Free SCP SC0-502 Practice Test & Real Exam Questions
For the past month, the employees in the executive building have been getting adjusted to their new authentication systems. There was a large spike in help desk calls the first week, which has gone down daily, and now there are fewer login related calls than there was when the office used passwords alone.
During your weekly meeting with Blue, the authentication subject is discussed, "So far, the system is working well. Our call volume has dropped, and it seems that most people are getting used to the tokens. There is one issue, however."
"Really, what's that?" you ask.
"It seems that the senior executives are not that keen on carrying the new tokens around with them. They are asking for a way to authenticate without carrying anything, but still have it be secure."
"All right, do we have a budget?"
"Yes, however there are not that many senior executives, so the cost isn the primary issue; although we do want to keep the costs down as much as possible."
"So, what limitations do I have?"
"Well you need to be sure it easy to use, is unintrusive, won't require too much training, won't be all that expensive, and provides for strong authentication." Blue tells you.
Based on this information, choose the best solution to the authentication problem for the senior executives on the fourth floor.}
During your weekly meeting with Blue, the authentication subject is discussed, "So far, the system is working well. Our call volume has dropped, and it seems that most people are getting used to the tokens. There is one issue, however."
"Really, what's that?" you ask.
"It seems that the senior executives are not that keen on carrying the new tokens around with them. They are asking for a way to authenticate without carrying anything, but still have it be secure."
"All right, do we have a budget?"
"Yes, however there are not that many senior executives, so the cost isn the primary issue; although we do want to keep the costs down as much as possible."
"So, what limitations do I have?"
"Well you need to be sure it easy to use, is unintrusive, won't require too much training, won't be all that expensive, and provides for strong authentication." Blue tells you.
Based on this information, choose the best solution to the authentication problem for the senior executives on the fourth floor.}
Correct Answer: E
Vote an answer
You had been taking a short vacation, and when you come into work on Monday morning, Blue is already at your door, waiting to talk to you.
"We're got a problem," Blue says, "It seems that the password used by our Vice President of Engineering has been compromised." Over the weekend, we found this account had logged into the network 25 times. The Vice President was not even in the office over the weekend."
"Did we get the source of the compromise yet?"
"No, but it won't surprise me if it is our new neighbors at MassiveCorp. I need to you to come up with a realistic plan and bring it to me tomorrow afternoon. This problem must be resolved, and like everything else we do not have unlimited funds so keep that in mind."
Based on this information, choose the best solution to the password local authentication problem in the Executive building.}
"We're got a problem," Blue says, "It seems that the password used by our Vice President of Engineering has been compromised." Over the weekend, we found this account had logged into the network 25 times. The Vice President was not even in the office over the weekend."
"Did we get the source of the compromise yet?"
"No, but it won't surprise me if it is our new neighbors at MassiveCorp. I need to you to come up with a realistic plan and bring it to me tomorrow afternoon. This problem must be resolved, and like everything else we do not have unlimited funds so keep that in mind."
Based on this information, choose the best solution to the password local authentication problem in the Executive building.}
Correct Answer: E
Vote an answer
You got the router configured just as you wish, and it is time to get the team together for a meeting. You have the advantage of knowing several of these people for quite some time through your contracting, but this will be your first full meeting with them.
The next day, you sit down with the CEO, HR Director, and other management people in MegaCorp. You wish for the meeting to be as short as possible, so in this initial meeting, you open with a short summary and project what you feel is a serious problem with the company.
"Thanks for coming. I will try to keep this as brief as possible. As you all know, Red was let go under difficult circumstances, and for the last week I have been working non-stop to get the network and security under control here. Very good progress has been made, but we are missing a fundamental component. There is no security policy here at MegaCorp." To this, you see some heads nod in agreement, others have no reaction whatsoever, and a few people let go disappointing sighs.
"I agree that we need a security policy," adds the HR Director, "as long as it doesn't become too restrictive."
"Policies are only used to document the posture of the organization, and to provide some guidance in the direction of the network and, in this case, the security of the network." You add, "Without a written policy, how is any employee supposed to know what is acceptable, what is not acceptable, and so on."
"Our employees have common sense, we do not want the company to become overly regulated," says a middle manager who you have not spoken with before.
"Common sense is great, the more the employees have, and the easier it is to implement the policies. But, there is no guarantee for the human element. A simple review of what just took place with Red is a quick reminder of this." With that comment, the middle manager relaxed a bit, and hesitantly agreed.
"So, what I would like to do is to lead the development of the policy here, and work with each of you to get it implemented. In the next few days, I will be requesting a bit of your time, so we can talk one on one about your needs and issues surrounding the policy."
The next week, you meet with the management team, and you have a list of questions for them, designed to help you in drafting the security policy. You have decided to break up the creation of the policy into pieces, spending shorter blocks of time on the policy. This allows the management to be able to keep most of their days open for running the company.
During the meeting, you focus solely on the Acceptable Use statement for the users of the network. You ask the following questions to the group, and the consensus answer (after taking your suggestions into account) is listed after each question.
1.Are users allowed to share user accounts? No.
2.Are users allowed to install software without approval? No. Approval must come through you, or the current Chief Security Officer (CSO).
3.Are users allowed to copy software for archive or other purpose? No, archives can only be made by the network administration staff.
4.Are users allowed to read and\or copy files that they do not own, but have access to? Yes.
5.Are users allowed to make copies of any operating system files (such as the Windows directory or the SAM file)? No.
6.Are users allowed to modify files they do not own, but for which they have write abilities? Yes, if they have write abilities, they are allowed to modify the file.
Using the provided information from the meeting, you draft the Acceptable Use Statement. The statement reads as follows:
This Acceptable Use Statement document covers MegaCorp, networks, computers, and computing resources. Network, computer, and computing resources are defined as physical personal computers, server systems, routers, switches, and network cabling. Also included in the definition are software (media) elements such as floppy disks, CD-ROMs (including writeable and re-writeable), DVD-ROMs, and tape backup systems. A user is defined as the individual account with authorization to access MegaCorp, resources. All users of the MegaCorp network are expected to conduct themselves in a respectful and legal manner.
The MegaCorp, general computing systems are unclassified systems. As such, top-level secret information is not to be processed or stored on any general unclassified computer system.
Individual users are responsible for the proper storage of their personal data on their workstations. For assistance on proper storage, users are instructed to contact the Security staff of MegaCorp.
In the event that a user has identified a security breech, weakness, or system misuse in a MegaCorp, system, they are required to contact the on-duty Security staff immediately. Users are to use a completed MegaCorp-TPS Report for their notice to the Security staff. Initial contact with the Security staff about the incident might be conducted via email or telephone.
Individual users are not granted access to systems and resources they have not been given explicit authority to access. In the event access to a resource is required, and access has not been granted, the user is to make a request to the on-duty Security staff.
Individual users shall not make unauthorized copies of copyrighted software, except as permitted by law or by the owner of the copyright.
Individual users are not permitted to make copies of system configuration files for their own, unauthorized personal use or to provide to other people or users for unauthorized uses.
Individual users are not permitted to share, loan, or otherwise allow access to a MegaCorp resource via the user assigned account.
Individual users are not permitted to engage in any online or offline activity with the intent or harass other users; degrade the performance of any MegaCorp, system or resource; impede the ability of an authorized user to access an authorized resource; or attempt to gain access to an unauthorized resource.
Electronic mail resources are for authorized use only. Messages that might be deemed fraudulent, harassing, or obscene shall not be sent from, to, or stored on MegaCorp, systems.
Individual users are not permitted to download, install, or run any unauthorized programs or utilities, including those which reveal weaknesses in the security of a system. This includes, but is not limited to network sniffing tools and password cracking utilities.
Users who are found to be in violation of this policy will be reported to the on-duty Security staff and the MegaCorp CEO. The CEO will determine if the violation will result in the loss of MegaCorp, network privileges. In he event the violation warrants, the CEO may press civil or criminal charges against the user.
I have read and understand the MegaCorp, Acceptable Use Statement, and agree to abide by it.
With this information, and your knowledge of MegaCorp, choose the answer that will provide the best solution for implementing the Acceptable Use statement policy needs of MegaCorp:}
The next day, you sit down with the CEO, HR Director, and other management people in MegaCorp. You wish for the meeting to be as short as possible, so in this initial meeting, you open with a short summary and project what you feel is a serious problem with the company.
"Thanks for coming. I will try to keep this as brief as possible. As you all know, Red was let go under difficult circumstances, and for the last week I have been working non-stop to get the network and security under control here. Very good progress has been made, but we are missing a fundamental component. There is no security policy here at MegaCorp." To this, you see some heads nod in agreement, others have no reaction whatsoever, and a few people let go disappointing sighs.
"I agree that we need a security policy," adds the HR Director, "as long as it doesn't become too restrictive."
"Policies are only used to document the posture of the organization, and to provide some guidance in the direction of the network and, in this case, the security of the network." You add, "Without a written policy, how is any employee supposed to know what is acceptable, what is not acceptable, and so on."
"Our employees have common sense, we do not want the company to become overly regulated," says a middle manager who you have not spoken with before.
"Common sense is great, the more the employees have, and the easier it is to implement the policies. But, there is no guarantee for the human element. A simple review of what just took place with Red is a quick reminder of this." With that comment, the middle manager relaxed a bit, and hesitantly agreed.
"So, what I would like to do is to lead the development of the policy here, and work with each of you to get it implemented. In the next few days, I will be requesting a bit of your time, so we can talk one on one about your needs and issues surrounding the policy."
The next week, you meet with the management team, and you have a list of questions for them, designed to help you in drafting the security policy. You have decided to break up the creation of the policy into pieces, spending shorter blocks of time on the policy. This allows the management to be able to keep most of their days open for running the company.
During the meeting, you focus solely on the Acceptable Use statement for the users of the network. You ask the following questions to the group, and the consensus answer (after taking your suggestions into account) is listed after each question.
1.Are users allowed to share user accounts? No.
2.Are users allowed to install software without approval? No. Approval must come through you, or the current Chief Security Officer (CSO).
3.Are users allowed to copy software for archive or other purpose? No, archives can only be made by the network administration staff.
4.Are users allowed to read and\or copy files that they do not own, but have access to? Yes.
5.Are users allowed to make copies of any operating system files (such as the Windows directory or the SAM file)? No.
6.Are users allowed to modify files they do not own, but for which they have write abilities? Yes, if they have write abilities, they are allowed to modify the file.
Using the provided information from the meeting, you draft the Acceptable Use Statement. The statement reads as follows:
This Acceptable Use Statement document covers MegaCorp, networks, computers, and computing resources. Network, computer, and computing resources are defined as physical personal computers, server systems, routers, switches, and network cabling. Also included in the definition are software (media) elements such as floppy disks, CD-ROMs (including writeable and re-writeable), DVD-ROMs, and tape backup systems. A user is defined as the individual account with authorization to access MegaCorp, resources. All users of the MegaCorp network are expected to conduct themselves in a respectful and legal manner.
The MegaCorp, general computing systems are unclassified systems. As such, top-level secret information is not to be processed or stored on any general unclassified computer system.
Individual users are responsible for the proper storage of their personal data on their workstations. For assistance on proper storage, users are instructed to contact the Security staff of MegaCorp.
In the event that a user has identified a security breech, weakness, or system misuse in a MegaCorp, system, they are required to contact the on-duty Security staff immediately. Users are to use a completed MegaCorp-TPS Report for their notice to the Security staff. Initial contact with the Security staff about the incident might be conducted via email or telephone.
Individual users are not granted access to systems and resources they have not been given explicit authority to access. In the event access to a resource is required, and access has not been granted, the user is to make a request to the on-duty Security staff.
Individual users shall not make unauthorized copies of copyrighted software, except as permitted by law or by the owner of the copyright.
Individual users are not permitted to make copies of system configuration files for their own, unauthorized personal use or to provide to other people or users for unauthorized uses.
Individual users are not permitted to share, loan, or otherwise allow access to a MegaCorp resource via the user assigned account.
Individual users are not permitted to engage in any online or offline activity with the intent or harass other users; degrade the performance of any MegaCorp, system or resource; impede the ability of an authorized user to access an authorized resource; or attempt to gain access to an unauthorized resource.
Electronic mail resources are for authorized use only. Messages that might be deemed fraudulent, harassing, or obscene shall not be sent from, to, or stored on MegaCorp, systems.
Individual users are not permitted to download, install, or run any unauthorized programs or utilities, including those which reveal weaknesses in the security of a system. This includes, but is not limited to network sniffing tools and password cracking utilities.
Users who are found to be in violation of this policy will be reported to the on-duty Security staff and the MegaCorp CEO. The CEO will determine if the violation will result in the loss of MegaCorp, network privileges. In he event the violation warrants, the CEO may press civil or criminal charges against the user.
I have read and understand the MegaCorp, Acceptable Use Statement, and agree to abide by it.
With this information, and your knowledge of MegaCorp, choose the answer that will provide the best solution for implementing the Acceptable Use statement policy needs of MegaCorp:}
Correct Answer: D
Vote an answer
Although you feel that you have taken solid steps in the security of MegaCorp, you would like to have some more analysis and documentation of the state of the network, and the systems in place protecting MegaCorp resources.
The CEO wants to know what MegaCorp should be spending on securing these resources, and wants justification for the numbers that you provide. You inform the group that you will be able to provide them with a Risk Analysis on the defined resources, and you also suggest that MegaCorp perform a full business Risk Analysis, and that they make it part of their policy to perform ongoing analysis.
During the first meeting after the agreement on analysis, a sales manager tells you the following; "We are rolling out a new online sales component to our organization. It will be up to you to design the system for this, but we anticipate it being up and running next month and are looking to have initial revenues of around $1,000 per day through that component."
"All right," you respond "If the initial revenues are going to be around $1,000 per day, what are you projecting will be the daily revenue through this in 6 and 12 months?"
The CEO answers this question, "Our projections are to have an average of about $2,000 per day in six months and $3,000 per day within a year."
"And, what is this system going to be responsible for? By that I mean, is this just an order taking machine, is it tied into inventory, is it tied into shipping, and so on?" you ask.
"Right now, and as far as the current plan goes, this is an order taking system. It will not be tied into any of our other systems."
"Are we going to get a new Internet connection for this server, or is it going to run off the current connection we have? I recommend a new connection, but am curious to know if that has been considered."
"I think we can stick with our current connection for the time being. If it seems like there is a need in the future for the expenses of a new connection, we can discuss it then. Anything else?"
"Not right now, as issues come up I will talk to you about them." The rest of the meeting does not require your attendance, so you head back to your office.
Based on your knowledge of the MegaCorp environment, select the solution that best allow you to justify the expense of protecting the new server.}
The CEO wants to know what MegaCorp should be spending on securing these resources, and wants justification for the numbers that you provide. You inform the group that you will be able to provide them with a Risk Analysis on the defined resources, and you also suggest that MegaCorp perform a full business Risk Analysis, and that they make it part of their policy to perform ongoing analysis.
During the first meeting after the agreement on analysis, a sales manager tells you the following; "We are rolling out a new online sales component to our organization. It will be up to you to design the system for this, but we anticipate it being up and running next month and are looking to have initial revenues of around $1,000 per day through that component."
"All right," you respond "If the initial revenues are going to be around $1,000 per day, what are you projecting will be the daily revenue through this in 6 and 12 months?"
The CEO answers this question, "Our projections are to have an average of about $2,000 per day in six months and $3,000 per day within a year."
"And, what is this system going to be responsible for? By that I mean, is this just an order taking machine, is it tied into inventory, is it tied into shipping, and so on?" you ask.
"Right now, and as far as the current plan goes, this is an order taking system. It will not be tied into any of our other systems."
"Are we going to get a new Internet connection for this server, or is it going to run off the current connection we have? I recommend a new connection, but am curious to know if that has been considered."
"I think we can stick with our current connection for the time being. If it seems like there is a need in the future for the expenses of a new connection, we can discuss it then. Anything else?"
"Not right now, as issues come up I will talk to you about them." The rest of the meeting does not require your attendance, so you head back to your office.
Based on your knowledge of the MegaCorp environment, select the solution that best allow you to justify the expense of protecting the new server.}
Correct Answer: D
Vote an answer
