the type of packets received. You analyze the packets, including headers and payload. IPSec works at which layer of the OSI model? A. Layer 1 B. Layer 2 C. Layer 3 D. Layer 4 E. Layer 5
Answer: C Question: 20 After a meeting between the IT department leaders and a security consultant, they decided to implement a new IDS in your network. You are later asked to explain to your team the type of IDS that is going to be implemented. Which of the following best describes the distributed design of HostBased IDS? A. In a Distributed design, the network intrusion data is gathered and sent from the host to a single location. There is no significant performance drop on the hosts because the agents simply gather information and send them elsewhere for analysis. However, due to the nature of the design, there is no possibility of real-time detection and response. B. In a Distributed design, the IDS uses what are known as agents (also called sensors) to capture the network intrusion data. These agents are in fact small programs running on the hosts that are programmed to detect intrusions upon the host. They communicate with the command console, or a central computer controlling the IDS. C. In a Distributed design, the agents on the hosts are the ones that perform the analysis. There is a significant advantage to this method. The intrusion data can be monitored in real-time. The flip side to this is that the hosts themselves may experience a bit of a performance drop as their computer is engaged in this work constantly. D. In a Distributed design, sensors (also called agents) are placed on each key host throughout the network analyzing the network traffic for intrusion indicators. Once an incident is identified the sensor notifies the command console. E. In a Distributed design, sensors are installed in key positions throughout the network, and they all report to the command console. The sensors in this case, are full detection engines that have the ability to sniff network packets, analyze for known signatures, and notify the console with an alert if an intrusion is detected.
Answer: C Question: 21 You are configuring your new IDS machine, and are creating new rules. You enter the following rule: Alert tcp any any -> 100100/24 any (msg: â&#x20AC;&#x153;SYN-FIN scan detectedâ&#x20AC;?; flags: SF;) What is the effect of this rule? A. This is an alert rule, designed to notify you of SYN-FIN scans of the network in one direction. B. This is an alert rule, designed to notify you of SYN-FIN scans of the network in either direction. Page |9 Page |9
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
C. This is a logging rule, designed to capture SYN-FIN scans. D. This is a logging rule, designed to notify you of SYN-FIN scans. E. This is an alert rule, designed to notify you of SYN-FIN scans originating from the 100100/24 network.
Answer: A Question: 22 In your network there is an ISA server running as the firewall. It is a simple design, a single machine with two network cards. You are configuring the Access Policies on this machine. What is the function of the Site and Content Rules section of the Access Policy? A. Site and Content Rules determine which protocols can be used to communicate with the Internet. B. Site and Content Rules determine if specified users will be able to access specified content on specified destination computers. C. Site and Content Rules either allow or disallow specific packets destined for specific nodes on the network D. Site and Content Rules either allow or disallow a specific port to the entire network. E. Site and Content Rules determine if specific ports are to be accessed by specific subnets in the network.
Answer: B Question: 23 Select the answers that correctly match the Firewall-1 component with their functions: A. Firewalled Gateway: The machine running the VPN-1/FW-1 module. B. Management Server: The machine on which the Security Policy is maintained. C. GUI Client: The machine hosts a GUI that can configure the Management Server. D. GUI Client: The machine running the VPN-1/FW-1 via a GUI. E. Firewalled Gateway: The machine on which the Security Policy is maintained.
Answer: ABC Question: 24 The organization you work for has recently decided to have a greater focus on security issues. You run the network, and are called in the meeting to discuss these changes. After the initial meeting you are asked to research and summarize the major issues of network security that you believe the organization should address. What are Network Securityâ&#x20AC;&#x2122;s five major issues? A. Authorization and Availability P a g e | 10 P a g e | 10
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
B. Administration C. Integrity D. Confidentiality E. Encapsulation F. Encryption G. Non-Repudiation H Authentication
Answer: ACDGH Question: 25 You have been hired at a large company to manage network security issues. Prior to your arrival, there was no one dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the main functions and features of network security. One of your assistants asks what the function of Integrity in network security is. Which of the following best describes Integrity? A. The security must limit user privileges to minimize the risk of unauthorized access to sensitive information and areas of the network that only authorized users should only be allowed to access. B. Integrity verifies users to be who they say they are. In data communications, the integrity of the sender is necessary to verify that the data came from the right source. The receiver is authenticated as well to verify that the data is going to the right destination. C. Data communications as well as emails need to be protected for privacy and Integrity. Network security must provide a secure channel for the transmission of data and email that does not allow eavesdropping by unauthorized users. Integrity ensures the privacy of data on the network system. D. Integrity is a security principle that ensures the continuous accuracy of data and information stored within network systems. Data must be kept from unauthorized modification, forgery, or any other form of corruption either from malicious threats or corruption that is accidental in nature. Upon receiving the email or data communication, integrity must be verified to ensure that the message has not been altered, modified, or added to or subtracted from in transit by unauthorized users. E. Security must be established to prevent parties in a data transaction from denying their participation after the business transaction has occurred. This establishes integrity for the transaction itself for all parties involved in the transaction.
Answer: D Question: 26 You have been chosen to manage the new security system that is to be implemented next month in your network. You are determining the type of access control to use. What are the two types of Access Control that may be implemented in a network? A. Regulatory Access Control B. Mandatory Access Control C. Discretionary Access Control D. Centralized Access Control E. Distributed Access Control P a g e | 11 P a g e | 11
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
Answer: BC Question: 27 To increase the security of the network, you have decided to implement a solution using authentication tokens. You are explaining this to a coworker who is not familiar with tokens. What are Authentication Tokens? A. An authentication token is a software program that is installed on each user computer. Upon execution of the program, each user will be authenticated into the network. B. An authentication token is a hardware device that is to be installed, either via a parallel or serial port. Once the user has installed the token, he or she will be able to access the resources on the network that they have been granted access. C. An authentication token is a portable device, such as a handheld computer, that stores an authenticating sequence, that the user will enter after logging into the system to gain access to network resources. D. An authentication token is a software program that is installed on the main server of the network. As the user is logging in, the server will instruct the user for username and password. E. An authentication token is a portable device used for authenticating a user, thereby allowing authorized access into a network system.
Answer: E Question: 28 You have decided to implement a token system in your network for authentication purposes. The following lists the steps of The Challenge Response Process, authenticating with a server: a. The user begins the logon sequence. b. The user types in the User ID from the requesting PC. c. Activate the token by changing the PIN to one known only to the user. User enters the chosen PIN on the token. d. The NAS passes the PIN and User ID to the authentication server as part of the logon request. e. The authentication server generates a random challenge and sends it back to the user via the connection through the NAS. f. The user types the challenge into the token, which then encrypts it using its internal DES key. g. It is then sent to the user where it appears on his requesting PC screen. h. The token displays the encrypted response. i. The user types the encrypted response into the requesting PC keyboard. j. The authentication server sends a message to the NAS to allow the user access. k. The authentication server receives the response and using the same DES key that the token used, processes it, and verifies the user and the token. Please put these steps in the order required for the process to function properly? A. a, c, b, d, e, g, f, h, i, k, j B. c, a, b, d, e, g, f, h, i, k, j C. a, b, c, d, e, f, g, h, i, j, k D. c, a, b, d, e, f, g, h, i, j, k P a g e | 12 P a g e | 12
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
E. a, b, c, d, e, g, f, h, i, k, j
Answer: B Question: 29 As you increase the layers of security in your organization, you must watch the network behavior closely. How can a firewall have a negative impact on the performance of your network? A. It can authorize sensitive information from the wrong host B. It can block needed traffic C. It can decrypt secure communications that were supposed to get past the firewall encrypted D. It can restrict bandwidth based on QoS E. It can filter packets that contain virus signatures
Answer: B Question: 30 You were recently hired as the security administrator of a small business. You are reviewing the current state of security in the network and find that the current logging system must be immediately modified. As the system is currently configured, auditing has no practical value. Which of the following are the reasons that the current auditing has little value? A. The logs go unchecked. B. The logs are automatically deleted after three months. C. The logs are deleted using FIFO and capped at 500Kb. D. The only auditing is successful file access events. E. The logs are deleted using FIFO and capped at 5000Kb.
Answer: AD
P a g e | 13 P a g e | 13
We also offer PRACTICE TEST SOFTWARE with Actual Exam Questions - Try free demo from our Website
THANKS FOR TRYING THE DEMO OF OUR PRODUCT
Visit Our Site to Purchase the Full Set of Actual SC0-402 Exam Questions with Answers.
http://www.pass4sureit.com/SC0-402-practice-test.html
We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Download Free Product Demo From Our Web Site:
Money Back Guarantee
http://www.pass4sureit.com/SC0-402-practice-test.html
P a g e | 14 P a g e | 14