Docstoc

BeITCertified SCP Free Download Actual SC0-411 exam questions dumps as PDF

Document Sample
BeITCertified SCP Free Download Actual SC0-411 exam questions dumps as PDF Powered By Docstoc
					Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                            Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                        Total Questions:      574

Question: 1
If an attacker uses a program that sends thousands of email messages to every user of the
network, some of them with over 50MB attachments. What are the possible consequences to the
email server in the network?

A. Server hard disk can fill to capacity
B. Client hard disks can fill to capacity
C. Server can completely crash
D. Network bandwidth can be used up
E. Clients cannot receive new email messages

Answer: A, C

Question: 2
You have recently installed an Apache Web server on a Red Hat Linux machine. When you
return from lunch, you find that a colleague has made a few configuration changes. One thing you




                                                               om
notice is a .htpasswd file. What is the function of this file?

A. It is a copy of the /etc/passwd file for Web access
B. It is a copy of the etc/shadow file for Web access
C. It is a listing of all anonymous users to the Web server




                                                         .c
D. It is a listing of http users and passwords for authentication
E. It is a database file that can be pulled remotely via a web interface to identify currently logged
   in users.                                     d
                                              ie
Answer: D
                                         tif

Question: 3
In order to perform promiscuous mode captures using the Ethereal capture tool on a Windows
                                 er


2000 machine, what must first be installed?

A. IPv4 stack
                           C



B. IPv6 stack
C. WinPcap
                    IT




D. Nothing, it will capture by default
E. At least two network adapters
          Be




Answer: C

Question: 4
In a TCP Header, what is the function of the first sixteen bits?

A. To define the type
B. To define the IP Version
C. To define the destination port number
D. To define the upper layer protocol
E. To define the source port number

Answer: E

Question: 5
You are configuring the IP addressing for your network. One of the subnets has been defined with
addresses already. You run ifconfig on a host and determine that it has an address of
172.18.32.54 with a mask of 255.255.254.0. What is the network ID to which this host belongs?


Page 1 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574

A. 172.18.0.0
B. 0.0.32.0
C. 172.0.0.0
D. 172.18.32.32
E. 172.18.32.0

Answer: E

Question: 6
You are configuring the Access Lists for your new Cisco Router. The following are the commands
That are entered into the router for the list configuration. Router(config)#access-list 145 deny tcp
any 10.10.0.0 0.0.255.255 eq 80
Router(config)#access-list 145 deny tcp any 10.10.0.0 0.0.255.255 eq 119
Router(config)#access-list 145 permit ip any any
Router(config)#interface Serial 0
Router(config-if)#ip access-group 145 in




                                                             om
Router(config-if)#interface Ethernet 0
Router(config-if)# ip access-group 145 in
Router(config-if)#interface Ethernet 1
Router(config-if)# ip access-group 145 in
Router(config-if)#interface Ethernet 2




                                                       .c
Router(config-if)# ip access-group 145 in
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.                                d
                                             ie
                                      tif
                               er
                          C
                   IT
          Be




A. Permit network 10.10.10.0 to access NNTP on the Internet
B. Permit network 10.10.10.0 to access NNTP on network 10.10.11.0
C. Permit network 10.10.10.0 to access NNTP on network 10.10.12.0
D. Deny network 10.10.10.0 to access Internet WWW sites

Page 2 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574

E. Permit network 10.10.10.0 to access Internet WWW sites

Answer: A, E

Question: 7
You are configuring the dial up options in your Windows 2000 network. While you do so, you are
studying the configuration options available to you. You notice the term RADIUS used often
during your research. What does RADIUS provide?

A. RADIUS is used to define the implementation method of Kerberos in a network.
B. RADIUS is used to define the implementation method of PKI in a network.
C. RADIUS is used to define the implementation method of Biometrics in a network.
D. RADIUS is a standard that provides authorization, authentication, identification, and
   accounting services.
E. RADIUS is a standard that defines the methods used to secure the connections between a
   dialup client and a dialup server.




                                                             om
Answer: D

Question: 8
You are in the process of securing several new machines on your Windows 2000 network. To




                                                      .c
help with the process Microsoft has defined a set of Security Templates to use in various
situations. Which of the following best describes the Basic Security Template?
                                               d
A. This template is provided as a way to reverse the implementation of different Windows 2000
                                            ie
   security settings, except for user rights.
B. This template is provided so that Local Users have ideal security settings, while Power Users
                                      tif

   have settings that are compatible with NT 4 Users.
C. This template is provided to implement suggested security settings for all security areas,
                               er


   except for the following: files, folders, and Registry keys.
D. This template is provided to create the maximum level of security for network traffic between
   Windows 2000 clients.
                         C



E. This template is provided to allow for an administrator to run legacy applications on a DC.
                   IT




Answer: A

Question: 9
          Be




The exhibit shows a router with three interfaces E0, E1 and S0. Interfaces E0 and E1 are
connected to internal networks 192.168.10.0 and 192.168.20.0 respectively and interface S0 is
connected to the Internet. The objective is to allow two hosts, 192.168.20.16 and 192.168.10.7
access to the Internet while all other hosts are to be denied Internet access. All hosts on network
192.168.10.0 and 192.168.20.0 must be allowed to access resources on both internal networks.
From the following, select all the access list statements that are required to make this possible.




Page 3 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:       574




                                                              om
                                                d       .c
                                             ie
                                       tif
A. access-list 53 permit 192.168.20.16 0.0.0.0
B. access-list 80 permit 192.168.20.16 0.0.0.0
C. access-list 53 deny 0.0.0.0 255.255.255.255
                                er


D. access-list 80 permit 192.168.10.7 0.0.0.0
E. int S0, ip access-group 53 out
                          C



F. int S0, ip access-group 80 out
                   IT




Answer: B, D, F

Question: 10
          Be




Which of the following fields are found in a user account's line in the /etc/passwd file?

A. The User Identifier assigned to the user account
B. The home directory used by the user account
C. The number of days since the user account password was changed
D. The full name for the user account
E. The number of days until the user account's password must change

Answer: A, B, D

Question: 11
When a new user account is created in Linux, what values are assigned?

A. Shell_GID
B. SetGID
C. SetUID
D. UID
E. GID


Page 4 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                       Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                   Total Questions:      574



Answer: D, E

Question: 12
You are creating the contingency plan, and are trying to take into consideration as many of the
disasters as you can think of. Which of the following are examples of technological disasters?

A. Hurricane
B. Terrorism
C. Tornado
D. Virus
E. Trojan Horse

Answer: B, D, E

Question: 13




                                                           om
One way to find out more about a company's infrastructure layout is to send email to a non-
existent user of the target organization. When this email bounces back as undeliverable, you can
read the message source. Which of the following pieces of information can be derived from the
returned message source?




                                                     .c
A. Target company's email server's hostname.
B. Target company's email server's public IP address.
                                                 d
C. Target company's internal IP addressing scheme.
D. Target company's email server's application name and version, if provided.
                                              ie
E. Target company's employees' email addresses.
                                      tif

Answer: A, B, D
                               er


Question: 14
You work for a mid sized ISP on the West Coast of the United Kingdom. Recently you have
noticed that there are an increasing number of attacks on the Internet routers used in the
                         C



company. The routers are physically secured well, so you can be somewhat confident the attacks
are all remote. Which of the following are legitimate threats the routers are facing, under this
                  IT




situation?

A. Damaged Cables
          Be




B. False Data Injection
C. Social Engineering
D. Unauthorized Remote Access
E. Denial of Service

Answer: BDE

Question: 15
In order to add to your layered defense, you wish to implement some security configurations on
your router. If you wish to have the router work on blocking TCP SYN attacks, what do you add to
the end of an ACL statement?

A. The IP addresses for allowed networks
B. The port range of allowed applications
C. The word Established
D. The word Log
E. The string: no service udp-small-servers


Page 5 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                     Exam Code:            SC0-411
Doc Type:            Q & A with Explanations                 Total Questions:      574

Answer: C

Question: 16
If you are looking for plain-text ASCII characters in the payload of a packet you capture using
Network Monitor, which Pane will provide you this information?

A. Summary Pane
B. Packet Pane
C. Collection Pane
D. Hex Pane
E. Detail Pane

Answer: D

Question: 17
In order to properly manage the network traffic in your organization, you need a complete




                                                           om
understanding of protocols and networking models. In regards to the 7-layer OSI model, what is
the function of the Transport Layer?

A. The Transport layer allows two applications on different computers to establish, use, and end
   a session. This layer establishes dialog control between the two computers in a session,




                                                     .c
   regulating which side transmits, plus when and how long it transmits.
B. The Transport layer manages logical addresses. It also determines the route from the source
                                                d
   to the destination computer and manages traffic problems, such as routing, and controlling
   the congestion of data packets.
                                             ie
C. The Transport layer packages raw bits from the Physical (Layer 1) layer into frames
   (structured packets for data). Physical addressing (as opposed to network or logical
                                       tif

   addressing) defines how devices are addressed at the data link layer. This layer is
   responsible for transferring frames from one computer to another, without errors. After
                                er


   sending a frame, it waits for an acknowledgment from the receiving computer.
D. The Transport layer transmits bits from one computer to another and regulates the
   transmission of a stream of bits over a physical medium. For example, this layer defines how
                           C



   the cable is attached to the network adapter and what transmission technique is used to send
   data over the cable.
                     IT




E. The Transport layer handles error recognition and recovery. It also repackages long
   messages, when necessary, into small packets for transmission and, at the receiving end,
   rebuilds packets into the original message. The corresponding Transport layer at the
          Be




   receiving end also sends receipt acknowledgments.

Answer: E

Question: 18
Which of the following is implemented in an IPv6 environment, which helps to increase security?

A. EFS
B. IPsec
C. Caching
D. S/MIME
E. Destination and Source Address Encryption

Answer: B

Question: 19
You wish to add a new group to your Linux system. The group is called SCNP_Admins, and is to
be given a Group Identifier of 1024. What is the correct command to add this new group?

Page 6 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                           Exam Code:              SC0-411
Doc Type:            Q & A with Explanations                       Total Questions:        574



A. addgroup SCNP_Admins -id 1024
B. groupadd -g 1024 SCNP_Admins
C. addgroup SCNP_Admins id/1024
D. groupadd id/1024 g/SCNP_Admins
E. groupadd g/1024 SCNP_Admins

Answer: B

Question: 20
You have recently hired an assistant to help you with managing the security of your network. You
Are currently running an all Windows environment, and are describing NTFS permission issues.
You are using some demonstration files to help with your discussion. You have two NTFS
partitions, C:\ and D:\ There is a test file, C:\DIR1\test.txt that is currently set so that only
Administrators have Full Control. If you move this file to the C:\DIR2 folder, what will the
permissions be for this file?




                                                                om
A. The file will have the same permissions as D:\DIR2
B. The file permissions will remain the same
C. The file permissions will be lost
D. The file permissions will convert to Everyone - Full Control




                                                          .c
E. The permissions will be set to whatever the CREATOR OWNER permissions are for the D:\
   partition

Answer: B
                                                  d
                                               ie
Question: 21
                                        tif

If you wish to change the permissions of a parent directory in your Linux system, and want the
permissions to be changed on the files and subdirectories in the parent directory to be the same,
                                 er


what switch must you use?

A. -G
                           C



B. -R
C. -P
                    IT




D. -S
E. -F
          Be




Answer: B

Question: 22
You are reviewing the Xinetd configuration file for the ftp service. If the following line found in this
file, what is the line's function?
redirect = 192.168.10.1 3456

A. That only 192.168.10.1 can make ftp requests
B. That only hosts in the 192.168.10.0/24 network can make ftp requests
C. That only 3456 connections are allowed to the ftp service on 192.168.10.1
D. That the overall Xinetd configuration has redirect lines in it
E. That the ftp service is redirected to IP 192.168.10.1 on port 3456

Answer: E

Question: 23
You are creating the contingency plan for the network in hospital where you just started working.


Page 7 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574

The network has about 300 PCs, about 50 Servers, and is interconnected into some of the critical
patient systems for monitoring purposes. What is the appropriate level of backup power for this
type of network?

A. Building Generator
B. Personal UPS
C. Alternative Fuel-Cell Technology
D. Server Rack UPS
E. Electrical Company

Answer: A

Question: 24
In the last few days, users have reported to you that they have each received two emails from an
unknown source with file attachments. Fortunately the users have listened to your training and no
one has run the attached program. You study the attachment on an isolated computer and find




                                                            om
that it is a program that is designed to execute a payload when the system clock registers 10:10
PM on February 29. Which of the following best identifies the type of program is the attachment?

A. Mail Bomb
B. Logic Bomb




                                                      .c
C. Polymorphic Virus
D. Stealth Virus
E. Polymorphic Trojan                          d
                                            ie
Answer: B
                                      tif

Question: 25
What is the function of the HFNetChk tool from Microsoft?
                               er


A. To check for the current Hotfixes that are available from Microsoft
B. It is an upgrade to the Windows Update tool for checking on all updates
                         C



C. It is the tool that must be run prior to installing IIS 5.0
D. It is the tool that checks the network configuration of all web servers
                  IT




E. To record what Hotfixes and service packs are running on the Windows machine

Answer: E
          Be




Question: 26
When you took over the security responsibilities at your office, you noticed there were no warning
banners on any of the equipment. You have decided to create a warning login banner on your
Cisco router. Which of the following shows the correct syntax for the banner creation?

A. banner login C Restricted access. Only authorized users allowed to access this device. C
B. login banner C Restricted access. Only authorized users allowed to access this device. C
C. banner login Restricted access. Only authorized users allowed to access this device.
D. login banner Restricted access. Only authorized users allowed to access this device.
E. banner logging C Restricted access. Only authorized users allowed to access this device. C

Answer: A

Question: 27
You are configuring a wildcard mask for the subnet 10.12.24.0 / 255.255.248.0. Which of the
following is the wildcard mask to use for this subnet?


Page 8 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:       574

A. 0.255.255.255
B. 10.12.24.255
C. 0.0.248.0
D. 255.255.248.0
E. 0.0.7.255

Answer: E

Question: 28
In your network, you manage a mixed environment of Windows, Linux, and UNIX computers. The
clients run Windows 2000 Professional and Windows NT 4.0 Workstation, while the Servers are
UNIX and Linux based with custom applications. During routine administration you successfully
ping several nodes in the network. During this you are running a packet capture for further
analysis. When examining one of the frames you notice that the Ethernet address for the source
is 1ED0.097E.E5E9 and that for the destination is 1ED0.096F.5B13. From this information you
gather that:




                                                             om
A. They are in different networks
B. The destination address is in the 1ED0 subnet
C. The network cards are by the same manufacturer
D. The destination address is in the 1ED0.09AA subnet




                                                       .c
E. The source and destination share the same MAC subnet

Answer: C                                       d
                                             ie
Question: 29
As you become more involved in the security and networking of your organization, you wish to
                                      tif

learn the exact details of the protocols in use. It is suggested to you, by a friend, that you check
the RFC for each protocol. What is an RFC?
                               er


A. An RFC is a program that has a searchable index to troubleshoot network problems.
B. An RFC is a document that discusses issues surrounding the Internet, networking
                          C



   technologies, and/or networking protocols.
C. An RFC is a hidden resource, which can be called up via the Windows Help file to identify
                   IT




   details about networking protocols.
D. An RFC is a single document that details all the communications protocols and technologies
   used on the Internet.
          Be




E. An RFC is a single document that details all the communications protocols and technologies
   used on an Intranet.

Answer: B

Question: 30
In Windows 2000, there are four methods of implementing IPSec. They are:
1- Require Security
2 - Request Security
3 - Respond Only
4 - No IPSec Policy
Your network hosts many servers, and different security policies are in place in different locations
in the network. The Clients and Servers in your network are configured as follows:
-You have servers numbered 1-9, which have a policy stating they require no network traffic
security.
-You have servers numbered 10-19, which have a policy stating they are not required to be
secure, but will encrypt network traffic if the client is able to receive it.


Page 9 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574

-You have servers numbered 20-29, which have a policy stating they are required to be secure
and all network traffic they deliver must be secured.
-You have clients numbered 60-79 that are required to access secure servers 20-29.
-You have clients numbered 80-99 that are not required to access secure servers 20-29, but are
required to access servers 1-9 and 10-19.
Based on the Client and Server configuration provided above, which of the following computers
will implement IPSec method 2?

A. Computers numbered 1-9
B. Computers numbered 10-19
C. Computers numbered 20-29
D. Computers numbered 60-79
E. Computers numbered 80-99

Answer: B




                                                             om
Question: 31
You are setting the permissions on a new file in Linux. What will be the level of permission given
to the user if you assign an Octal value of 0?

A. rw-




                                                       .c
B. r--
C. r-x
D. ---
E. rwx
                                               d
                                            ie
Answer: D
                                      tif

Question: 32
                               er


You are configuring TCP Wrappers on your Linux system. What are the two configuration files
that are used by TCP Wrappers to provide control?
                          C



A. /etc/hosts.allow
B. /etc/hosts.deny
                   IT




C. /etc/tcpwrappers/inbound/conf.d
D. /etc/tcpwrappers/outbound/conf.d
E. /etc/hosts/allow
          Be




F. /etc/hosts/deny

Answer: A, B

Question: 33
When planning the contingency plan for your organization, what two general types of disasters
must you take into account?

A. Intentional
B. Natural
C. Unintentional
D. Man-made
E. Predictable

Answer: B, D

Question: 34
You are running a network that is all Linux computers. What is the built-in solution to managing

Page 10 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:       574

backups?

A. Tar
B. Backup
C. Gzip
D. ExecSuite
E. Back_Suite

Answer: A

Question: 35
You are creating the contingency plan, and are trying to take into consideration as many of the
Disasters as you can think of. Which of the following are examples of environmental disasters?

A. Hurricane
B. Terrorism




                                                             om
C. Tornado
D. Virus
E. Trojan Horse

Answer: A, C




                                                       .c
Question: 36
                                                d
You are creating the contingency plan, and are trying to take into consideration as many of the
Disasters as you can think of. Which of the following are examples of technological disasters?
                                             ie
A. Hurricane
                                       tif

B. Terrorism
C. Tornado
                               er


D. Virus
E. Trojan Horse
                          C



Answer: B, D, E
                   IT




Question: 37
In order to create the security policy in your company, you are going to perform a short, high-level
Risk analysis. What are two types of risk analysis that you could perform?
          Be




A. Qualitative
B. Technological
C. Environmental
D. Performance-based
E. Quantitative

Answer: A, E

Question: 38
When creating the contingency plan, what must be taken into consideration regarding the backup
ISP that is chosen?

A. That the backup ISP uses a different physical router than the primary ISP
B. That the backup ISP uses a unique range of IP Addresses that are not near the network
   addresses of the primary ISP
C. That the backup ISP is owed by a different company than the primary ISP
D. That the backup ISP connection point is a different physical connection than the primary ISP

Page 11 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:              SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:        574

E. That the backup ISP uses the same type of router that you have in your internal network

Answer: D

Question: 39
After you have created your contingency plan, it is critical that the plan be tested. What are the
Three general types of plan testing that you could use?

A. Backup Test
B. Recovery Test
C. Checklist Test
D. Walk-through Test
E. Full Interruption Test

Answer: C, D, E




                                                              om
Question: 40
To properly create the plan for the power supply of the organization, you must understand the
Primary disturbances that can happen to the electrical supply. Which of the following is when
there is a momentary increase in the electric supply?




                                                        .c
A. Spike
B. Surge
C. Sag
D. Brownout
                                                d
                                             ie
E. Fault
                                       tif

Answer: A
                                er


Question: 41
Your small office has three computers in a peer-to-peer network. You are creating the
contingency plan for the network. What is the appropriate level of backup power for this type of
                            C



network?
                   IT




A. Building Generator
B. Personal UPS
C. Alternative Fuel-Cell Technology
          Be




D. Server Rack UPS
E. Electrical Company

Answer: B

Question: 42
You are running a network that is all Windows 2000 computers. What is the built-in solution to
creating and restoring backups?

A. Tar
B. Backup
C. Gzip
D. ExecSuite
E. Back_Suite

Answer: B

Question: 43

Page 12 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:       574

During a one week investigation into the security of your network you work on identifying the
information that is leaked to the Internet, either directly or indirectly. One thing you decide to
evaluate is the information stored in the Whois lookup of your organizational website. Of the
following, what pieces of information can be identified via this method?

A. Registrar
B. Mailing Address
C. Contact Name
D. Record Update
E. Network Addresses (Private)

Answer: A, B, C, D

Question: 44
You are running a Linux machine as a dedicated file server for your network. You are trying to
Use Nmap to perform some security tests. On your Linux machine, in order to run TCP SYN




                                                             om
scans from a host using Nmap or NmapFE you must have which of the following?

A. telnet access
B. root privileges
C. access to tcpdump




                                                       .c
D. login access to a router
E. login access to the target

Answer: B
                                               d
                                            ie
Question: 45
                                      tif

Attackers have the ability to use programs that are able to reveal local passwords by placing
some kind of a pointer/cursor over the asterisks in a program's password field. The reason that
                                er


such tools can uncover passwords in some Operating Systems is because:

A. the passwords are simply masked with asterisks
                          C



B. the etc/passwd file is on a FAT32 partition
C. the passwords are decrypted on screen
                   IT




D. the password text is stored in ASCII format
E. the etc/passwd file is on a FAT16 partition
          Be




Answer: A

Question: 46
One of your users calls to state the their computer is acting unusual. You go to investigate and
find there is an unauthorized program installed on this computer. You examine the network and
find that this program has replicated itself to other machines in the network, without the input of
the user. What type of program is in the network?

A. The program is a Worm.
B. The program is a Virus.
C. The program is a Bug.
D. The program is a Trojan Horse.
E. The program is a Macro.

Answer: A

Question: 47
You are aware of the significance and security risk that Social Engineering plays. Of the following

Page 13 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                         Exam Code:             SC0-411
Doc Type:            Q & A with Explanations                     Total Questions:       574

Scenarios, select those that represent potentially dangerous Social Engineering:

A. An anonymous caller calls and wishes to speak with the receptionist. On the call the caller
   asks the receptionist the normal business hours that the organization is open to the public.
B. An email is received by the Senior Security Architect from a user who has lost the password
   to his user account, and is telling the Architect what the new password should be changed to.
C. An anonymous caller calls and wishes to speak with the purchaser of IT hardware and
   software. On the call the caller lists several new products that the purchaser may be
   interested in evaluating. The caller asks for a time to come and visit to demonstrate the new
   products.
D. At a very large Telco, a caller who identified herself as The Vice President of Sales and
   marketing claims to be on the road using a different laptop and cannot get into her email
   account. She requests the Help Desk employee who answered the phone to create a new
   email account for her to use on the road, and needs it active in five minutes.
E. An email is sent to the receptionist from an account representative of the company's ISP
   about an equipment change. The account representative asks the receptionist to forward the




                                                              om
   message on to the Security Professionals in the company.

Answer: B, D

Question: 48




                                                            .c
On Monday, during a routine check of a user's Windows workstation, you find the following
program, called regedit.bat on the user's local hard drive:
Net localgroup administrators local /all
Start regedit.exe
                                                 d
                                              ie
Exit
What is this program capable of doing on this computer?
                                        tif

A. Nothing, the first line is coded wrong.
                                 er


B. It will add the administrators to the local group
C. It will add the local user to all local groups
D. It will add the administrators to all local groups
                           C



E. It will add the local user to the administrators group
                    IT




Answer: E

Question: 49
          Be




Your network has been hit by a virus that is infecting the MBR on many of the systems in the
network. You are working to repair the damage this virus has done. After two days of non-stop
work on the problem, you get things under control. What type of virus was in your network?

A. Macro Virus
B. Scripting Virus
C. Boot Sector Virus
D. Multi-part Virus
E. File Infection Virus

Answer: C

Question: 50
Your network has been hit by a very bad virus recently. As you tracked the virus through the
network, it was changing from system, to system. Each time it went to infect a system; it had
evolved slightly to have a different file size, or different file structure. After extensive work, you
and your team were able to isolate and remove the virus from the network. Which of the following
best identifies the type of virus that was in your network?

Page 14 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                       Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                   Total Questions:       574



A. Boot Sector Virus
B. Macro Virus
C. Stealth Virus
D. Multi-part Virus
E. Polymorphic Virus

Answer: E

Question: 51
In the last few days, users have reported to you that they have each received two emails from an
unknown source with file attachments. Fortunately the users have listened to your training and no
one has run the attached program. You study the attachment on an isolated computer and find
that it is a program that is designed to execute a payload when the system clock registers 10:10
PM on February 29. Which of the following best identifies the type of program is the attachment?




                                                           om
A. Mail Bomb
B. Logic Bomb
C. Polymorphic Virus
D. Stealth Virus
E. Polymorphic Trojan




                                                     .c
Answer: B

Question: 52
                                              d
                                           ie
To maintain the security of your network you routinely run several checks of the network and
computers. Often you use the built-in tools, such as netstat. If you run the following command,
                                     tif

netstat –s which of the following will be the result?
                              er


A. Displays all connections and listening ports
B. Displays Ethernet statistics.
C. Displays addresses and port numbers in numerical form
                         C



D. Shows connections for the protocol specified
E. Displays per-protocol statistics
                  IT




Answer: E
          Be




Question: 53
To increase the security of your corporate website, you are running some basic checks on leaked
information. You view the source code for a web page and see the following:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="FrontPage 4.0">
<meta name="ProgId" content="Editor.Document">
<title>Security Certifications for the IT Pro</title>
<style type="text/css">
<!--
P, TD, LI, TH { font-size: 10pt; font-family: Arial, Verdana, Helvetica }
.eight { font-size: 8pt }
-->
</style>
</head>
From this code, which of the following would an attacker most likely assume is the operating
system that was used to create this web site?

Page 15 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574



A. OpenBSD
B. FreeBSD
C. Linux 5.0
D. Linux 6.0
E. Windows NT

Answer: E

Question: 54
You read on a security website that hackers are reading Newsgroup messages to try to identify
Potential targets and target details. You had previously not closed the port for the Newsgroup
service on your firewall. After you close that port, you do an Internet newsgroup search for your
domain name. You do find several messages from users in your organization. What type of
information may be found by examining these messages?




                                                             om
A. Email Address
B. Internal Server Names
C. Corporate Public IP Address
D. Client Newsreader Program
E. Client Email Program




                                                       .c
Answer: A, C, D

Question: 55
                                                d
                                             ie
You are aware of the significance and security risk that Social Engineering plays on your
company. Of the following Scenarios, select those that, just as described, represent potentially
                                      tif

dangerous Social Engineering:
                               er


A. A writer from a local college newspapers calls and speaks to a network administrator. On the
   call the writer requests an interview about the current trends in technology and offers to invite
   the administrator to speak at a seminar.
                          C



B. An anonymous caller calls and wishes to speak with the receptionist. On the call the caller
   asks the receptionist the normal business hours that the organization is open to the public.
                   IT




C. An anonymous caller calls and wishes to speak with the purchaser of IT hardware and
   software. On the call the caller lists several new products that the purchaser may be
   interested in evaluating. The caller asks for a time to come and visit to demonstrate the new
          Be




   products.
D. An email is received by the Help Desk asking to reset the password of the Vice President of
   Sales and Marketing.
E. An email is received by the Chief Security Officer (CSO) about a possible upgrade coming
   from the ISP to a different brand of router. The CSO is asked for the current network's
   configuration data and the emailer discusses the method, plan, and expected dates for the
   rollover to the new equipment.

Answer: D, E

Question: 56
In your network, you have built a single domain of only Windows NT 4.0 computers. There are 55
Workstation machines and 10 Servers. You are concerned about the security of your SAM files
on the Servers. NT Server is the only Operating System on the computers, and the hard drives
are all formatted with NTFS. Which of the following are issues you must be sure to address when
securing the SAM file?

A. You must be sure that no user while locally logged in to the Server can delete the SAM file.

Page 16 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574

B. You must be sure that no user while logged in to the Server remotely can delete the SAM file.
C. You must be sure that no user can boot to DOS and delete the SAM file from there.
D. You must be sure that no user can install a parallel Operating System and delete the SAM file
   from there.
E. You must be sure to encrypt the Operating System files using the built-in EFS, so that no
   user may delete the SAM file from anywhere.

Answer: C, D

Question: 57
To maintain the security of your network you routinely run several checks of the network and
computers. Often you use the built-in tools, such as netstat. If you run the following command:
netstat –e Which of the following will be the result?

A. Displays all connections and listening ports
B. Displays Ethernet statistics.




                                                            om
C. Displays addresses and port numbers in numerical form
D. Shows connections for the protocol specified
E. Displays per-protocol statistics

Answer: B




                                                      .c
Question: 58
                                               d
One of your users calls to state that their computer is acting unusual. You go to investigate and
find there is an unauthorized program installed on this computer. You examine the network and
                                            ie
find that this program is now on other machines in the network. It seems to be unable to move
through the network on its own, and is getting sent as an email attachment. What type of program
                                      tif

is in the network?
                               er


A. The program is a Worm.
B. The program is a Virus.
C. The program is a Port scanner.
                         C



D. The program is a Trojan Horse.
E. The program is a Macro.
                   IT




Answer: B
          Be




Question: 59
Often times attackers will run scans against the network to identify different network and
operating systems, and resources that are available. If an attacker runs scans on the network,
and you are logging the connections, which of the following represent the legitimate combination
of packets that will be sent between the attacker and target?

A. Attacker PSH-FIN Scan, Target RST-FIN Response
B. Attacker ACK Scan, Target NULL Response
C. Attacker NULL Scan, Target RST Response
D. Attacker SYN Scan, Target NULL Response
E. Attacker FIN Scan, Target RST Response

Answer: C, E

Question: 60
In order to obtain public IP addresses, Internet Service Providers (ISPs) contact their upstream
registry or their appropriate regional registry (an IANA subsidiary) at which of the following?


Page 17 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:       574

A. APNIC
B. ARIN
C. RIPE NCC
D. IETF
E. IESG

Answer: A, B, C

Question: 61
You are configuring a new IIS Web Server for your company. This particular machine will host
Internet Web sites. You will not be hosting any other type of data other than WWW, and there will
be no e-commerce sites run through this server. You are going to deploy a security template.
Which template is recommended for this situation?

A. Hisecws.inf
B. Hisecweb.inf




                                                              om
C. Hisecdc.inf
D. Securews.inf
E. Securedc.inf

Answer: B




                                                        .c
Question: 62
                                                 d
You are running a vulnerability analysis on your new Windows 2000 Web Server (IP Address
10.10.10.1/24), which you just installed and is running IIS. You are concerned about the "double-
                                              ie
dot" vulnerability. You issue the following request to the server:
http://10.10.10.1/scripts/../../winnt/system32/cnm.exe
                                       tif

and the request fails. Why did this request fail?
                                er


A. The IP address cannot be used for this request
B. The request needs at least 420 characters of buffer between the first "../" and the second "../"
C. Without at least one"%" sign in the URL request, this command cannot be completed on any
                          C



   web server.
D. The request was issued in the /scripts directory, when it should have been issued in the /cgi-
                   IT




   bin directory
E. The security checking in IIS is designed to specifically stop the use of the "../" in a URL request
    outside of the Inetpub folder.
          Be




Answer: E

Question: 63
You are running a vulnerability analysis on your new Windows 2000 Web Server (IP Address
10.10.10.1/24), which you just installed and is running IIS. You are concerned about the
"Unicode" vulnerability. You issue the following request to the server:
http://10.10.10.1/scripts/..%c0%af../winnt/system32/cnmd.exe
and the request succeeds in giving you a command prompt. Why did this request succeed?

A. Unicode characters are decoded after the IIS security check.
B. When using Unicode characters, all security checking in IIS is bypassed.
C. The Unicode characters were checked by the IIS security check then passed to the kernel
   subsystem for an additional security check, where the characters are not understood.
D. By using the above Unicode characters, the server 'thinks' that the administrator made the
   web request, and fulfills the request.
E. The Unicode characters split the request into two requests. One for the website, and the
   second called up the local cmd.exe window.

Page 18 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:              SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:        574



Answer: A

Question: 64
You are configuring the options of your newly installed Apache Web server, running on Red Hat
Linux. You wish to modify whether the server will run as standalone or as part of the inetd. Which
configuration option will you modify to make this change?

A. ServerType
B. ServerRoot
C. ResourceConfig / AccessConfig
D. User / Group
E. KeepAlive

Answer: A




                                                            om
Question: 65
Recently you found out that there has been a flood of bogus network traffic hitting your Email
server. Because of this flood, authorized users have not been able to consistently send or receive
email. What is happening to your Email server?




                                                      .c
A. A Denial of Service Attack
B. A Virus Attack
C. A Worm Attack
D. A Macro Attack
                                               d
                                            ie
E. A Trojan Attack
                                      tif

Answer: A
                                er


Question: 66
You are concerned that email messages sent to your Outlook clients could contain customized
and dangerous scripting. What can you do to minimize the threat that this specific type of email
                           C



presents?
                   IT




A. Install and Update Anti-Virus software
B. Update the Security Settings for the clients at the SMTP Server
C. Disable the Preview Pane
          Be




D. Be sure that all forms of scripting are disabled on all clients
E. Minimize the number of contacts allowed in an address book

Answer: C

Question: 67
What are the four Zones/Security Levels that are available in Internet Explorer 6.0?

A. Internet - Medium
B. Intranet - Medium-Low
C. Trusted - Low
D. Restricted - High
E. Paranoid - Highest

Answer: A, B, C, D

Question: 68
What is the function of the HFNetChk tool from Microsoft?

Page 19 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                           Exam Code:         SC0-411
Doc Type:          Q & A with Explanations                       Total Questions:   574



A. To check for the current Hotfixes that are available from Microsoft
B. It is an upgrade to the Windows Update tool for checking on all updates
C. It is the tool that must be run prior to installing IIS 5.0
D. It is the tool that checks the network configuration of all web servers
E. To record what Hotfixes and service packs are running on the Windows machine

Answer: E

Question: 69
You are going to secure your web server with a security template. What template is
recommended by Microsoft to secure an IIS 5.0 server?

A. HISECWEB.inf
B. NIST2kws.inf
C. BASICWK.inf




                                                            om
D. HISECDC.inf
E. HISECWS.inf

Answer: A




                                                      .c
Question: 70
One of the major benefits to the design of the Internet is the redundancy that is built-in. To
                                               d
provide a measure of fault tolerance for DNS on the Internet, the designers of the Domain Name
System distributed the root servers in various countries around the world. If an attacker were to
                                            ie
attempt to disable DNS, they would have to gain administrative access on all the root servers.
How many DNS servers would have to be compromised to have complete control of the Internet
                                      tif

DNS?
                               er


A. 4
B. 8
C. 10
                         C



D. 12
E. 13
                  IT




Answer: E
         Be




Question: 71
Most companies that do business via the Web offer a shopping cart so you can specify all the
items you want before placing the order. Poor shopping cart design, however, can allow a
different kind of hack. Take a look at the HTML code sample presented here and determine the
line that presents the vulnerability:
<FORM ACTION="http://10.0.10.236/cgi-bin/orders.pl" method="post">
<input type=hidden name="price" value="39.95">
<input type=hidden name="item_no" value="WIDGET9">
QUANTITY: <input type=text name="quantity" size=2 maxlength=2 value=1>
</FORM>

A. The line specifying the Perl script orders.pl
B. The line specifying input type for price
C. The line specifying input type for item number
D. The line specifying input type for quantity
E. The line specifying input type for item number and quantity

Answer: B

Page 20 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                       Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                   Total Questions:       574



Question: 72
You have been hired to work in the security division of a global Tier One ISP. You have been
given a staff of 25 people all new to network security. You wish to bring them all up to speed on
the components of the Internet and how they interact. Which one of the following is not a major
component of the Internet?

A. The Backbone
B. NAPs (Network Access Points)
C. ISPs (Internet Service Providers)
D. NICs (Network Information Centers)
E. DNS (Domain Name Service)

Answer: D

Question: 73




                                                           om
You are discussing the design and infrastructure of the Internet with several colleagues when a
disagreement begins over the actual function of the Tier System in the Internet's design. What is
the function of the Tier System in the physical structure of the Internet?

A. The Tier System provides the physical network with communication channels for the Internet




                                                     .c
   and voice/data applications.
B. The Tier System provides a national interconnection of systems, called peering centers, to
   the NAPs.                                  d
C. The Tier System provides for a layered/hierarchical connection system of ISPs connecting to
                                           ie
   the backbone.
D. The Tier System provides for a connection point between an ISP and the backbone of the
                                     tif

   Internet.
E. The Tier System provides the actual connection point between a local user and the Internet.
                              er


Answer: C
                         C



Question: 74
After a year as a senior network administrator, you have been promoted to work in the security
                  IT




department of a large global Tier One ISP. You are to spend one month in training on security
issues, concepts, and procedures. The third day in your new position, the ISP is hit with a DDoS
attack from over 100,000 computers on the Internet. While the department works to manage the
          Be




attack, you monitor the impact on the network. What is the impact to the ISP when hit with a
DDoS such as this?

A. The attack compromises internal IP addresses of clients.
B. The attack denies legitimate users the ability to access legitimate resources.
C. The attack compromises internal email addresses of clients in the network.
D. The attack creates a loop of data, where requests for resources are routed to a different
   location.
E. The attack will cause (due to the large number of computers involved) the IDS to crash and
   no longer log network activity.

Answer: B

Question: 75
During a routine security inspection of the clients in your network, you find a program called
cgiscan.c on one of the computers. You investigate the file, reading part of the contents. Using
the portion of the program shown below, identify the function of the program.
Temp[1] = "GET /cgi-bin/phf HTTP/1.0\n\n";

Page 21 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:              SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:        574

Temp[2] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n";
Temp[3] = "GET /cgi-bin/test-cgi HTTP/1.0\n\n";
Temp[4] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n";
Temp[5] = "GET /cgi-bin/handler HTTP/1.0\n\n";
Temp[6] = "GET /cgi-bin/webgais HTTP/1.0\n\n";
Temp[7] = "GET /cgi-bin/websendmail HTTP/1.0\n\n";

A. The program is designed to launch the user's email program.
B. The program is designed to manage the counters on a target web server.
C. The program is simply old temp files, and nothing of interest.
D. The program is designed to test the functionality of the cgi email scripts that are installed on
   the server.
E. The program is a vulnerability scanner

Answer: E




                                                               om
Question: 76
You are monitoring the DNS traffic on your network to see what kind of zone transfer data is
currently being exchanged. You wish to monitor the incremental zone transfers. You run a packet
capture to gather network traffic for this project. Which kind of transfer traffic are you looking for?




                                                         .c
A. HOST
B. MX
C. CNAME
D. IXFR
                                                 d
                                              ie
E. PTR
                                        tif

Answer: D
                                er


Question: 77
You work for a medium sized ISP and there have been several attacks of the DNS configuration
recently. You are particularly concerned with DNS Spoofing attacks. You have a few older
                           C



machines that define the storage of Resource Records (RR) based on the TTL of name mapping
information. If an attacker sends fake mapping information to the DNS Server, with a high TTL,
                   IT




which type of DNS Spoofing is this?

A. DNS Server Compromise
         Be




B. DNS Cache Poisoning
C. Spoofing the DNS Response
D. DNS Source-Router Spoof
E. IXFR Source-Spoof

Answer: B

Question: 78
Your new Cisco router has many different modes of authentication. What are the two main
categories of authentication to the Cisco router?

A. Kerberos
B. The AAA Method
C. RADIUS
D. The Non-AAA Method
E. TACACS

Answer: B, D

Page 22 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:      574



Question: 79
You are configuring the Access Lists for your new Cisco Router. The following are the commands
that are entered into the router for the list configuration.
Router(config)#access-list 131 deny tcp 10.10.0.0 0.0.255.255 0.0.0.0 255.255.255.255 eq 23
Router(config)#access-list 131 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
Router(config)#interface Serial 0
Router(config-if)#ip access-group 131 out
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




                                                             om
                                                  d   .c
                                               ie
                                        tif
                                 er
                           C
                    IT
          Be




A. Block all FTP Data traffic to the Internet
B. Block all FTP Control traffic to the Internet
C. Block all SMTP traffic to the Internet
D. Permit all non-Telnet traffic to the Internet
E. Block all Telnet traffic to the Internet

Answer: D, E

Question: 80
You are configuring the Access Lists for your new Cisco Router. The following are the commands
That are entered into the router for the list configuration.
Router(config)#access-list 171 permit tcp 10.10.0.0 0.0.255.255 any eq 80
Router(config)#access-list 171 deny tcp 0.0.0.0 255.255.255.255 10.10.0.0 0.0.255.255 eq 80
Router(config)#access-list 171 deny tcp any any eq 23
Router(config)#access-list 171 permit tcp 10.10.0.0 0.0.255.255 any eq 20
Router(config)# access-list 171 permit tcp 10.10.0.0 0.0.255.255 any eq 21
Based on this configuration, and using the exhibit, select the answers that identify how the router
will deal with network traffic.

Page 23 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574



A. Permit WWW traffic to the Internet
B. Deny WWW traffic to the internal networks
C. Deny all Telnet traffic
D. Permit FTP traffic to the Internet
E. Permit FTP traffic to the internal networks




                                                            om
                                               d      .c
                                            ie
                                      tif
                               er
                          C



Answer: A, D, E
                   IT




Question: 81
You are configuring the Access Lists for your new Cisco Router. The following are the commands
         Be




That are entered into the router for the list configuration.
Router(config)#access-list 13 deny 10.10.10.0 0.0.0.255
Router(config)#access-list 13 permit 10.10.11.0 0.0.0.255
Router(config)#access-list 15 deny 10.10.12.0 0.0.0.255
Router(config)#access-list 15 permit 10.10.11.0 0.0.0.255
Router(config)#interface Ethernet 0
Router(config-if)#ip access-group 15 out
Router(config-if)#interface Ethernet 2
Router(config-if)#ip access-group 15 out
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




Page 24 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574




                                                             om
                                               d      .c
                                            ie
                                      tif
A. Deny network 10.10.10.0 from accessing network 10.10.11.0
B. Deny network 10.10.12.0 from accessing network 10.10.10.0
                               er


C. Permit network 10.10.10.0 access to all other networks
D. Deny network 10.10.12.0 from accessing network 10.10.11.0
E. Permit network 10.10.11.0 access to all other networks
                         C



Answer: B, E
                   IT




Question: 82
When you took over the security responsibilities at your office, you noticed there were no warning
          Be




banners on any of the equipment. You have decided to create a warning login banner on your
Cisco router. Which of the following shows the correct syntax for the banner creation?

A. banner login C Restricted access. Only authorized users allowed to access this device. C
B. login banner C Restricted access. Only authorized users allowed to access this device. C
C. banner login Restricted access. Only authorized users allowed to access this device.
D. login banner Restricted access. Only authorized users allowed to access this device.
E. banner logging C Restricted access. Only authorized users allowed to access this device. C

Answer: A

Question: 83
You have been given the task of router configuration and security in your network. One of the first
things you wish to do is to modify the Terminal password. Which of the following shows the
correct syntax for all the Terminal sessions?

A. line vty 0
   login

Page 25 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574

   password s3cr3+
B. line vty 4
   login
   password s3cr3+
C. line vty-0 4
   passwd s3cr3+
D. line vty 0 4
   login
   password s3cr3+
E. line vty 0 4
   password
   login s3cr3+

Answer: D

Question: 84




                                                             om
You are configuring your new Cisco router. During your configuration you wish to eliminate any
security risks you can, as based on your organizational security policy. The policy states that the
Cisco Discovery Protocol is not to be used on any interface on any of the routers. What is the
command to turn off CDP for the entire router?




                                                      .c
A. no cdp broadcast
B. cdp disable
C. no cdp enable
D. no cdp run
                                               d
                                            ie
E. no cdp neighbors
                                      tif

Answer: D
                               er


Question: 85
You are configuring your new Cisco router. During your configuration you wish to eliminate any
Security risks you can, as based on your organizational security policy. The policy states that the
                         C



Cisco Discovery Protocol is not to be used on any interface that is connected to the Internet.
What is the command to turn off CDP for a specific router interface?
                   IT




A. no cdp broadcast
B. cdp enable
         Be




C. no cdp enable
D. no cdp run
E. no cdp neighbors

Answer: C

Question: 86
You are concerned about attacks against your network, and have decided to implement some
defensive measure on your routers. If you have 3 interfaces, S1, S0, and E0, and you implement
the following configuration, what attack will you be defending against?
Router#config terminal
Router(config)# Interface Ethernet 0
Router(config-if)#no ip directed broadcast
Router(config-if)#Interface Serial 0
Router(config-if)#no ip directed broadcast
Router(config-if)#Interface Serial 1
Router(config-if)#no ip directed broadcast
Router(config)#Z

Page 26 of 166
Exam Name:        Hardening the Infrastructure
Exam Type:        SCP                                     Exam Code:          SC0-411
Doc Type:         Q & A with Explanations                 Total Questions:    574

Router#

A. Smurf
B. BO2K
C. SubSeven
D. Any Trojan
E. Any Worm

Answer: A

Question: 87
You have decided to implement SSH for communicating to your router. What does SSH use to
establish a secure channel of communication?

A. RSA Public Key Cryptography
B. DES Public Key Cryptography




                                                        om
C. MD5 Private Key Cryptography
D. MD5 Public Key Cryptography
E. RSA Private Key Cryptography

Answer: A




                                                  .c
Question: 88
                                             d
The exhibit represents a simple routed network. Node 7 is a Windows NT 4.0 Workstation that
establishes a TCP communication with Node 10, a Windows 2000 Professional host. The routers
                                          ie
are Cisco 2500 series running IOS 11.2. While working at Node 10, you run a packet capture.
Packets received by Node 10, and sent from Node 7 will reveal which of the following
                                    tif

combination of source IP and source Physical addresses:
                             er
                        C
                 IT
          Be




Page 27 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                       Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                   Total Questions:      574




                                                           om
                                                 d   .c
                                              ie
                                      tif
                               er


A. Source IP address 10.0.10.115, Source Physical address for Node 7
B. Source IP address 50.0.50.1, Source Physical address for Node 7
C. Source IP address for Router D's Int E0, Source Physical address for Node 7
                         C



D. Source IP address 10.0.10.115, Source Physical address Router D's Int E0
E. Source IP addresses for both Nodes 7 and Router D's Int E0, Source Physical address for
                  IT




   both Nodes 7 and Router D's Int E0.

Answer: D
         Be




Question: 89
In order to add to your layered defense, you wish to implement some security configurations on
Your router. If you wish to have the router work on blocking TCP SYN attacks, what do you add to
the end of an ACL statement?

A. The IP addresses for allowed networks
B. The port range of allowed applications
C. The word Established
D. The word Log
E. The string: no service udp-small-servers

Answer: C

Question: 90
You are building custom ACLs on your routers to prevent known attacks from being successful
against your network. If you have configured and implemented the following statements, what two
attacks are you working towards preventing?

Page 28 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                     Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                 Total Questions:      574

Router(config)#access-list 160 deny tcp any any eq 27665
Router(config)#access-list 160 deny udp any any eq 31335
Router(config)#access-list 160 deny udp any any eq 27444
Router(config)#access-list 160 deny tcp any any eq 6776
Router(config)#access-list 160 deny tcp any any eq 6669
Router(config)#access-list 160 deny tcp any any eq 2222
Router(config)#access-list 160 deny tcp any any eq 7000

A. A SYN Attack
B. A Land Attack
C. TRIN00 DDoS Attack
D. SubSeven DDoS Attack
E. A Spoofing Attack

Answer: C, D




                                                           om
Question: 91
If you configure an access-list to block the following networks, what are you trying to protect
against?
Network 127.0.0.0/8, Network 0.0.0.0\0, Network 10.0.0.0\8, Network 172.16.0.0\16, and Network
192.168.0.0\16.




                                                    .c
A. You are trying to protect against hijacking
B. You are trying to protect against spoofing
C. You are trying to protect against sniffing
                                                d
                                             ie
D. You are trying to protect against splicing
E. You are trying to protect against capturing
                                       tif

Answer: B
                                er


Question: 92
You are going to enable a new Auditing and Logging system in your network. What are the
                          C



methods of Logging on a Cisco router?
                   IT




A. Console Logging
B. Terminal Logging
C. Buffered Logging
         Be




D. SMTP Logging
E. Syslog Logging

Answer: A, B, C, E

Question: 93
During your review of the logs of your Cisco router, you see the following line. What is the
meaning of this line?
%SYS-5-CONFIG_I: Configured from console by vty1 (172.16.10.1)

A. A normal, but noteworthy event
B. An informative message
C. A warning condition has occurred
D. A debugging message
E. An error condition has occurred

Answer: A


Page 29 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                          Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                      Total Questions:      574

Question: 94
You are configuring a Cisco Router, and are creating Access Control Lists as part of the security
of the network. When creating Wildcard Masks, which of the following rules apply?

A. If the wildcard mask bit is a 1, then do not check the corresponding bit of the IP address for a
   match.
B. If the wildcard mask bit is a 0, then do not check the corresponding bit of the IP address for a
   match.
C. If the wildcard mask bit is a 1, then do check the corresponding bit of the IP address for a
   match.
D. If the wildcard mask bit is a 0, then do check the corresponding bit of the IP address for a
   match.
E. To create a Wildcard Mask, always take the inverse of the Subnet Mask.

Answer: A, D




                                                                om
Question: 95
What is the function of the following configuration fragment?
Router#configure terminal
Router(config)#line vty 0 4
Router(config-line)#transport input ssh telnet




                                                       .c
Router(config-line)#Z
Router#
                                                d
A. The router will attempt to use SSH first, then use Telnet
                                             ie
B. The router will attempt to use Telnet first, then use SSH
C. The router will accept only SSH on VTY 0 4
                                      tif

D. The router will accept both Telnet and SSH connections
E. The router will accept only Telnet on VTY 0 4
                               er


Answer: D
                          C



Question: 96
You are going to migrate the Cisco routers in your network from RIPv1 to RIPv2. What is a
                   IT




security advantage that RIPv2 provides over RIPv1?

A. RIPv2 encrypts all of the router updates
         Be




B. RIPv2 encrypts all the payloads in router updates
C. RIPv2 provides for authentication using Smart Cards and Kerberos
D. RIPv2 provides for authentication using NTLMv2
E. RIPv2 allows for authentication of updates

Answer: E

Question: 97
The exhibit shows a router with three interfaces E0, E1 and S0. Interfaces E0 and E1 are
connected to internal networks 192.168.10.0 and 192.168.20.0 respectively and interface S0 is
connected to the Internet. The objective is to allow only network 192.168.20.0 to access e-
commerce Web sites on the Internet, while allowing all internal hosts to access resources within
the internal network. From the following, select all the access list statements that are required to
make this possible.




Page 30 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574




                                                            om
                                              d       .c
                                           ie
A. access-list 113 permit tcp 192.168.20.0 0.0.0.255 any eq 80
                                     tif
B. access-list 113 permit tcp 192.168.20.0 0.0.0.255 any eq 53
C. access-list 113 permit tcp 192.168.20.0 0.0.0.255 any eq 443
D. access-list 113 permit tcp 192.168.20.0 0.0.0.255 any lt 1023
                               er


E. int S0, ip access-group 113 in
F. int E1, ip access-group 113 in
                         C



G. int S0, ip access-group 113 out
                  IT




Answer: A, B, C, G

Question: 98
          Be




You are verifying the configuration of your Cisco routers, which run IOS version 11.2. You notice
There are several statically configured routes. There are two Serial interfaces, one on network
10.0.10.0/24, and one on network 10.0.11.0/24. There is one Ethernet interface on network
172.168.0.0/16. What will the Administrative Distance be for the directly connected networks?

A. 0
B. 1
C. 90
D. 100
E. 110

Answer: A

Question: 99
The exhibit shows a router with three interfaces E0, E1 and S0. Interfaces E0 and E1 are
connected to internal networks 192.168.10.0 and 192.168.20.0 respectively and interface S0 is
connected to the Internet. The objective is to allow host 192.168.10.7 access to the Internet via
ftp and deny access to the Internet to everyone else while allowing them to access resources


Page 31 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                          Exam Code:          SC0-411
Doc Type:          Q & A with Explanations                      Total Questions:    574

amongst themselves. From the following, select all the access list statements that are required to
make this possible.




                                                            om
                                               d      .c
                                            ie
                                      tif

A. access-list 153 permit tcp 192.168.10.7 0.0.0.0 any eq ftp
B. access-list 21 permit tcp 192.168.10.7 0.0.0.0 any eq ftp
                               er


C. access-list 21 deny 0.0.0.0 255.255.255.255
D. int S0, ip access-group 21 out
                         C



E. int S0, ip access-group 153 out
F. int E1, ip access-group 153 in
                   IT




Answer: A, E
         Be




Question: 100
In order to properly manage the network traffic in your organization, you need a complete
understanding of protocols and networking models. In regards to the 7-layer OSI model, what is
the function of the Session Layer?

A. The Session layer allows two applications on different computers to establish, use, and end a
    session. This layer establishes dialog control between the two computers in a session,
    regulating which side transmits, plus when and how long it transmits.
B. The Session layer manages logical addresses. It also determines the route from the source to
    the destination computer and manages traffic problems, such as routing, and controlling the
    congestion of data packets.
C. The Session layer packages raw bits from the Physical (Layer 1) layer into frames (structured
   packets for data). Physical addressing (as opposed to network or logical addressing) defines
   how devices are addressed at the data link layer. This layer is responsible for transferring
   frames from one computer to another, without errors. After sending a frame, it waits for an
  acknowledgment from the receiving computer.
D. The Session layer transmits bits from one computer to another and regulates the transmission
   of a stream of bits over a physical medium. For example, this layer defines how the cable is


Page 32 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574

   attached to the network adapter and what transmission technique is used to send data over the
   cable.
E. The Session layer handles error recognition and recovery. It also repackages long messages,
   when necessary, into small packets for transmission and, at the receiving end, rebuilds packets
   into the original message. The corresponding Session layer at the receiving end also sends
   receipt acknowledgments.

Answer: A

Question: 101
The following exhibit is a screen shot of a capture using Network Monitor on Windows 2000
Server Sp2. Examine the details as shown for a frame and identify which of the statements that
follow best describes it.




                                                            om
                                               d      .c
                                            ie
                                      tif

A. This frame represents an ICMP echo message between the two hosts
                               er


B. This frame represents an IP broadcast trying to resolve the target IP address to its MAC
   address
C. This frame represents an Ethernet broadcast trying to resolve the target IP address to its
                          C



   MAC address
D. This frame represents a reply from the target machine with the appropriate resolution
                  IT




E. This frame represents the first fragment of the three-way handshake.

Answer: C
          Be




Question: 102
Network Monitor was run on the Windows 2000 Server during a network session. The exhibit
shows the actual contents of the Network Monitor capture file. The Hexadecimal value for the IP
protocol and source ports have been circled in the exhibit. The contents of what combination of IP
Protocol and Application Layer Protocol have been captured here?




A. TCP & TFTP (Control)
B. UDP & FTP (Control)
C. UDP & TFTP (Control)
D. TCP & FTP (Data)
E. UDP & FTP (Data)


Page 33 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                       Exam Code:             SC0-411
Doc Type:            Q & A with Explanations                   Total Questions:       574



Answer: D

Question: 103
During your packet capture of traffic to check if your network is getting hit by a Denial of Service
attack, you analyze TCP headers. You notice there are many headers that seem to have the
same SEQ number, with the responding computer using different SEQ and ACK numbers in
response. If you are analyzing a normal three-way handshake between two Windows 2000
nodes, and the first packet has a SEQ of 0xBD90FBFF, what will the responding computer use as
an ACK?

A. 0xBD90FBFE
B. 0xBD90FB00
C. 1xBD90FBFE
D. 0xBD90FC00
E. 1xBD90FC00




                                                             om
Answer: D

Question: 104
One of the firewalls in your organization has been moved and requires a new configuration. While




                                                       .c
You work on the new configuration, you remember that there is an application that has been
developed in-house that uses Multicast addressing. You tell your assistant this, and are asked
                                                d
what Multicast is. Which of the following best describes Multicast?
                                             ie
A. Multicast is the term used to describe communication where a piece of information is sent
   from one or more points to a set of other points.
                                       tif

B. Multicast is the term used to describe communication where a piece of information is sent
   from many points to one single point.
                                er


C. Multicast is the term used to describe communication where a piece of information is sent
   from one point to all other points.
D. Multicast is the term used to describe communication where several pieces of information are
                           C



   sent from one or more points to all other points.
E. Multicast is the term used to describe communication where a piece of information is sent
                     IT




   from one point to another point.

Answer: A
         Be




Question: 105
You are using Network Monitor in Windows 2000 to perform packet captures. What are the three
Panes that present the details of a packet, once you have viewed the summary of all the packets
captured?

A. Summary Pane
B. Packet Pane
C. Collection Pane
D. Detail Pane
E. Hex Pane

Answer: A, D, E

Question: 106
If you are looking for plain-text ASCII characters in the payload of a packet you capture using
Network Monitor, which Pane will provide you this information?


Page 34 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                     Exam Code:             SC0-411
Doc Type:            Q & A with Explanations                 Total Questions:       574

A. Summary Pane
B. Packet Pane
C. Collection Pane
D. Hex Pane
E. Detail Pane

Answer: D

Question: 107
Your network is a mixed environment of Windows, Linux, UNIX, and Novell computers. The
routers are primarily Cisco and the network uses a T-1 to connect to the Internet. You are
experimenting with setting up a mail server in a production environment for internal use only. So
you configure SMTP on a server. You do not want this mail server to receive any requests from
anywhere but the internal network. Therefore you have decided to block incoming SMTP traffic at
the Firewall. Which port will you block at the Firewall?




                                                           om
A. 23
B. 25
C. 53
D. 80
E. 110




                                                     .c
Answer: B

Question: 108
                                                d
                                             ie
You are training some network administrators to analyze log files. Some of the logs present IP
Addresses in binary. You explain the usefulness of reading addresses in multiple formats. You
                                       tif

demonstrate several conversions between decimal and binary. What is the decimal equivalent of
the following binary IP address:
                                er


11001111.10001010.01101101.01110001

A. 197.138.119.113
                           C



B. 217.126.109.213
C. 217.138.119.113
                     IT




D. 197.136.119.117
E. 207.138.109.113
          Be




Answer: E

Question: 109
You are training some network administrators to analyze log files. Some of the logs present IP
addresses in binary. You explain the usefulness of reading addresses in multiple formats. You
demonstrate several conversions between decimal and binary. What is the binary equivalent of
the following IP address:
13.10.191.1

A. 00011001.00001010.10111111.00000001
B. 00001101.00011010.10111111.00000001
C. 00001101.00001010.10111111.00000001
D. 01011001.00001010.00001010.00000001
E. 00001101.00001010.11110111.00000001

Answer: C

Question: 110

Page 35 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:         SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:   574

You are configuring the IP addressing for your network. One of the subnets has been defined with
addresses already. You run ifconfig on a host and determine that it has an address of
172.18.32.54 with a mask of 255.255.254.0. What is the network ID to which this host belongs?

A. 172.18.0.0
B. 0.0.32.0
C. 172.0.0.0
D. 172.18.32.32
E. 172.18.32.0

Answer: E

Question: 111
In order to properly manage the network traffic in your organization, you need a complete
understanding of protocols and networking models. In regards to the 7-layer OSI model, what is
the function of the Network Layer?




                                                                om
A. The Network layer allows two applications on different computers to establish, use, and end a
   session. This layer establishes dialog control between the two computers in a session,
   regulating which side transmits, plus when and how long it transmits.
B. The Network layer manages logical addresses. It also determines the route from the source




                                                          .c
   to the destination computer and manages traffic problems, such as routing, and controlling
   the congestion of data packets.
                                                  d
C. The Network layer packages raw bits from the Physical (Layer 1) layer into frames (structured
   packets for data). Physical addressing (as opposed to network or logical addressing) defines
                                               ie
   how devices are addressed at the data link layer. This layer is responsible for transferring
   frames from one computer to another, without errors. After sending a frame, it waits for an
                                        tif

   acknowledgment from the receiving computer.
D. The Network layer transmits bits from one computer to another and regulates the
                                 er


   transmission of a stream of bits over a physical medium. For example, this layer defines how
   the cable is attached to the network adapter and what transmission technique is used to send
   data over the cable.
                           C



E. The Network layer handles error recognition and recovery. It also repackages long
   messages, when necessary, into small packets for transmission and, at the receiving end,
                    IT




   rebuilds packets into the original message. The corresponding Network layer at the receiving
   end also sends receipt acknowledgments.
          Be




Answer: B

Question: 112
You are configuring the IP addressing for your network. One of the subnets has been defined with
addresses already. You run ifconfig on a host and determine that it has an address of
10.12.32.18/14. What is the broadcast address for this network?

A. 0.0.0.0
B. 10.255.255.255
C. 10.12.0.0
D. 10.12.255.255
E. 10.15.255.255

Answer: E

Question: 113
In an IP Header, what is the function of the first four bits?


Page 36 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574

A. To define the type
B. To define the source port number
C. To define the destination port number
D. To define the IP Version
E. To define the upper layer protocol

Answer: D

Question: 114
You are monitoring the network traffic on your Frame-Relay Internet connection. You notice a
large amount of unauthorized traffic on port 21. You examine the packets, and notice there are no
files being transferred. Traffic on what other port must be examined to view any file contents?

A. 20
B. 119
C. 23




                                                             om
D. 80
E. 2021

Answer: A




                                                       .c
Question: 115
According to Internet Assigned Numbers Authority, port numbers are divided into three ranges -
                                                d
The Well-Known Ports, the Registered Ports and the Dynamic and/or Private Ports. The Dynamic
ports range from:
                                             ie
A. 0-255
                                      tif

B. 0-1023
C. 1-1024
                               er


D. 1024-49151
E. 49152-65535
                          C



Answer: E
                   IT




Question: 116
You are training some network administrators to analyze log files. Some of the logs present IP
addresses in binary. You explain the usefulness of reading addresses in multiple formats. You
          Be




demonstrate several conversions between decimal and binary. What is the decimal equivalent of
the following binary IP address:
11011001.10001010.01110111.01110001

A. 207.138.117.103
B. 207.138.119.113
C. 217.138.119.113
D. 217.148.119.113
E. 207.148.119.113

Answer: C

Question: 117
In your organization a decision has been made to implement a multicasting application. You are
configuring your firewall to allow this application to flow through in both directions. What address
range are you going to address on the firewall?

A. 10.0.0.0/8

Page 37 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574

B. 172.16.0.0/12
C. Multicast addresses use APIPA's 169.254.0.0/16
D. 224.0.0.0/4
E. Addresses are negotiated at the time of the multicast. The nearest router assigns a public IP
   address assigned by ARIN.

Answer: D

Question: 118
As per the specifications of RFC 1191: Path MTU Discovery, MTUs have been defined so that
transmitted datagrams will not unnecessarily become fragmented when traveling across different
types of physical media. You are going to run several packet captures to be sure there are no out
of spec packets on your network. According to these specifications what are the absolute
minimum and maximum MTUs?

A. 1492 Bytes and 1500 Bytes respectively




                                                            om
B. 68 Bytes and 65535 Bytes respectively
C. 512 Bytes and 1500 Bytes respectively
D. 512 bits and 1500 bits respectively
E. 512 bits per second and 1500 bits per second respectively




                                                      .c
Answer: B

Question: 119                                  d
In your network, you manage a mixed environment of Windows, Linux, and UNIX computers. The
                                            ie
clients run Windows 2000 Professional and Windows NT 4.0 Workstation, while the Servers are
UNIX and Linux based with custom applications. During routine administration you successfully
                                      tif

ping several nodes in the network. During this you are running a packet capture for further
analysis. When examining one of the frames you notice that the Ethernet address for the source
                               er


is 1ED0.097E.E5E9 and that for the destination is 1ED0.096F.5B13. From this information you
gather that:
                         C



A. They are in different networks
B. The destination address is in the 1ED0 subnet
                   IT




C. The network cards are by the same manufacturer
D. The destination address is in the 1ED0.09AA subnet
E. The source and destination share the same MAC subnet
         Be




Answer: C

Question: 120
You have used a diagnostic utility to run a trace between two nodes on your network. During the
trace, you are running a packet capture utility and notice the TTL is reaching zero on the trace.
What will the router that identified the TTL as zero return to the host that originated the trace
command?

A. An ICMP Source Route Invalid (SRI) message
B. An ICMP Destination Route Invalid (DRI) message
C. An ICMP Resend packet message
D. An IP Source Route Invalid (SRI) message
E. An ICMP Time Exceeded message.

Answer: E

Question: 121

Page 38 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:           SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:     574

In order to properly manage the network traffic in your organization, you need a complete
understanding of protocols and networking models. In regards to the 7-layer OSI model, what is
the function of the Transport Layer?

A. The Transport layer allows two applications on different computers to establish, use, and end a
   session. This layer establishes dialog control between the two computers in a session,
   regulating which side transmits, plus when and how long it transmits.
B. The Transport layer manages logical addresses. It also determines the route from the source
   to the destination computer and manages traffic problems, such as routing, and controlling the
   congestion of data packets.
C. The Transport layer packages raw bits from the Physical (Layer 1) layer into frames
   (structured packets for data). Physical addressing (as opposed to network or logical
   addressing) defines how devices are addressed at the data link layer. This layer is responsible
   for transferring frames from one computer to another, without errors. After sending a frame, it
   waits for an acknowledgment from the receiving computer.
D. The Transport layer transmits bits from one computer to another and regulates the




                                                             om
   transmission of a stream of bits over a physical medium. For example, this layer defines how
   the cable is attached to the network adapter and what transmission technique is used to send
   data over the cable.
E. The Transport layer handles error recognition and recovery. It also repackages long
   messages, when necessary, into small packets for transmission and, at the receiving end,




                                                       .c
   rebuilds packets into the original message. The corresponding Transport layer at the receiving
   end also sends receipt acknowledgments.

Answer: E
                                                d
                                             ie
Question: 122
                                       tif

Recently you feel your network has been attacked by people sending out of spec packets to your
firewall in order to get past the firewall rules. You have decided that you will capture all the
                                er


packets on the firewall segment with network monitor to analyze the TCP headers for proper use.
If you capture a packet that is the first part of a legitimate three way handshake between two
Windows 2000 professional computers, what will the SEQ and ACK values be for the initializing
                          C



packet?
                   IT




A. SEQ 0xF8ADCCEC, ACK 0x0
B. SEQ 0x0, ACK 1x0
C. SEQ 0x0, ACK 0xF8ADCCEC
         Be




D. SEQ 0xF8ADCCEB, ACK 0x1
E. SEQ 0x0, ACK 0x1

Answer: A

Question: 123
In an ICMP Message, what is the function of the first eight bits?

A. To define the source port number
B. To define the type
C. To define the destination port number
D. To define the IP Version
E. To define the upper layer protocol

Answer: B

Question: 124


Page 39 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                     Exam Code:             SC0-411
Doc Type:            Q & A with Explanations                 Total Questions:       574

You are introducing a co-worker to the security systems in place in your organization. During the
discussion you begin talking about the network, and how it is implemented. You decide to run a
packet capture to identify different aspects of network traffic for your co-worker. In the packet
capture you are able to identify Protocol IDs. What is the IP protocol ID for ICMP?

A. Protocol ID 217
B. Protocol ID 44
C. Protocol ID 1
D. Protocol ID 17
E. Protocol ID 4

Answer: C

Question: 125
According to Internet Assigned Numbers Authority, port numbers are divided into three ranges -
the Well-Known Ports, the Registered Ports and the Dynamic and/or Private Ports. The




                                                           om
Registered ports range from:

A. 0-255
B. 0-1023
C. 1-1024




                                                     .c
D. 1024-49151
E. 1024-4999

Answer: D
                                                d
                                             ie
Question: 126
                                       tif

You are configuring the IP addressing for your network. One of the subnets has been defined with
addresses already. You run ifconfig on a host and determine that it has an address of
                                er


10.12.32.18/28. What is the network ID to which this host belongs?

A. 10.0.0.0
                           C



B. 0.0.32.0
C. 10.12.0.0
                     IT




D. 10.12.32.0
E. 10.12.32.16
         Be




Answer: E

Question: 127
The three-way handshake utilizes three steps, identified as: Step 1, 2 and 3, that take place
between a client and a server in order to establish a TCP connection. In Step 2 of the three-way
handshake, the Server is said to be performing:

A. An Active Open
B. A Passive Open
C. Both Active and Passive Open
D. A Passive Open, while simultaneously closing the Client's Active Open
E. An Active Open, while simultaneously closing the Client's Passive Open

Answer: B

Question: 128
significant function of TCP is the ability to guarantee session information. The method used by
TCP to guarantee the uniqueness of a session between two hosts is which of the following?

Page 40 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:       574



A. By setting the control bits SYN and FIN within the same packet
B. By implementing two two-way handshakes to tear down the connection
C. By setting the control bits URG and ACK within the same packet
D. By implementing sequence numbering
E. By implementing a combination of control bits PSH, URG & RST

Answer: D

Question: 129
Your network implements many different technologies, and currently you have several servers
Running IPv6 in the network. Your network is also running IPv4. From a security perspective,
what is a benefit of this configuration?

A. Better IP Address Space Function
B. Faster DNS Resolution




                                                             om
C. More Efficient Routing
D. Protocol Isolation
E. IPSec implementation is possible

Answer: D




                                                       .c
Question: 130
What is the bit length of an IPv6 address?      d
                                             ie
A. 16 bits
B. 24 bits
                                      tif

C. 48 bits
D. 64 bits
                               er


E. 128 bits

Answer: E
                          C



Question: 131
                   IT




As you become more involved in the security and networking of your organization, you wish to
learn the exact details of the protocols in use. It is suggested to you, by a friend, that you check
the RFC for each protocol. What is an RFC?
          Be




A. An RFC is a program that has a searchable index to troubleshoot network problems.
B. An RFC is a document that discusses issues surrounding the Internet, networking
   technologies, and/or networking protocols.
C. An RFC is a hidden resource, which can be called up via the Windows Help file to identify
   details about networking protocols.
D. An RFC is a single document that details all the communications protocols and technologies
   used on the Internet.
E. An RFC is a single document that details all the communications protocols and technologies
   used on an Intranet.

Answer: B

Question: 132
Which of the following represent an IPv6 address?

A. FEDC.BA98.7654.3210.FEDC.BA98.7654.3210
B. FEDC:BA98:7654:3210:FEDC:BA98:7654:3210

Page 41 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                       Exam Code:          SC0-411
Doc Type:            Q & A with Explanations                   Total Questions:    574

C. 192.168.10.1
D. 192:168:10:1
E. FE:192.168.10.1:DC

Answer: B

Question: 133
Which of the following are reasons that a migration to IPv6 will take place?

A. IPv4 Address do not perform NAT efficiently
B. IPv4 Addresses are running out
C. IPv4 Routing Tables are too large
D. IPv4 Private addressing is insufficient
E. IPv4 Addresses cannot scale to very large networks

Answer: B, C




                                                             om
Question: 134
Which of the following presents an address that can be used during the transition of the
department from IPv4 to IPv6?




                                                       .c
A. ::ffff:192.168.10.1
B. 192.168.10.1:ffff::
C. :ffff:192.168.10.1
D. 192.168.10.1:ffff:
                                                d
                                             ie
E. ::ff:192:168:10:1
                                       tif

Answer: A
                                er


Question: 135
What is the loopback address used for IPv6?
                           C



A. 127.0.0.1
B. 127:0:0:1
                    IT




C. ff::1
D. :f:1
E. ::1
          Be




Answer: E

Question: 136
What are the three types of addresses in an IPv6 implementation?

A. Unicast
B. Multicast
C. Broadcast
D. Directcast
E. Anycast

Answer: A, B, E

Question: 137
Which of the following is implemented in an IPv6 environment to help increase security?

A. EFS

Page 42 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                            Exam Code:         SC0-411
Doc Type:           Q & A with Explanations                        Total Questions:   574

B. IPsec
C. Caching
D. S/MIME
E. Destination and Source Address Encryption

Answer: B

Question: 138
Your office branch has been assigned the network address of 10.10.0.0/16 by the Corporate HQ.
Presently your network addressing scheme has these addresses split into eight networks as
shown below:
1: 10.10.0.0/19
2: 10.10.32.0/19
3: 10.10.64.0/19
4: 10.10.96.0/19
5: 10.10.128.0/19




                                                              om
6: 10.10.160.0/19
7: 10.10.192.0/19
8: 10.10.224.0/19
You need to take the currently unused block of network 10.10.160.0/19 and further divide it into
eight networks for use by a satellite branch that is being designed on the fourth floor of your




                                                        .c
building. What will the new subnet mask be for these new networks?

A. 255.255.252.0
B. 255.255.0.0
                                                d
                                             ie
C. 255.248.0.0
D. 255.255.240.0
                                       tif

E. 255.255.255.0
                                er


Answer: A

Question: 139
                          C



Your company has been assigned the network address of 172.16.0.0/16. Presently your branch
has been given the unused address block 172.16.192.0/18. It is your job to split your branch's
                   IT




address block into eight equal networks. What subnet mask will you be using for your branch's
networks?
         Be




A. 255.255.252.0
B. 255.255.0.0
C. 255.248.0.0
D. 255.255.248.0
E. 255.255.255.0

Answer: D

Question: 140
In a UDP Header, what is the function of the first sixteen bits?

A. To define the upper layer protocol
B. To define the source port number
C. To define the destination port number
D. To define the IP Version
E. To define the type

Answer: B

Page 43 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                     Exam Code:            SC0-411
Doc Type:            Q & A with Explanations                 Total Questions:      574



Question: 141
If you are using a Windows 2000 Server, and enter a command that provides the following output
in the Command Prompt, what command did you type?
Interface 4 (site 1): 10101
uses Neighbor Discovery
link-level address: 00-d0-09-7f-0b-21
duplicate address: fe80::2d0:9ff:fe7f:b21,
infinite/infinite

A. ping if 4
B. ipv6ping if 4
C. ipv6 adapter 4
D. ipv6 if
E. ipconfig 4




                                                           om
Answer: D

Question: 142
You suspect an increase in malicious traffic on your network. You run several packet captures to
analyze traffic patterns and look for signs of intruders. While studying the packets, you are




                                                     .c
currently looking for ICMP Messages. You choose to use the IP Protocol ID to locate different
kinds of packets. What is the IP Protocol ID of ICMP?

A. 1
                                                d
                                             ie
B. 6
C. 17
                                       tif

D. 25
E. 9
                                er


Answer: A
                           C



Question: 143
You are configuring the rules on your firewall, and need to take into consideration that some
                     IT




clients in the network are using automatic addressing. What is the IP address range reserved for
internal use for APIPA in Microsoft networks?
         Be




A. 169.254.0.0 /4
B. 169.254.0.0 /16
C. 169.254.0.0 /8
D. 169.254.0.0 /0
E. 168.255.0.0 /16

Answer: B

Question: 144
According to the Internet Assigned Numbers Authority, port numbers are divided into three
ranges – the Well-Known Ports, the Registered Ports and the Dynamic and/or Private Ports. The
Well Known ports range from:

A. 0-255
B. 0-1023
C. 1-1024
D. 1024-49151
E. 1024-4999

Page 44 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574



Answer: B

Question: 145
You are introducing a co-worker to the security systems in place in your organization. During the
discussion you begin talking about the network, and how it is implemented. You mention
something in RFC 791, and are asked what that is. What does RFC 791 specify the standards
for?

A. IP
B. TCP
C. UDP
D. ICMP
E. Ethernet

Answer: A




                                                             om
Question: 146
What is the name of the informational page that is relevant to a particular command in Linux?

A. Readme Page




                                                       .c
B. Lnx_nfo Page
C. Man Page
D. X_Win Page
E. Cmd_Doc Page
                                                d
                                             ie
Answer: C
                                      tif

Question: 147
                               er


In Windows 2000, there are four methods of implementing IPSec. They are:

1 - Require Security
                          C



2 - Request Security
3 - Respond Only
                   IT




4 - No IPSec Policy
Your network hosts many servers, and different security policies are in place in different locations
in the network. The Clients and Servers in your network are configured as follows:
          Be




-You have servers numbered 1-9, which have a policy stating they require no network traffic
security.
-You have servers numbered 10-19, which have a policy stating they are not required to be
secure, but will encrypt network traffic if the client is able to receive it.
-You have servers numbered 20-29, which have a policy stating they are required to be secure
and all network traffic they deliver must be secured.
-You have clients numbered 60-79 that are required to access secure servers 20-29.
-You have clients numbered 80-99 that are not required to access secure servers 20-29, but are
required to access servers 1-9 and 10-19.
Based on the Client and Server configuration provided above, which of the following computers
must implement IPSec method 3?

A. Computers numbered 1-9
B. Computers numbered 10-19
C. Computers numbered 20-29
D. Computers numbered 60-79
E. Computers numbered 80-90


Page 45 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:       574

Answer: D

Question: 148
When a new user is created in Linux, what is the starting value for the assignment of a User
dentifier?

A. 0
B. 1
C. 100
D. 500
E. 5000

Answer: D

Question: 149
At the root@linuxbox$ prompt on a Linux machine you type cat /etc/passwd and one of the lines




                                                              om
in the output reads:
Simon:2cX1dMe9bfJcy:500:100:Simon Sez:/home/simon:/bin/bash
In the above output /bin/bash is which of the following?

A. Recycle bin




                                                        .c
B. Default shell
C. Group ID
D. Link to the Home directory
E. Home Directory
                                                 d
                                              ie
Answer: B
                                        tif

Question: 150
                                er


What of the following user accounts are given the correct default User Identifier and Group
Identifier, assuming the system is running Red Hat Linux?
                           C



A. ftp: User Identifier 21, Group Identifier 21
B. root: User Identifier 0, Group Identifier 0
                   IT




C. bin: User Identifier 1, Group Identifier 1
D. adm: User Identifier 3, Group Identifier 3
E. mail: User Identifier 25, Group Identifier 25
          Be




Answer: BCD

Question: 151
The Network File System (NFS) file /etc/fstab is critical to the functionality of NFS. What does this
File describe?

A. It describes which file systems are available to be remotely mounted
B. It describes which partitions can be exported
C. It describes which processes may be executed remotely
D. It describes which files are not available remotely
E. It describes which partitions are not exported

Answer: A

Question: 152
You wish to add a new user to your Linux system. The user account is called Lnx_1,the password
Is QW3RTY, and the group is Users. What is the correct command to add this user account?

Page 46 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:       574



A. adduser -g Users Lnx_1
B. useradd Lnx_1 +grp Users
C. useradd Lnx_1 +g Users
D. adduser g/Users u/Lnx_1
E. adduser g/Users -act Lnx_1

Answer: A

Question: 153
There are well-known utilities that are designed to mount a drive letter to any NTFS partition from
DOS or Windows 9x and read all the contents of that partition, completely bypassing local
security. As an administrator, how can you prevent someone from snooping on sensitive files
under Windows 2000 using these third party tools?

A. if the files on the NTFS partition had been protected by specifying the encryption attribute




                                                              om
B. by configuring Cluster sizes larger than 4K on the NTFS partition
C. by specifying the Deny permission for List Folders/ Read Data on the NTFS partition
D. by specifying the Deny permission for Read Permissions on the NTFS partition
E. by configuring disk striping for the NTFS partition




                                                        .c
Answer: A, B, E

Question: 154                                   d
At the root@linuxbox$ prompt on a Linux machine you type ls -l and one of the lines in the output
                                             ie
reads:
drw------- 1 simon users 1024 Oct 9 11:23 b
                                       tif

According to this output, which of the following is(are) true?
                                er


A. b is a word document
B. Nobody but the owner can execute this file
C. b is a directory
                          C



D. Nobody can read this file
E. Everyone can read this file
                   IT




Answer: C
          Be




Question: 155
You wish to add a new group to your Linux system. The group is called SCNP_Admins, and is to
be given a Group Identifier of 1024. What is the correct command to add this new group?

A. addgroup SCNP_Admins -id 1024
B. groupadd -g 1024 SCNP_Admins
C. addgroup SCNP_Admins id/1024
D. groupadd id/1024 g/SCNP_Admins
E. groupadd g/1024 SCNP_Admins

Answer: B

Question: 156
You are the main person responsible for the security of a mid-sized company. To have control
over all the aspects of the security of the network, you study and analyze each component
thoroughly. Your network is running all Windows 2000 computers, and you are studying the logon
process. You know there are many components of the process, and are now at the point where
you are analyzing the Security Accounts Manager (SAM). What is the SAM?

Page 47 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:       574



A. The SAM is a listing of users or group SIDS
B. The SAM is an authentication protocol used by Windows to authenticate clients
C. The SAM is used to check user permissions in order to access an object
D. The SAM is used to store user account information
E. The SAM is used to generate access tokens, and manages authentication

Answer: D

Question: 157
Which of the following steps would a potential attacker use if they were trying to get a list of user
accounts belonging to the Windows NT 4.0 Accounts domain even though they are not
administrators in the Accounts domain?

A. From the attacker's domain: Offer a one-way unverified trust to the Accounts domain
B. From the Accounts domain: Offer a one-way unverified trust to the attacker's domain




                                                              om
C. From the attacker's domain: Create a local group. Define group memberships for this local
   group and choose to bring in domain users from the Accounts domain
D. From the attacker's domain: Create a global group. Define group memberships for this global
   group and choose to bring in domain users from the Accounts domain
E. From the Accounts domain: Create a global group. Specify which global group from this




                                                        .c
   domain belongs to the attacker's domain

Answer: AC                                      d
                                             ie
Question: 158
Last week you were hired by a company to be the new security professional. There is a team of
                                       tif

10 tech people in the company, none of whom are trained on security issues. You are conducting
a training session for these employees, and are talking about the way authentication works in a
                                er


Native Mode Windows 2000 network. What is the protocol that is used to authenticate Windows
2000 clients who are logging into a Windows 2000 domain?
                          C



A. Kerberos
B. EFS
                   IT




C. DES
D. RSA
E. 3-DES
         Be




Answer: A

Question: 159
The computer you are currently using is running Linux, and you are logged into the system with
Your normal user account. An application you wish to run requires root access to execute. Which
of the following can you do to have the application execute, and not have the security of the
system lowered?

A. Log out as your user account, and log in as root
B. You cannot run an application as a user other than the one you are logged in as
C. Use the sw ID 0 command
D. Install the Switch User application, restart the computer, log in as root, then switch to your
   current user account and run the application
E. Use the su root command

Answer: E


Page 48 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574

Question: 160
You manage a small network of 30 computers. You are currently running NAT on your Internet
connection. The internal clients are using IP addresses in the 192.168.10.0/24 range, and your
public IP address is 172.16.25.42/27. You have a client that uses IP address 192.168.10.13.
When this client connects to a Web site on the Internet, what IP address will the Web-server's
logs show as the source?

A. 192.168.10.0
B. 172.16.25.42
C. 192.168.10.13
D. 10.10.10.26
E. 172.16.25.27

Answer: B

Question: 161




                                                             om
After a policy meeting it has been decided that IPSec shall be deployed in the network. The
network machines that will use IPSec are running Windows 2000. What are the primary three
components in a Windows 2000 IPSec implementation?

A. Layer 2 Tunneling Protocol (L2TP)




                                                      .c
B. IPSec Policy Agent Service
C. Internet Key Exchange (IKE)
D. Security Associations (SA)
E. Public Key Infrastructure (PKI)
                                               d
                                            ie
Answer: B, C, D
                                       tif

Question: 162
                               er


It has been decided that approximately 100 of the Windows 2000 computers in your network are
going to need EFS to be implemented on selected folders. You select one of your assistants to
help you with this task. Your assistant calls you asking where the option to implement EFS is
                         C



located on the computers. You reply that it can be found by right-clicking on the folder that needs
encryption, selecting "properties", then and looking under which option?
                   IT




A. General
B. Security
         Be




C. Sharing
D. Advanced
E. Summary

Answer: D

Question: 163
You have recently introduced the users of your Windows 2000 Domain network to EFS, and the
company policy indicates that several users must take advantage of EFS for certain files. Since it
is new, you are concerned with EFS being implemented in ways not defined in the policy. Which
user account is, by default, the Recovery Agent, that can decrypt data if need be?

A. The user who created the file
B. Domain Administrator
C. The user who encrypted the file
D. Any PowerUser
E. The Backup Operator


Page 49 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                           Exam Code:          SC0-411
Doc Type:           Q & A with Explanations                       Total Questions:    574

Answer: B

Question: 164
You are concerned that users will click past the Windows warning about modifying system files.
What feature of Windows 2000 is in place to prevent system files, installed by the Windows 2000
setup, from being deleted?

A. DES
B. WFP
C. EFS
D. PKI
E. NTFS

Answer: B

Question: 165




                                                                om
During the configuration of your Linux system, you are working with the available drives in the
computer. What syntax defines the First (Primary) IDE hard disk drive?

A. /dev/sda
B. /dev/fda




                                                         .c
C. /dev/hd1
D. /dev/hda
E. /dev/fd1                                      d
                                              ie
Answer: D
                                        tif

Question: 166
You have recently hired an assistant to help you with managing the security of your network. You
                                 er


Are currently running an all Windows 2000 environment, and are describing the issues associated
with sharing folders. You describe different shared folder permissions. Which of the following
describes the maximum abilities of the Change permission?
                           C



A. Display folder names, filenames and data, and execute files
                    IT




B. Rename files and folders, delete files and folders
C. Create folders, add files to folders, change or delete flies in folders
D. Rename files and folders, and execute files
          Be




E. Change file permissions and take ownership of files

Answer: C

Question: 167
You are running a computer that boots to multiple operating systems on multiple partitions and
wish to use Windows 2000 data encryption. Which of the following options will Windows 2000's
EFS perform?

A. Encrypt a file or folder but not compress it at the same time, if on FAT32
B. Encrypt a file or folder but not compress it at the same time, if on NTFS
C. Encrypt and compress a file or folder at the same time, if on NTFS
D. Encrypt and compress a file or folder at the same time, if on FAT32
E. Encrypt folders only, not files, and no compression, if on FAT32

Answer: B

Question: 168

Page 50 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574

Which of the following pieces of information are found in the Inode, on a Linux system?

A. Directory Location
B. File ownership information
C. File size in Bytes
D. Filename
E. File access time

Answer: B, C, E

Question: 169
You wish to manage your Linux system remotely, using a web browser. Which of the following
tools will allow you to accomplish your task?

A. Snort
B. Bastille




                                                            om
C. Tripwire
D. Webmin
E. SSH

Answer: D




                                                      .c
Question: 170
                                               d
You have recently implemented 150 new Windows 2000 computers in your network. You are
configuring Active Directory, and are defining the permissions for user and group objects. What
                                            ie
are the two options available for you to choose from?
                                      tif

A. Permissions compatible with Linux clients
B. Permissions compatible with pre-Windows 2000 servers
                                er


C. Permissions compatible only with Windows 2000 servers
D. Permissions compatible with Apple clients
E. Permissions compatible with Apple and Linux clients
                         C



Answer: B, C
                  IT




Question: 171
You fear an unauthorized program has taken control of your CPU in your Linux system. What
          Be




command will you run to see the CPU percentage per application in real-time?

A. top
B. netmon
C. ps
D. cpu_id
E. ps aux

Answer: A

Question: 172
It has been decided that the network you manage will implement new Windows 2000 machines,
using Active Directory. You are configuring several of the Active Directory objects in your
Windows 2000 network. What is the security of these objects based on?

A. Public Keys
B. EFS
C. NTFS

Page 51 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574

D. ACLs
E. Private Keys

Answer: D

Question: 173
You are setting the permissions on a new file in Linux. What will be the level of permission given
to the user if you assign an Octal value of 7?

A. rw-
B. r-x
C. ---
D. r--
E. rwx

Answer: E




                                                            om
Question: 174
You are configuring the Group Policy in your Windows 2000 Active Directory network
environment. You are concerned that the settings you create will be properly implemented. What
is the order in which Group Policy is processed?




                                                      .c
A. 1. Domain, 2. Site, 3. OU
B. 1. Domain, 2. OU, 3. Site
C. 1. Site, 2. OU, 3. Domain
                                               d
                                            ie
D. 1. Site, 2. Domain, 3. OU
E. 1. OU, 2. Site, 3. Domain
                                      tif

Answer: D
                                er


Question: 175
You have a file on your Linux system, and you need to modify the file's permissions. The
                         C



permissions you wish to apply are: Read, Write, and Execute for the User; Read and Write for the
Group: and Read for the Others. What command will allow you to achieve this?
                  IT




A. chmod 700 test_file.tar.gz
B. chmod 600 test_file.tar.gz
          Be




C. chmod 774 test_file.tar.gz
D. chmod 644 test_file.tar.gz
E. chmod 674 test_file.tar.gz

Answer: C

Question: 176
You have just become the senior security professional in your office. After you have taken a
complete inventory of the network and resources, you begin to work on planning for a successful
security implementation in the network. You are aware of the many tools provided for securing
Windows 2000 machines in your network. What is the function of The Security Template snap-in?

A. This tool is used to manage the NTFS security permissions on objects in the domain.
B. This tool is used to create an initial security database for the domain.
C. This tool is used to analyze a large number of computers in a domain-based infrastructure.
D. This tool provides an analysis of the local system security configuration.
E. This tool provides a single point of management where security options can be applied to a
   local computer or can be imported to a GPO.

Page 52 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574



Answer: E

Question: 177
In Windows 2000, there are four methods of implementing IPSec. They are:
1- Require Security
2 - Request Security
3 - Respond Only
4 - No IPSec Policy
Your network hosts many servers, and different security policies are in place in different locations
in the network. The Clients and Servers in your network are configured as follows:
-You have servers numbered 1-9, which have a policy stating they require no network traffic
security.
-You have servers numbered 10-19, which have a policy stating they are not required to be
secure, but will encrypt network traffic if the client is able to receive it.
-You have servers numbered 20-29, which have a policy stating they are required to be secure




                                                             om
and all network traffic they deliver must be secured.
-You have clients numbered 60-79 that are required to access secure servers 20-29.
-You have clients numbered 80-99 that are not required to access secure servers 20-29, but are
required to access servers 1-9 and 10-19. Based on the Client and Server configuration provided
above, which of the following computers will implement IPSec method 1?




                                                       .c
A. Computers numbered 1-9
B. Computers numbered 10-19
C. Computers numbered 20-29
                                                d
                                             ie
D. Computers numbered 60-79
E. Computers numbered 80-99
                                      tif

Answer: C
                               er


Question: 178
You are in the process of securing several new machines on your Windows 2000 network. To
                          C



help with the process Microsoft has defined a set of Security Templates to use in various
situations. Which of the following best describes the Highly Secure Security Template?
                   IT




A. This template is provided as a way to reverse the implementation of different Windows 2000
   security settings, except for user rights.
          Be




B. This template is provided so that Local Users have ideal security settings, while Power Users
   have settings that are compatible with NT 4 Users.
C. This template is provided to implement suggested security settings for all security areas,
   except for the following: files, folders, and Registry keys.
D. This template is provided to create the maximum level of security for network traffic between
   Windows 2000 clients.
E. This template is provided to allow for an administrator to run legacy applications on a DC.

Answer: D

Question: 179
You have decided to implement Tripwire on your newly installed file server. You are working with
The program, and notice it employs several different algorithms. Which of the following are used
by Tripwire?

A. MD5
B. OSPF
C. BGP

Page 53 of 166
Exam Name:            Hardening the Infrastructure
Exam Type:            SCP                                      Exam Code:            SC0-411
Doc Type:             Q & A with Explanations                  Total Questions:      574

D. SHA
E. MD4

Answer: A, D, E

Question: 180
You are configuring a new Red Hat Linux file server for your organization. Currently, you are
setting the permissions to several of the files that have been placed on the server. Which of the
following are legitimate permission attributes for the files on the server?

A. list
B. delete
C. read
D. write
E. execute




                                                             om
Answer: C, D, E

Question: 181
You have a file on your Linux system, and you need to modify the file's permissions. The
permissions you wish to apply are: Read, Write, and Execute for the User; Read for the Group:




                                                      .c
and Read for the Others. What command will allow you to achieve this?

A. chmod 744 test_file.tar.gz
B. chmod 644 test_file.tar.gz
                                                 d
                                              ie
C. chmod 700 test_file.tar.gz
D. chmod 774 test_file.tar.gz
                                        tif

E. chmod 600 test_file.tar.gz
                                 er


Answer: A

Question: 182
                            C



You have a file on your Linux system, and you need to modify the file's permissions. The
permissions you wish to apply are: Read and Write for the User; Read and Write for the Group:
                   IT




and Read for the Others. What command will allow you to achieve this?

A. chmod 660 test_file.tar.gz
          Be




B. chmod 760 test_file.tar.gz
C. chmod 604 test_file.tar.gz
D. chmod 704 test_file.tar.gz
E. chmod 664 test_file.tar.gz

Answer: E

Question: 183
You are configuring the permissions to a file, called file1, on your Linux file server. You wish to
change the permissions to remove the execute permission from the others and group. Which of
the following commands will complete this task?

A. umask x-og file1
B. umask og-x file1
C. chmod xog- file1
D. chmod x-og file1
E. chmod og-x file1


Page 54 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                       Exam Code:             SC0-411
Doc Type:            Q & A with Explanations                   Total Questions:       574

Answer: E

Question: 184
You are configuring the permissions to a file, called file1, on your Linux file server. You wish to
change the permissions to allow the owner of the file to have read, write, and execute
permissions, while the group has write permissions, and the others have no permissions. Which
of the following commands will complete this task?

A. umask 720 file1
B. chmod 720 file1
C. chmod 270 file1
D. chmod 027 file1
E. umask 027 file1

Answer: B




                                                             om
Question: 185
You are setting the permissions on a new file in Linux. What will be the level of permission given
to the user if you assign an Octal value of 6?

A. rwx




                                                       .c
B. rw-
C. r--
D. r-x
E. ---
                                                d
                                             ie
Answer: B
                                       tif

Question: 186
                                er


You are setting the permissions on a new file in Linux. What will be the level of permission given
to the user if you assign an Octal value of 0?
                           C



A. rw-
B. r--
                   IT




C. r-x
D. ---
E. rwx
          Be




Answer: D

Question: 187
After you have configured your new Linux file server, a colleague wishes to check the permission
Settings on some files. You run the command to view the permissions, and the onscreen result is:
-rw-r--r-- 1 ps_admin root 2345 10:23 file1
Which of the following are true based on this output?

A. The owner has read permissions
B. ps_admin is the user
C. root is the group
D. The owner has read and write permissions
E. The group has read and write permissions

Answer: B, C, D

Question: 188

Page 55 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:           SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:     574

At the root@linuxbox$ prompt on a Linux machine you type cat /etc/passwd and one of the lines
in the output reads:
Simon:2cX1dMe9bfJcy:500:100:Simon Sez:/home/simon:/bin/bash
In the above output 100 is which of the following?

A. User ID
B. Group ID
C. The 100th User created
D. Link to the Home directory
E. Binary value

Answer: B

Question: 189
You are viewing the /etc/passwd file on your Red Hat Linux computer, and you see the following
entry:




                                                            om
root:23rs5:0:0:root:/root:/bin/bash
In this entry, what does the 23rs5 mean?

A. It is the code for the time when the root account was created
B. It is the group that the root account belongs to




                                                      .c
C. It is the unencrypted password of the root account
D. It is the login name that the root account is to use
                                               d
E. It is the encrypted password of the root account
                                            ie
Answer: E
                                      tif

Question: 190
If you wish to change the permissions of a parent directory in your Linux system, and want the
                                er


permissions to be changed on the files and subdirectories in the parent directory to be the same,
what switch must you use?
                         C



A. -G
B. -R
                   IT




C. -P
D. -S
E. -F
         Be




Answer: B

Question: 191
The test.doc file on your Linux system that needs the ownership changed. You wish to have the
new owner of the file to be vp_finance. Which of the following is the command to change
ownership to the vp_finance user account?

A. ch_own vp_finance test_doc
B. chown vp_finance test.doc
C. chown test/doc vp_finance
D. chown vp_finance test/doc
E. ch_own vp_finance test.doc

Answer: B

Question: 192
If you have enabled the Shadow Password file on your Linux system, what will be visible as the

Page 56 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                           Exam Code:              SC0-411
Doc Type:           Q & A with Explanations                       Total Questions:        574

Password for a user account in the /etc/passwd file?

A. An X for every character of the real password
B. An X for every character of the encrypted password
C. A single -
D. A single X
E. A single E

Answer: D

Question: 193
While configuring TCP Wrappers on your Linux system, you desire to create a line that will effect
Every computer in the local network. Which of the following lines will achieve this desired result?

A. ALL: NETWORK
B. ALL: NETWORK(LOCAL)




                                                                om
C. LOCAL_NET: ALL
D. ALL: LOCAL
E. NETWORK(LOCAL): ALL

Answer: D




                                                          .c
Question: 194
                                                  d
While configuring TCP Wrappers on your Linux system, you desire to create a line that will effect
Every host in the .securitycertified.net network other than insecure.securitycertified.net. Which of
                                               ie
the following lines will achieve this desired result?
                                        tif

A. ALL: .securitycertified.net >OTHER< insecure.securitycertified.net
B. ALL: .securitycertified.net EXCEPT insecure.securitycertified.net
                                 er


C. ALL: .securitycertified.net >EXCEPT< insecure.securitycertified.net
D. ALL: .securitycertified.net OTHER insecure.securitycertified.net
E. .securitycertified.net OTHER insecure.securitycertified.net: ALL
                           C



Answer: B
                    IT




Question: 195
You are reviewing the lines used in the configuration of TCP Wrappers on your Linux system.
          Be




When placed in the denial file, what is the function of the following line?
in.telnetd: 192.168.23.: spawn (/bin/echo %c >> /var/log/telnet.log)

A. This line will initiate a Telnet connection to the 192.168.23.0/24 network.
B. This line will write a log line to the /bin/echo directory when a host tries to use Telnet to
    connect to the 192.168.23.0/24 network.
C. This line will initiate an ICMP echo request when a host from the 192.168.23.0/24 network
    uses Telnet.
D. This line will write a log line that contains client information when a host from the
   192.168.23.0/24 network attempts to use Telnet.
E. This line will write a log line to the /var/log directory when a host tries to use Telnet to connect
    to the 192.168.23.0/24 network.

Answer: D

Question: 196



Page 57 of 166
Exam Name:            Hardening the Infrastructure
Exam Type:            SCP                                          Exam Code:              SC0-411
Doc Type:             Q & A with Explanations                      Total Questions:        574

You are configuring the security of a service using Xinetd. You wish to add a line to the
configuration of the service that grants access from the host 10.20.23.42. Which of the following
lines will you need to add to the configuration to achieve this result?

A. only_from = host_id 10.20.23.45
B. access_from = 10.20.23.45
C. access_from = host_id 10.20.23.45
D. only_from = 10.20.23.45
E. only_from = host_10.20.23.45

Answer: D

Question: 197
You are configuring the security of a service using Xinetd. You wish to add a line to the
configuration of the service that adds the ability to track Duration on successes. Which of the
following lines will you need to add to the configuration to achieve this result ?




                                                                om
A. +DURATION -> log_on_success
B. +DURATION = log_on_success
C. log_on_success += DURATION
D. log_on_success add>DURATION




                                                          .c
E. DURATION add log_on_success

Answer: C                                         d
                                               ie
Question: 198
On a Linux system, the most privileged account is Root. What is the Group ID for this account?
                                        tif

A. 0
                                 er


B. 1
C. 99
D. 100
                            C



E. 199
                      IT




Answer: A

Question: 199
          Be




You are reviewing the Xinetd configuration file for the ftp service. If the following line found in this
file, what is the line's function?
bind = 192.168.10.1

A. That only 192.168.10.1 can make ftp requests
B. That only hosts in the same network as 192.168.10.1 can make ftp requests
C. That ftp is only available to host IP 192.168.10.1
D. That the ftp service is bound to that IP address
E. That the overall Xinetd configuration has bind lines in it

Answer: D

Question: 200
You have decided to use NFS for file sharing in your network. Using a Linux box as the server,
what are the three primary configuration files you will need to modify to securely use NFS?

A. /etc/hosts.deny
B. /etc/hosts.allow

Page 58 of 166
Exam Name:            Hardening the Infrastructure
Exam Type:            SCP                                     Exam Code:            SC0-411
Doc Type:             Q & A with Explanations                 Total Questions:      574

C. /etc/hosts/deny
D. /etc/exports
E. /etc/hosts/allow

Answer: A, B, D

Question: 201
You are configuring the lines that control access to exported objects on your server running NFS.
If you have a directory called /R&D and you wish to export this directory to IP address
172.16.55.63 with the permissions of read and write, which of the following lines will accomplish
this?

A. (RW) /R&D 172.16.55.63
B. /R&D 172.16.55.63(rw)
C. (RW) 172.16.55.63 /R&D
D. /R&D 172.16.55.63 (rw)




                                                            om
E. (RW):/R&D 172.16.55.63

Answer: B

Question: 202




                                                      .c
Which tool is built-in to Red Hat Linux 8.0 to configure NFS shares?

A. NFS Server Configuration tool
B. Computer Management
                                                 d
                                              ie
C. Webmin
D. Bastille
                                        tif

E. System Manager
                                 er


Answer: A

Question: 203
                            C



You need to add a user account and password to allow a user access via Samba. Which of the
following commands will add the account Admin with a password of s3cur3 to the
                      IT




/etc/samba/smbpasswd file?

A. smbpasswd -a Admin s3cur3
         Be




B. smbpasswd -a Admin -pword s3cur3
C. -a Admin \etc\samba\smbpasswd s3cur3
D. -a Admin /etc/samba/smbpasswd s3cur3
E. addpaswd s3cur3 -a Admin /etc/samba/smbpasswd

Answer: A

Question: 204
Your office uses Telnet extensively, and you are recommending that it be replaced with
something more secure. What will you use as the replacement for Telnet?

A. IPSec
B. SSH
C. S/MIME
D. RSA
E. 3DES

Answer: B

Page 59 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:       574



Question: 205
To secure your Linux system, you wish to use an application that can assist you in the steps of
Hardening the O/S. What tool for Linux is designed to do just that?

A. Tripwire
B. Bastille
C. SSH
D. TCP Wrappers
E. Pluggable Authentication Modules (PAM)

Answer: B

Question: 206
Which of the following are weaknesses in the LM Authentication used in Windows?




                                                            om
A. LM uses a standard character set
B. LM uses 3DES for encryption
C. LM is not case sensitive
D. LM uses MD4 for encryption
E. LM creates 2 separate 7-byte hashes




                                                      .c
Answer: A, C, E

Question: 207
                                               d
                                            ie
You have decided to implement SYSKEY on your Windows system. What are the three options
For managing the System Key?
                                      tif

A. Allow the computer to generate a random key, and store the key in the Registry
                               er


B. Manually create a password as the key, and enter it once logged in as Administrator
C. Manually create a password as the key, and store the key in the Registry
D. Allow the computer to generate a random key, and store the key on a floppy disk
                         C



E. Manually create a password as the key, and enter the value (key) at the prompt when asked
   for it, during the system startup
                  IT




Answer: A, C, D
         Be




Question: 208
Which template can you use in the Security Configuration and Analysis tool in Windows 2000, to
be sure your system meets the Gold Standard?

A. HISECWEB.inf
B. NIST2kws.inf
C. BASICWK.inf
D. HISECDC.inf
E. HISECWS.inf

Answer: B

Question: 209
You are creating a new Auditing and Logging policy for your network. On a Windows 2000
system, if you wish to audit events like users logging on or off, which of the following options
would you use?

A. Audit Account Logon Events

Page 60 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:       574

B. Audit Account Management
C. Audit Logon Events
D. Audit Object Access
E. Audit System Events

Answer: C

Question: 210
You are creating a new Auditing and Logging policy for your network. On a Windows 2000
system, if you wish to audit events like a change to an audit policy or user security settings, which
of the following options would you use?

A. Audit User Account Management
B. Audit System Events
C. Audit Security Settings
D. Audit Policy Change




                                                              om
E. Audit Privilege Use

Answer: D

Question: 211




                                                        .c
You are examining the Event IDs in your Windows 2000 network. There have been a large
number of failed attempts at logon in the network. What is the Event ID for a failed attempt at
                                                d
Logon due to an unknown username or bad password?
                                             ie
A. 412
B. 529
                                       tif

C. 675
D. 749
                                er


E. 855

Answer: B
                          C



Question: 212
                   IT




You are examining the Event IDs in your Windows 2000 network. There have been a large
number of failed attempts at logon in the network. What is the Event ID for a failed attempt at
Logon due to an account being disabled?
          Be




A. 107
B. 230
C. 374
D. 413
E. 531

Answer: E

Question: 213
You are examining the Event IDs in your Windows 2000 network. There have been a large
number of failed attempts at logon in the network. What is the Event ID for a failed attempt at
Logon due to an account having expired?

A. 231
B. 375
C. 414
D. 532

Page 61 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                           Exam Code:              SC0-411
Doc Type:           Q & A with Explanations                       Total Questions:        574

E. 676

Answer: D

Question: 214
You are running Red Hat Linux version 8.0 and wish to change the defaults that are assigned to
passwords in the system. What file will you use to make changes to the password settings?

A. /etc/conf.d
B. /etc/passwd.conf
C. /etc/login.defs
D. /etc/pwd/default.d
E. /etc/system32/passwd.conf

Answer: C




                                                                om
Question: 215
You have just converted a FAT partition to NTFS to gain the added permissions and security
NTFS has to offer. In Windows NT 4, the NTFS permission 'Change' for folders is a combination
of which of the following file system operations?




                                                         .c
A. Read
B. eXecute
C. Delete
D. Write
                                                 d
                                              ie
E. change Permission
                                        tif

Answer: A, B, C, D
                                 er


Question: 216
Your network is a mixed environment of 500 Windows 2000 Professional computers, 150
Windows NT 4.0 Workstation computers, and 25 Linux servers. To increase the security of the
                           C



Windows 2000 systems, you apply a security template only to realize that these settings are too
strict and you want to ease off the security level a bit. Which security template (.inf file) will allow
                   IT




for the default security settings to be applied to every security areas except for those directly
managing user rights?
         Be




A. Basicdc
B. Basicwk
C. Dedicasv
D. Hisecdc
E. Securedc

Answer: B

Question: 217
Your company has just merged with another company. The network has expanded fully to include
approximately 150 PCs, and one room that is dedicated to the servers and networking
equipment. What is the appropriate level of backup power for the servers in this type of network?

A. Building Generator
B. Personal UPS
C. Alternative Fuel-Cell Technology
D. Server Rack UPS
E. Electrical Company

Page 62 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                           Exam Code:         SC0-411
Doc Type:            Q & A with Explanations                       Total Questions:   574



Answer: D

Question: 218
After you have created your contingency plan, it is critical that the plan be tested. What are the
three general types of plan testing that you could use?

A. Backup Test
B. Recovery Test
C. Checklist Test
D. Walk-through Test
E. Full Interruption Test

Answer: C, D, E

Question: 219




                                                                 om
To properly create the plan for the power supply of the organization, you must understand the
Primary disturbances that can happen to the electrical supply. Which of the following is when
there is a momentary decrease in the electric supply?

A. Spike




                                                          .c
B. Surge
C. Sag
D. Brownout
E. Fault
                                                  d
                                               ie
Answer: C
                                         tif

Question: 220
                                 er


What is a unique characteristic of a hot-site facility versus a cold-site facility?

A. The hot-site has replication disk drives
                            C



B. The hot-site has replication tape drives
C. The hot-site has replication wiring, controlled temperature, and raised flooring
                    IT




D. The hot-site requires authentication to gain access
E. The hot-site has replication PCs, Servers, and Telecommunications
          Be




Answer: E

Question: 221
While creating the backup strategy for your organization, you examine the three primary types of
backups. What are those three types?

A. Hot-site
B. Incremental
C. Cold-site
D. Differential
E. Full
F. Warm-site

Answer: B, D, E

Question: 222
You are running a network that is all Windows 2000 computers. What is the built-in solution to
Creating and restoring backups?

Page 63 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:       574



A. Tar
B. Backup
C. Gzip
D. ExecSuite
E. Back_Suite

Answer: B

Question: 223
You are running a network that is all Linux computers. What is the built-in solution to managing
backups?

A. Tar
B. Backup
C. Gzip




                                                             om
D. ExecSuite
E. Back_Suite

Answer: A




                                                       .c
Question: 224
In order to create the security policy in your company, you are going to perform a short, high-level
risk                                            d
analysis. What are two types of risk analysis that you could perform?
                                             ie
A. Qualitative
B. Technological
                                       tif

C. Environmental
D. Performance-based
                               er


E. Quantitative

Answer: AE
                          C



Question: 225
                   IT




When creating the contingency plan, what must be taken into consideration regarding the backup
ISP that is chosen?
         Be




A. That the backup ISP uses a different physical router than the primary ISP
B. That the backup ISP uses a unique range of IP Addresses that are not near the network
   addresses of the primary ISP
C. That the backup ISP is owed by a different company than the primary ISP
D. That the backup ISP connection point is a different physical connection than the primary ISP
E. That the backup ISP uses the same type of router that you have in your internal network

Answer: D

Question: 226
One of the tools you have decided to use to maintain the security of your network is nmap. You
use it frequently to run various checks of the network. What type of scan is run if you use the
following command:
nmap -sS

A. ping scan
B. UDP port scan
C. TCP ACK port scan

Page 64 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                        Exam Code:             SC0-411
Doc Type:            Q & A with Explanations                    Total Questions:       574

D. TCP SYN stealth port scan
E. TCP Null port scan

Answer: D

Question: 227
There are many programs and utilities that attackers can use when attempting entry or other
types of attacks to a network or computing device. If the attacker has chosen a program that may
or may not replicate itself, but does often use a valid looking program to mask its true intent, what
type of program has been chosen?

A. Trojan Horse
B. Virus
C. Internet Worm
D. Port Scanner
E. Microsoft Macro




                                                              om
Answer: A

Question: 228
On Monday, during a routine check of a user's workstation, you find the following program, called




                                                        .c
regedit.bat on the user's local hard drive:
Net localgroup administrators admin /all
Start regedit.exe
Exit
                                                d
                                             ie
What is this program capable of doing on this computer?
                                       tif

A. Nothing, the first line is coded wrong.
B. It will add the admin user to the administrators group
                                er


C. It will add the administrators to the admin group
D. It will add the administrators to all local groups
E. It will add the admin user to all local groups
                           C



Answer: B
                   IT




Question: 229
Often times attackers will run scans against the network to identify different network and
         Be




operating systems, and resources that are available. If an attacker runs scans on the network,
and you are logging the connections, which of the following represent the legitimate combination
of packets that will be sent between the attacker and target?

A. Attacker SYN Scan, Target NULL Response
B. Attacker SYN Scan, Target ACK-FIN Response
C. Attacker XMAS Scan, Target RST Response
D. Attacker SYN Scan, Target URG Response
E. Attacker FIN Scan, Target SYN-PSH Response

Answer: C

Question: 230
A hardware keystroke logger is made so that it is nearly impossible to detect or disable using
software. Apart from having large capacities such as the ability to record up to 2 million
keystrokes with or without 128-bit encryption, hardware keystroke loggers have the advantage
over software loggers in that:
A. they can log every keystroke, even those typed in the period between computer switch on and

Page 65 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                       Exam Code:            SC0-411
Doc Type:            Q & A with Explanations                   Total Questions:      574

   the operating system being loaded.
B. they can log across multiple operating systems on one computer.
C. no software installation is necessary to record or retrieve keystrokes.
D. the log cannot easily be tampered with (data can only be deleted), is an authentic record of
   what was typed, and therefore, it may be used as electronic evidence.
E. the only way to defeat them is to boot to a floppy and delete the application.

Answer: A, B, C, D

Question: 231
You have been gone on vacation for a week, and when you return you find that your junior
security administrator has replaced all the PS/2 keyboards in the office with brand new ones. This
was not on the list of authorized upgrades, so you ask where and why these keyboards are in the
office. You are told that they are a free trial from a software company, with the keys slightly
farther apart and built-in macros to bring up a Web browser or an Email program. The keyboards
are to be evaluated for a week then returned. What is a valid security concern with this situation?




                                                             om
A. The employees might get used to the new keyboards and then they would have to be
   retuned, creating problems with the user base.
B. The upper management will never approve the expense of new keyboards, and they will all
   have to be returned immediately.




                                                       .c
C. There could be hidden software in the keyboards that log all the Web sites a user visits and
   send that information back to whomever brought in the keyboards.
                                                d
D. The upper management will approve the expense of the new keyboards, and this will remove
   some potential funding from the IT department for purchasing of new Servers.
                                             ie
E. There could be hidden firmware in the keyboards that log all input from each user.
                                       tif

Answer: E
                                er


Question: 232
Your network has been getting hit recently with thousands of unwanted email messages (All
Using random source addresses) from a specific attacker. Which of the following are methods
                           C



you may employ to directly manage this attack?
                    IT




A. Blocked Sender Lists
B. New IDS Rules
C. Employee Training
          Be




D. Mail Filters
E. New Firewall Rules

Answer: AD

Question: 233
Your network has recently been hit by a virus. You have isolated it and find that it is infecting
Systems via an Access database document that users are running. You work to control the
damage, and after a few days you have the situation under control. What type of virus was in your
network?

A. Multi-part Virus
B. Scripting Virus
C. Boot Sector Virus
D. Macro Virus
E. File Infection Virus

Answer: D

Page 66 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:       574



Question: 234
Your network has been hit by a very bad virus recently. As you tracked the virus through the
network, it was changing from system, to system. Each time it went to infect a system; it had
evolved slightly to have a different file size, or different file structure. After extensive work, you
and your team were able to isolate and remove the virus from the network. Which of the following
best identifies the type of virus that was in your network?

A. Boot Sector Virus
B. Macro Virus
C. Stealth Virus
D. Multi-part Virus
E. Polymorphic Virus

Answer: E




                                                              om
Question: 235
In the last few days, users have reported to you that they have each received two emails from an
unknown source with file attachments. Fortunately the users have listened to your training and no
one has run the attached program. You study the attachment on an isolated computer and find
that it is a program that is designed to execute a payload when the system clock registers 10:10




                                                        .c
PM on February 29. Which of the following best identifies the type of program is the attachment?

A. Mail Bomb
B. Logic Bomb
                                                d
                                             ie
C. Polymorphic Virus
D. Stealth Virus
                                       tif

E. Polymorphic Trojan
                                er


Answer: B

Question: 236
                          C



To increase the security of your corporate website, you are running some basic checks on leaked
information. You view the source code for a web page and see the following:
                   IT




<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
          Be




<meta name="GENERATOR" content="FrontPage 4.0">
<meta name="ProgId" content="Editor.Document">
<title>Security Certifications for the IT Pro</title>
<style type="text/css">
<!--
P, TD, LI, TH { font-size: 10pt; font-family: Arial, Verdana, Helvetica }
.eight { font-size: 8pt }
-->
</style>
</head>
From this code, which of the following would an attacker most likely assume is the operating
system that was used to create this web site?

A. OpenBSD
B. FreeBSD
C. Linux 5.0
D. Linux 6.0
E. Windows NT

Page 67 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574



Answer: E

Question: 237
You are performing a security check of your network to see what information, if any, is leaking to
The Internet. You have decided to perform active stack fingerprinting from a remote location.
Which of the following examples of what you can do to complete your task would have the least
value?

A. You listen for an ICMP Echo Reply from a host after initiating an ICMP Echo Request to that
   host
B. You run nmap -O [IP_Address] and listen for the reply
C. You listen for an ICMP Echo Reply from a host
D. You run nmap -sA -O [IP_Address] and listen for the reply
E. You run nmap -sS -O [IP_Address] and listen for the reply




                                                            om
Answer: C

Question: 238
Often times attackers will run scans against the network to identify different network and
operating systems, and resources that are available. If an attacker runs scans on the network,




                                                      .c
and you are logging the connections, which of the following represent the legitimate combination
of packets that will be sent between the attacker and target?

A. Attacker NULL-FIN Scan, Target NULL Response
                                               d
                                            ie
B. Attacker SYN Scan, Target ACK-SYN Response
C. Attacker NULL Scan, Target RST Response
                                      tif

D. Attacker SYN Scan, Target URG Response
E. Attacker FIN Scan, Target NULL Response
                               er


Answer: B, C
                         C



Question: 239
As an administrator you wish to keep a tight control over the passwords used in your network.You
                  IT




are looking for new tools to work with on Linux.. You bring up a search engine and type
'passwords AND Linux'. Many of the search hits point to a tool called 'John the Ripper'. You
download it and find out that it is a:
         Be




A. password generator
B. network password sniffer
C. customizable password dictionary
D. password cracking tool
E. password encryption utility

Answer: D

Question: 240
You are running several security checks and scans in your network. The network is a small, with
Only Windows NT 4.0 computers in a single domain and on a single Ethernet segment. You
decide to use Nmap for some of the checks. What will be the result of running the following
command:
nmap -v -sS -O 10.0.10.44

A. Performs fingerprinting to guess the remote operating system on 10.0.10.44
B. Performs a TCP SYN stealth port scan on 10.0.10.44

Page 68 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:      574

C. Reports details of the scan onscreen at the 10.0.10.44 computer.
D. Reports details of the scan onscreen at the localhost.
E. Does UDP scans on 10.0.10.44

Answer: A, B, D

Question: 241
What is it called if an attacker calls into an organization posing as a help desk employee,
attempting to learn information about the organization?

A. Social Engineering
B. Service Identification
C. Password Sniffing
D. Denial of Service
E. Sweeping




                                                             om
Answer: A

Question: 242
You are aware of the significance and security risk that Social Engineering plays. Of the following
Scenarios, select two that represent potentially dangerous Social Engineering:




                                                      .c
A. An anonymous caller calls and wishes to speak with the receptionist. On the call the caller
                                               d
   claims to be calling from the company's ISP and asks the receptionist what the name of the
   Security Administrator is and then asks the receptionist for his email address so that the ISP
                                            ie
   can send a significant update.
B. An anonymous caller calls and wishes to speak with the receptionist. On the call the caller
                                      tif

   asks the receptionist the normal business hours that the organization is open to the public.
C. An anonymous caller calls and wishes to speak with the purchaser of IT hardware and
                               er


   software. On the call the caller lists several new products that the purchaser may be
   interested in evaluating. The caller asks for a time to come and visit to demonstrate the new
   products.
                            C



D. An email is received by a user requesting a response to the Help Desk asking for username
   and passwords to be verified.
                   IT




E. An email is received by a user from the Help Desk reminding the user that passwords are to
   be changed every 3 months.
         Be




Answer: AD

Question: 243
During the review of the security logs you notice some unusual traffic. It seems that a user has
connected to your Web site ten times in the last week, and each time has visited every single
page on the site. You are concerned this may be leading up to some sort of attack. What is this
user most likely getting ready to do?

A. Mirror the entire web site.
B. Download entire DNS entries.
C. Scan all ports on a web server.
D. Perform a Distributed Denial of Service attack through the Web server.
E. Allow users to log on to the Internet without an ISP.

Answer: A

Question: 244
You are running a vulnerability analysis on your new Windows 2000 Web Server (IP Address

Page 69 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574



10.10.10.1/24), which you just installed and is running IIS. You are concerned about the "double-
dot" vulnerability. You issue the following request to the server:
http://10.10.10.1/scripts/../../winnt/system32/cnm.exe
and the request fails. Why did this request fail?

A. The IP address cannot be used for this request
B. The request needs at least 420 characters of buffer between the first "../" and the second "../"
C. Without at least one"%" sign in the URL request, this command cannot be completed on any
D. web server.
E. The request was issued in the /scripts directory, when it should have been issued in the /cgi-
   bin directory
F. The security checking in IIS is designed to specifically stop the use of the "../" in a URL
   request outside of the Inetpub folder.

Answer: E




                                                             om
Question: 245
You are running a vulnerability analysis on your new Windows 2000 Web Server (IP Address
10.10.10.1/24), which you just installed and is running IIS. You are concerned about the
"Unicode" vulnerability. You issue the following request to the server:




                                                      .c
http://10.10.10.1/scripts/..%c0%af../winnt/system32/cnmd.exe
and the request succeeds in giving you a command prompt. Why did this request succeed?
                                               d
A. Unicode characters are decoded after the IIS security check.
                                            ie
B. When using Unicode characters, all security checking in IIS is bypassed.
C. The Unicode characters were checked by the IIS security check then passed to the kernel
                                      tif

   subsystem for an additional security check, where the characters are not understood.
D. By using the above Unicode characters, the server 'thinks' that the administrator made the
                               er


   web request, and fulfills the request.
E. The Unicode characters split the request into two requests. One for the website, and the
   second called up the local cmd.exe window.
                         C



Answer: A
                   IT




Question: 246
You are checking the status of the Web servers in your office. There are seven machines, each
         Be




running Windows 2000 with IIS installed as the hosting software. You are concerned about the
IPP Vulnerability that unsecured IIS machines are susceptible to. What is the IPP Vulnerability?

A. A Trojan Horse
B. A Buffer Overflow
C. A Virus
D. A Worm
E. A Backdoor

Answer: B

Question: 247
You are configuring the options of your newly installed Apache Web server, running on Red Hat
Linux. You wish to configure the server so that it will wait for 12 seconds for a subsequent client
request before it closes the connection. Which configuration option will you modify to make this
change?

A. ServerType

Page 70 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:              SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:        574

B. User / Group
C. ServerRoot
D. KeepAlive
E. ResourceConfig / AccessConfig

Answer: D

Question: 248
Your network is experiencing a situation where all the computers are sending ICMP messages to
One host. You are checking into the network traffic and realize that none of the users are
initializing the messages. What is happening in your network?

A. A Denial of Service Attack
B. A Virus Attack
C. A Worm Attack
D. A Macro Attack




                                                            om
E. A Trojan Attack

Answer: A

Question: 249




                                                      .c
You are concerned that email messages sent to your Outlook clients could contain customized
and dangerous scripting. What can you do to minimize the threat that this specific type of email
presents?                                      d
                                            ie
A. Install and Update Anti-Virus software
B. Update the Security Settings for the clients at the SMTP Server
                                      tif

C. Disable the Preview Pane
D. Be sure that all forms of scripting are disabled on all clients
                                er


E. Minimize the number of contacts allowed in an address book

Answer: C
                           C



Question: 250
                   IT




What are the four Zones/Security Levels that are available in Internet Explorer 6.0?

A. Internet - Medium
          Be




B. Intranet - Medium-Low
C. Trusted - Low
D. Restricted - High
E. Paranoid - Highest

Answer: A, B, C, D

Question: 251
What is the function of the HFNetChk tool from Microsoft?

A. To check for the current Hotfixes that are available from Microsoft
B. It is an upgrade to the Windows Update tool for checking on all updates
C. It is the tool that must be run prior to installing IIS 5.0
D. It is the tool that checks the network configuration of all web servers
E. To record what Hotfixes and service packs are running on the Windows machine

Answer: E


Page 71 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:      574

Question: 252
You are going to secure your web server with a security template. What template is
recommended by Microsoft to secure an IIS 5.0 server?

A. HISECWEB.inf
B. NIST2kws.inf
C. BASICWK.inf
D. HISECDC.inf
E. HISECWS.inf

Answer: A

Question: 253
You are studying the current attack methods and find that one of your servers is vulnerable to a
Buffer Overflow attack. Which of the following do Buffer Overflows exploit?




                                                              om
A. Ramdrives
B. A program that does not do bounds checking
C. Memory leaks in the hardware
D. A program allowing itself to be copied
E. Paging of memory to a disk




                                                        .c
Answer: B

Question: 254
                                                d
                                             ie
Most companies that do business via the Web offer a shopping cart so you can specify all the
items you want before placing the order. Poor shopping cart design, however, can allow a
                                       tif

different kind of hack. Take a look at the HTML code sample presented here and determine the
line that presents the vulnerability:
                                er


<FORM ACTION="http://10.0.10.236/cgi-bin/orders.pl" method="post">
<input type=hidden name="price" value="39.95">
<input type=hidden name="item_no" value="WIDGET9">
                          C



QUANTITY: <input type=text name="quantity" size=2 maxlength=2 value=1>
</FORM>
                   IT




A. The line specifying the Perl script orders.pl
B. The line specifying input type for price
          Be




C. The line specifying input type for item number
D. The line specifying input type for quantity
E. The line specifying input type for item number and quantity

Answer: B

Question: 255
You are discussing the design and infrastructure of the Internet with several colleagues when a
disagreement begins over the actual function of the ISP in the Internet's design. From the
perspective of an end user, what is the function of an ISP in the physical structure of the Internet?

A. The ISP provides a national interconnection of systems, called peering centers, to the NAPs.
B. The ISP is what provides the IP connection point between a local user and the Internet.
C. The ISP provides for a multi-tiered system of interconnecting the NSPs.
D. The ISP provides for a layered connection system of ISPs connecting to the backbone.
E. The ISP provides the physical network with communication channels for the Internet and
   voice/data applications.


Page 72 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:       574

Answer: B

Question: 256
During a routine security inspection of the clients in your network, you find a program called
cgiscan.c on one of the computers. You investigate the file, reading part of the contents. Using
the portion of the program shown below, identify the function of the program.
Temp[1] = "GET /cgi-bin/phf HTTP/1.0\n\n";
Temp[2] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n";
Temp[3] = "GET /cgi-bin/test-cgi HTTP/1.0\n\n";
Temp[4] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n";
Temp[5] = "GET /cgi-bin/handler HTTP/1.0\n\n";
Temp[6] = "GET /cgi-bin/webgais HTTP/1.0\n\n";
Temp[7] = "GET /cgi-bin/websendmail HTTP/1.0\n\n";

A. The program is designed to launch the user's email program.
B. The program is designed to manage the counters on a target web server.




                                                               om
C. The program is simply old temp files, and nothing of interest.
D. The program is designed to test the functionality of the cgi email scripts that are installed on
   the server.
E. The program is a vulnerability scanner




                                                        .c
Answer: E

Question: 257                                    d
Your company has installed a new web server, and as part of your job you must manage the
                                              ie
security of this new box. You are concerned that the system is kept up to date with patches, due
to many recent buffer overflow vulnerabilities discovered. Which of the following best describes a
                                       tif

buffer overflow?
                                er


A. This happens when more data is put into a buffer or holding area, then the buffer can handle.
   This can result in system crashes or the creation of a back door leading to system access.
B. A resident computer program which, when executed, checks for a particular condition or
                          C



   particular state of the system which, when satisfied, triggers the perpetration of an
   unauthorized act.
                   IT




C. A hole in the security of a computer system deliberately left in place by designers or
   maintainers. Synonymous with trap door; a hidden software or hardware mechanism used to
   circumvent security controls.
          Be




D. An intrusion into a computer system where unauthorized disclosure, modification or
   destruction of sensitive information may have occurred.
E. The successful defeat of security controls, which could result in a penetration of the system.
   A violation of
F. controls of a particular information system such that information assets or system
   components are unduly exposed.

Answer: A

Question: 258
You have become the lead security professional for a mid-sized organization. You are currently
Studying DNS issues, and configuration options. You come across the concepts of DNS
Spoofing, and investigate more. What is DNS Spoofing?

A. DNS Spoofing is when the DNS client submits a false DNS request to the DNS server, and
   the DNS server responds with correct data.
B. DNS Spoofing is the DNS client submits a DNS request to the DNS server using a bogus IP
   address, and the DNS server responds to the incorrect host.

Page 73 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574

C. DNS Spoofing is when a DNS Server responds to an unauthorized DNS client, providing that
   client with name resolution.
D. DNS Spoofing is when a DNS client is forced to make a DNS query to an imposter DNS
   server, which send the client to an imposter resource.
E. DNS spoofing is when a DNS server provides name resolution to clients that are located in a
   different IP subnet than the server itself.

Answer: D

Question: 259
You work for a medium sized ISP and there have been several attacks of the DNS configuration
recently. You are particularly concerned with DNS Spoofing attacks. If an attacker is able to take
advantage of a BIND vulnerability to gain root access, where he or she may control the network
configuration, including zone transfers, this is which type of DNS Spoofing?

A. DNS Server Compromise




                                                            om
B. DNS Cache Poisoning
C. Spoofing the DNS Response
D. DNS Source-Router Spoof
E. IXFR Source-Spoof




                                                      .c
Answer: A

Question: 260                                  d
The exhibit represents a simple routed network. Node 7 is a Windows NT 4.0 Workstation that
                                            ie
establishes a TCP communication with Node 10, a Windows 2000 Professional host. The routers
are Cisco 2500 series running IOS 11.2. While working at Node 10, you run a packet capture.
                                      tif

When Node 10 receives a packet sent by Node 7, what will the capture reveal is the source MAC
address?
                               er
                         C
                  IT
          Be




Page 74 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574




                                                            om
                                               d      .c
                                            ie
                                        tif
                               er


A. Interface for Node 7
B. Interface E0 of Router A
C. Interfaces for both Nodes 7 and E0
                         C



D. Interface E0 of Router D
E. Interface for Node 10
                  IT




Answer: D
          Be




Question: 261
You are a host in a network segment that has IP addresses in the range of
192.168.16.1~192.168.31.254. You need to create an access control list that will filter your
segment of addresses. Which of the following is the wildcard mask that will be used to filter your
network segment?

A. 10.0.16.1/20
B. 0.0.16.254
C. 255.240.0.0
D. 0.0.240.0
E. 0.0.15.255

Answer: E

Question: 262
You are configuring the Access Lists for your new Cisco Router. The following are the commands
That are entered into the router for the list configuration.
Router(config)#access-list 55 deny 10.10.12.0 0.0.0.255

Page 75 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574

Router(config)#access-list 55 permit 0.0.0.0 255.255.255.255
Router(config)#interface E1
Router(config-if)#ip access-group 55 out
Router(config-if)#interface S0
Router(config-if)#ip access-group 55 out
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




                                                            om
                                               d      .c
                                            ie
                                      tif
                               er
                         C
                  IT




A. Permit network 10.10.12.0 access to network 10.10.11.0
B. Permit network 10.10.12.0 access to network 10.10.10.0
C. Permit network 10.10.12.0 access to the Internet
          Be




D. Permit network 10.10.10.0 access to the Internet
E. Permit network 10.10.11.0 access to the Internet

Answer: B, D, E

Question: 263
You are configuring the Access Lists for your new Cisco Router. The following are the commands
That are entered into the router for the list configuration.
Router(config)#access-list 145 deny tcp any 10.10.0.0 0.0.255.255 eq 80
Router(config)#access-list 145 deny tcp any 10.10.0.0 0.0.255.255 eq 23
Router(config)#access-list 145 permit ip any any
Router(config)#interface Serial 0
Router(config-if)#ip access-group 145 in
Router(config-if)#interface Ethernet 0
Router(config-if)# ip access-group 145 in
Router(config-if)#interface Ethernet 1
Router(config-if)# ip access-group 145 in
Router(config-if)#interface Ethernet 2

Page 76 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:           SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:     574

Router(config-if)# ip access-group 145 in
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




                                                            om
                                               d      .c
                                            ie
                                      tif
                               er


A. Permit network 10.10.10.0 to Telnet to the Internet
B. Permit network 10.10.10.0 to Telnet to network 10.10.11.0
                         C



C. Permit network 10.10.10.0 to Telnet to network 10.10.12.0
D. Deny network 10.10.10.0 to access Internet WWW sites
                  IT




E. Permit network 10.10.10.0 to access Internet WWW sites

Answer: A, E
          Be




Question: 264
You are configuring the Access Lists for your new Cisco Router. The following are the commands
That are entered into the router for the list configuration.
Router(config)#access-list 64 deny 10.10.11.0 0.0.0.255
Router(config)#access-list 64 deny 10.10.12.0 0.0.0.255
Router(config)#interface Ethernet 0
Router(config-if)#ip access-group 64 out
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




Page 77 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574




                                                            om
                                               d      .c
                                            ie
                                      tif
A. Deny network 10.10.11.0 from access to network 10.10.12.0
B. Deny network 10.10.12.0 from access to network 10.10.11.0
                               er


C. Deny network 10.10.11.0 from access to network 10.10.10.0
D. Deny network 10.10.12.0 from access to network 10.10.10.0
E. Deny all outgoing traffic on E0
                         C



Answer: C, D, E
                  IT




Question: 265
You are configuring the Access Lists for your new Cisco Router. The following are the commands
          Be




That are entered into the router for the list configuration.
Router(config)#access-list 13 deny 10.10.10.0 0.0.0.255
Router(config)#access-list 13 permit 10.10.11.0 0.0.0.255
Router(config)#access-list 15 deny 10.10.12.0 0.0.0.255
Router(config)#access-list 15 permit 10.10.11.0 0.0.0.255
Router(config)#interface Ethernet 0
Router(config-if)#ip access-group 13 out
Router(config-if)#interface Ethernet 2
Router(config-if)#ip access-group 13 out
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




Page 78 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574




                                                             om
                                               d      .c
                                            ie
                                      tif
A. Deny network 10.10.10.0 from accessing network 10.10.12.0
B. Deny network 10.10.12.0 from accessing network 10.10.10.0
                               er


C. Permit network 10.10.10.0 access to all other networks
D. Deny network 10.10.12.0 from accessing network 10.10.11.0
E. Permit network 10.10.11.0 access to all other networks
                         C



Answer: A, E
                   IT




Question: 266
When you took over the security responsibilities at your office, you noticed there were no warning
          Be




banners on any of the equipment. You have decided to create a warning login banner on your
Cisco router. Which of the following shows the correct syntax for the banner creation?

A. banner login C Restricted access. Only authorized users allowed to access this device. C
B. login banner C Restricted access. Only authorized users allowed to access this device. C
C. banner login Restricted access. Only authorized users allowed to access this device.
D. login banner Restricted access. Only authorized users allowed to access this device.
E. banner logging C Restricted access. Only authorized users allowed to access this device. C

Answer: A

Question: 267
You have been given the task of router configuration and security in your network. One of the first
things you wish to do is to modify the Terminal password. Which of the following shows the
correct syntax for all the Terminal sessions?

A. line vty 0
   login

Page 79 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574

   password s3cr3+
B. line vty 4
   login
   password s3cr3+
C. line vty-0 4
   passwd s3cr3+
D. line vty 0 4
   login
   password s3cr3+
E. line vty 0 4
   password
   login s3cr3+

Answer: D

Question: 268




                                                             om
You are configuring your new Cisco router. During your configuration you wish to eliminate any
security risks you can, as based on your organizational security policy. The policy states that the
Cisco Discovery Protocol is not to be used on any interface on any of the routers. What is the
command to turn off CDP for the entire router?




                                                      .c
A. no cdp broadcast
B. cdp disable
C. no cdp enable
D. no cdp run
                                               d
                                            ie
E. no cdp neighbors
                                      tif

Answer: D
                               er


Question: 269
You are configuring your new Cisco router. During your configuration you wish to eliminate any
security risks you can, as based on your organizational security policy. The policy states that the
                         C



Cisco Discovery Protocol is not to be used on any interface that is connected to the Internet.
What is the command to turn off CDP for a specific router interface?
                   IT




A. no cdp broadcast
B. cdp enable
         Be




C. no cdp enable
D. no cdp run
E. no cdp neighbors

Answer: C

Question: 270
You are concerned about attacks against your network, and have decided to implement some
defensive measure on your routers. If you have 3 interfaces, S1, S0, and E0, and you implement
the following configuration, what attack will you be defending against?
Router#config terminal
Router(config)# Interface Ethernet 0
Router(config-if)#no ip directed broadcast
Router(config-if)#Interface Serial 0
Router(config-if)#no ip directed broadcast
Router(config-if)#Interface Serial 1
Router(config-if)#no ip directed broadcast
Router(config)#Z

Page 80 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                     Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                 Total Questions:      574

Router#

A. Smurf
B. BO2K
C. SubSeven
D. Any Trojan
E. Any Worm

Answer: A

Question: 271
Your new Cisco router has many different modes of authentication. What are the two main
categories of authentication to the Cisco router?

A. Kerberos
B. The AAA Method




                                                          om
C. RADIUS
D. The Non-AAA Method
E. TACACS

Answer: B, D




                                                    .c
Question: 272
                                                d
You are building custom ACLs on your routers to prevent known attacks from being successful
against your network. If you have configured and implemented the following statements, what two
                                             ie
attacks are you working towards preventing?
Router(config)#access-list 160 deny tcp any any eq 27665
                                       tif

Router(config)#access-list 160 deny udp any any eq 31335
Router(config)#access-list 160 deny udp any any eq 27444
                                er


Router(config)#access-list 160 deny tcp any any eq 6776
Router(config)#access-list 160 deny tcp any any eq 6669
Router(config)#access-list 160 deny tcp any any eq 2222
                          C



Router(config)#access-list 160 deny tcp any any eq 7000
                   IT




A. A SYN Attack
B. A Land Attack
C. TRIN00 DDoS Attack
          Be




D. SubSeven DDoS Attack
E. A Spoofing Attack

Answer: C, D

Question: 273
If you configure an access-list to block the following networks, what are you trying to protect
against?
Network 127.0.0.0/8, Network 0.0.0.0\0, Network 10.0.0.0\8, Network 172.16.0.0\16, and Network
192.168.0.0\16.

A. You are trying to protect against hijacking
B. You are trying to protect against spoofing
C. You are trying to protect against sniffing
D. You are trying to protect against splicing
E. You are trying to protect against capturing

Answer: B

Page 81 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:       574



Question: 274
You are going to enable a new Auditing and Logging system in your network. What are the
methods of Logging on a Cisco router?

A. Console Logging
B. Terminal Logging
C. Buffered Logging
D. SMTP Logging
E. Syslog Logging

Answer: A, B, C, E

Question: 275
During your review of the logs of your Cisco router, you see the following line. What is the
meaning of this line?




                                                              om
%SYS-5-CONFIG_I: Configured from console by vty1 (172.16.10.1)

A. A normal, but noteworthy event
B. An informative message
C. A warning condition has occurred




                                                        .c
D. A debugging message
E. An error condition has occurred

Answer: A
                                                d
                                             ie
Question: 276
                                       tif

You are configuring a Cisco Router, and are creating Access Control Lists as part of the security
of the network. When creating Wildcard Masks, which of the following rules apply?
                                er


A. If the wildcard mask bit is a 1, then do not check the corresponding bit of the IP address for a
   match.
                          C



B. If the wildcard mask bit is a 0, then do not check the corresponding bit of the IP address for a
   match.
                   IT




C. If the wildcard mask bit is a 1, then do check the corresponding bit of the IP address for a
   match.
D. If the wildcard mask bit is a 0, then do check the corresponding bit of the IP address for a
         Be




   match.
E. To create a Wildcard Mask, always take the inverse of the Subnet Mask.

Answer: A, D

Question: 277
You have decided to implement SSH for communicating to your router. What does SSH use to
establish a secure channel of communication?

A. RSA Public Key Cryptography
B. DES Public Key Cryptography
C. MD5 Private Key Cryptography
D. MD5 Public Key Cryptography
E. RSA Private Key Cryptography

Answer: A

Question: 278

Page 82 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:          SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:    574

What is the function of the following configuration fragment?

Router#configure terminal
Router(config)#line vty 0 4
Router(config-line)#transport input ssh telnet
Router(config-line)#Z
Router#

A. The router will attempt to use SSH first, then use Telnet
B. The router will attempt to use Telnet first, then use SSH
C. The router will accept only SSH on VTY 0 4
D. The router will accept both Telnet and SSH connections
E. The router will accept only Telnet on VTY 0 4

Answer: D




                                                                om
Question: 279
You are going to migrate the Cisco routers in your network from RIPv1 to RIPv2. What is a
security advantage that RIPv2 provides over RIPv1?

A. RIPv2 encrypts all of the router updates




                                                       .c
B. RIPv2 encrypts all the payloads in router updates
C. RIPv2 provides for authentication using Smart Cards and Kerberos
                                                d
D. RIPv2 provides for authentication using NTLMv2
E. RIPv2 allows for authentication of updates
                                             ie
Answer: E
                                       tif

Question: 280
                                er


Which of the following is a distance vector routing protocol algorithm?

A. Bell-Lapuda
                          C



B. Diffie-Hellman
C. Dijkstra
                    IT




D. Bellman-Ford
E. Floyd-Warshall
F. Cisco-Ebert
         Be




Answer: D

Question: 281
A router has two active Ethernet interfaces. Interface E0 is connected to network 10.10.0.0/16
While Interface E1 is connected to network 10.11.0.0/16. You are configuring access control lists
to manage specific access, which is disallowed on these segments. The configuration of the lists
are as follows:
router(config)#access-list 123 deny tcp 10.11.0.0 0.0.255.255 10.10.0.0 0.0.255.255 eq 20
router(config)#access-list 123 deny tcp 10.11.0.0 0.0.255.255 10.10.0.0 0.0.255.255 eq 21
router(config)#access-list 123 deny tcp 10.10.0.0 0.0.255.255 10.11.0.0 0.0.255.255 eq 20
router(config)#access-list 123 deny tcp 10.10.0.0 0.0.255.255 10.11.0.0 0.0.255.255 eq 21
router(config)#access-list 123 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
router(config)#Interface Ethernet 0
router(config-if)#ip access-group 123 in
router(config-if)#Interface Ethernet 1
router(config-if)#ip access-group 123 in
Based on the above list configuration, which of the following statements is true on the router?

Page 83 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574



A. All packets will be dropped
B. All packets that match the deny statements will be forwarded to the console port
C. All packets that do not match the deny statements will be allowed
D. An Access List cannot simultaneously be implemented upon two or more interfaces
E. We do not know if this is a standard or extended access list, therefore there is not enough
   information.

Answer: A

Question: 282
You are a host in a network segment that has IP addresses in the range of
10.0.16.1~10.0.31.254. You need to create an access control list that will filter your segment of
addresses. Which of the following is the wildcard mask that will be used to filter your network
segment?




                                                             om
A. 0.0.15.255
B. 0.0.16.254
C. 255.240.0.0
D. 0.0.240.0
E. 10.0.16.1/20




                                                       .c
Answer: A

Question: 283
                                               d
                                            ie
In order to properly manage the network traffic in your organization, you need a complete
understanding of protocols and networking models. In regards to the 7-layer OSI model, what is
                                      tif

the function of the Network Layer?
                               er


A. The Network layer allows two applications on different computers to establish, use, and end a
   session. This layer establishes dialog control between the two computers in a session,
   regulating which side transmits, plus when and how long it transmits.
                          C



B. The Network layer manages logical addresses. It also determines the route from the source
   to the destination computer and manages traffic problems, such as routing, and controlling
                   IT




   the congestion of data packets.
C. The Network layer packages raw bits from the Physical (Layer 1) layer into frames (structured
   packets for data). Physical addressing (as opposed to network or logical addressing) defines
         Be




   how devices are addressed at the data link layer. This layer is responsible for transferring
   frames from one computer to another, without errors. After sending a frame, it waits for an
   acknowledgment from the receiving computer.
D. The Network layer transmits bits from one computer to another and regulates the
   transmission of a stream of bits over a physical medium. For example, this layer defines how
   the cable is attached to the network adapter and what transmission technique is used to send
   data over the cable.
E. The Network layer handles error recognition and recovery. It also repackages long
   messages, when necessary, into small packets for transmission and, at the receiving end,
   rebuilds packets into the original message. The corresponding Network layer at the receiving
   end also sends receipt acknowledgments.

Answer: B

Question: 284
You are currently consulting at a site where the entire office is running Linux based computers.
You are running a packet capture of the traffic on one Ethernet segment and are examining the


Page 84 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574

frames. What protocol is used to make the connection between Layer Two and Layer Three
addresses?

A. IP
B. ARP
C. TCP
D. UDP
E. ICMP

Answer: B

Question: 285
You are running Network Monitor to capture packets for analysis. You have a filter set to only
analyze IP packets. In addition to the packet capture you must identify how IP functions as a
protocol. Which of the following options does IP not provide?




                                                           om
A. Error control for data.
B. Logical OSI model Layer Three Addressing
C. Exchange of Routing Table updates for timely convergence
D. Acknowledgements either end-to-end or hop-to-hop
E. Flow control for data.




                                                     .c
Answer: A, C, D, E

Question: 286
                                              d
                                           ie
Recently you feel your network has been attacked by people sending out-of-spec packets to your
Firewall in order to get past the firewall rules. You have decided that you will capture all the
                                     tif

packets on the firewall segment with network monitor to analyze the TCP headers for proper use.
If you capture a packet that is the first part of a legitimate three way handshake, with a SEQ of
                              er


0xD256077AF and an ACK of 0x0, what will the responding host send back in packet two of the
three way handshake?
                         C



A. ACK 0xD256077B0
B. ACK 0xD256077AC
                  IT




C. ACK 0xD256077AD
D. ACK 0xD256077AF
E. ACK 0xD256077AE
          Be




Answer: A

Question: 287
One of the firewalls in your organization has been moved and requires a new configuration. While
You work on the new configuration, you remember that there is an application that has been
developed in-house that uses Broadcast addressing. You tell your assistant this, and are asked
what Broadcast is. Which of the following best describes Broadcast?

A. Broadcast is the term used to describe communication where a piece      of information is sent
   from one or more points to a set of other points.
B. Broadcast is the term used to describe communication where a piece      of information is sent
   from many points to one single point.
C. Broadcast is the term used to describe communication where a piece      of information is sent
   from one point to all other points.
D. Broadcast is the term used to describe communication where several      pieces of information
   are sent from one or more points to all other points.


Page 85 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:       574

E. Broadcast is the term used to describe communication where a piece of information is sent
   from one point to another point.

Answer: C

Question: 288
You are introducing a co-worker to the security systems in place in your organization. Early in the

discussion you begin talking about the network, and how it is implemented. You decide to run a
packet capture to identify different aspects of network traffic for your co-worker. In the packet
capture you are able to identify Protocol IDs. Which of the following is the IP Protocol ID for UDP?

A. Protocol ID 51
B. Protocol ID 21
C. Protocol ID 6
D. Protocol ID 17




                                                             om
E. Protocol ID 11

Answer: D

Question: 289




                                                       .c
According to the Internet Assigned Numbers Authority, port numbers are divided into three
ranges – the Well-Known Ports, the Registered Ports and the Dynamic and/or Private Ports. The
Registered Ports range from:                    d
                                             ie
A. 0-255
B. 1024-49151
                                      tif

C. 1023-49150
D. 1023-49151
                               er


E. 1024-4999

Answer: B
                          C



Question: 290
                    IT




You are training some network administrators to analyze log files. Some of the logs present IP
Addresses in binary. You explain the usefulness of reading addresses in multiple formats. You
demonstrate several conversions between decimal and binary. What is the decimal equivalent of
         Be




the following binary IP address:
11001111.10001010.01101101.01110001

A. 197.138.119.113
B. 217.126.109.213
C. 217.138.119.113
D. 197.136.119.117
E. 207.138.109.113

Answer: E

Question: 291
You are training some network administrators to analyze log files. Some of the logs present IP
Addresses in binary. You explain the usefulness of reading addresses in multiple formats. You
demonstrate several conversions between decimal and binary. What is the binary equivalent of
the following IP address:
13.10.191.1


Page 86 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                      Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                  Total Questions:      574

A. 00011001.00001010.10111111.00000001
B. 00001101.00011010.10111111.00000001
C. 00001101.00001010.10111111.00000001
D. 01011001.00001010.00001010.00000001
E. 00001101.00001010.11110111.00000001

Answer: C

Question: 292
You are configuring the IP addressing for your network. One of the subnets has been defined with
addresses already. You run ifconfig on a host and determine that it has an address of
172.18.32.54 with a mask of 255.255.254.0. What is the network ID to which this host belongs?

A. 172.18.0.0
B. 0.0.32.0
C. 172.0.0.0




                                                           om
D. 172.18.32.32
E. 172.18.32.0

Answer: E




                                                     .c
Question: 293
In order to properly manage the network traffic in your organization, you need a complete
                                               d
understanding of protocols and networking models. In regards to the 7-layer OSI model, what is
the function of the Data Link Layer?
                                            ie
A. The Data Link layer allows two applications on different computers to establish, use, and end
                                      tif

   a session. This layer establishes dialog control between the two computers in a session,
   regulating which side transmits, plus when and how long it transmits.
                               er


B. The Data Link layer manages logical addresses. It also determines the route from the source
   to the destination computer and manages traffic problems, such as routing, and controlling
   the congestion of data packets.
                          C



C. The Data Link layer packages raw bits from the Physical (Layer 1) layer into frames
   (structured packets for data). Physical addressing (as opposed to network or logical
                    IT




   addressing) defines how devices are addressed atthe data link layer. This layer is
   responsible for transferring frames from one computer to another, without errors. After
   sending a frame, it waits for an acknowledgment from the receiving computer.
          Be




D. The Data Link layer transmits bits from one computer to another and regulates the
   transmission of a stream of bits over a physical medium. For example, this layer defines how
   the cable is attached to the network adapter and what transmission technique is used to send
   data over the cable.
E. The Data Link layer handles error recognition and recovery. It also repackages long
   messages, when necessary, into small packets for transmission and, at the receiving end,
   rebuilds packets into the original message. The corresponding Data Link layer at the
   receiving end also sends receipt acknowledgments.

Answer: C

Question: 294
You are configuring the IP addressing for your network. One of the subnets has been defined with
addresses already. You run ifconfig on a host and determine that it has an address of
10.12.32.18/14. What is the network ID for this host?

A. 10.0.0.0
B. 10.255.255.255

Page 87 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:         SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:   574

C. 10.12.0.0
D. 10.12.255.255
E. 10.15.0.0

Answer: C

Question: 295
During a discussion with a colleague you bring up the Department of Defense networking model.
Your colleague has not heard of this so you describe the model and how it relates to the OSI
model. Which of the following layers of the OSI model correspond to the DOD model's Transport
Layer?

A. The Network Layer
B. The Data Link Layer
C. The Session Layer
D. The Transport Layer




                                                             om
E. The Physical Layer

Answer: D

Question: 296




                                                       .c
In order to perform promiscuous mode captures using the Ethereal capture tool on a Windows
2000 machine, what must first be installed?

A. IPv4 stack
                                                d
                                             ie
B. IPv6 stack
C. WinPcap
                                         tif

D. Nothing, it will capture by default
E. At least two network adapters
                                 er


Answer: C
                           C



Question: 297
According to Internet Assigned Numbers Authority, port numbers are divided into three ranges -
                    IT




the Well-Known Ports, the Registered Ports and the Dynamic and/or Private Ports. The Dynamic
ports range from:
          Be




A. 0-255
B. 0-1023
C. 1-1024
D. 1024-49151
E. 49152-65535

Answer: E

Question: 298
In an ICMP Message, what is the function of the first eight bits?

A. To define the source port number
B. To define the type
C. To define the destination port number
D. To define the IP Version
E. To define the upper layer protocol

Answer: B

Page 88 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                       Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                   Total Questions:      574



Question: 299
You are configuring the IP addressing for your network. One of the subnets has been defined with
addresses already. You run ifconfig on a host and determine that it has an address of
192.168.32.54/27.
What is the network ID to which this host belongs?

A. 192.168.0.0
B. 0.0.32.54
C. 192.168.32.0
D. 192.168.32.32
E. 192.168.32.54

Answer: D

Question: 300




                                                            om
It is a given that two computers that communicate using TCP/IP as the protocol must use valid
addresses and media to do so. What combination of the following is required to create a TCP/IP
socket?

A. The MAC Address, the IP Address and the IP Protocol ID




                                                     .c
B. The IP Address, the IP Protocol ID and a Port number
C. The MAC Address and the IP Protocol ID
                                              d
D. The MAC Address, the IP Protocol ID and a Port number
E. The Ethertype and a Port number
                                           ie
Answer: B
                                     tif

Question: 301
                              er


In your network, you manage a mixed environment of Windows, Linux, and UNIX computers. The
clients run Windows 2000 Professional and Windows NT 4.0 Workstation, while the Servers are
UNIX and Linux based with custom applications. During routine administration you successfully
                         C



ping several nodes in the network. During this you are running a packet capture for further
analysis. When examining one of the frames you notice that the Ethernet address for the source
                   IT




is 1ED0.097E.E5E9 and that for the destination is 1ED0.096F.5B13. From this information you
gather that:
         Be




A. They are in different networks
B. The destination address is in the 1ED0 subnet
C. The network cards are by the same manufacturer
D. The destination address is in the 1ED0.09AA subnet
E. The source and destination share the same MAC subnet

Answer: C

Question: 302
You are running a packet sniffer on your network and capture the TFTP transfer shown in the
image. A co-worker leans over your shoulder and asks what the value of the circled byte stands
for. You tell him it identifies the IP Protocol know as?




Page 89 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:          SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:    574




                                                                om
A. IP
B. RIP
C. TCP
D. UDP




                                                          .c
E. IGRP

Answer: D                                         d
                                               ie
Question: 303
During a security review of the network it is decided to run a full packet capture over a 24 hour
                                        tif

period and log the packets for analysis. You have been chosen to analyze all the TCP packets.
To prepare you study the RFC for TCP and have identified all the parts of the TCP header. Which
                                 er


of the following are parts of the TCP header?

A. Syn and Fin Flags
                           C



B. Sequence Number
C. Source OSI Model Layer Three Address
                    IT




D. Destination OSI Model Layer Three Address
E. Acknowledgement Number
          Be




Answer: A, B, E

Question: 304
During a discussion with a colleague you bring up the Department of Defense networking model.
Your colleague has not heard of this so you describe the model and how it relates to the OSI
model. Which of the following layers of the OSI model correspond to the DOD model's Network
Access Layers?

A. The Data Link Layer
B. The Network Layer
C. The Physical Layer
D. The Transport Layer
E. The Session Layer

Answer: A, C

Question: 305
In an IP Header, what is the function of the first four bits?

Page 90 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574



A. To define the type
B. To define the source port number
C. To define the destination port number
D. To define the IP Version
E. To define the upper layer protocol

Answer: D

Question: 306
Your network is a mixed environment of Windows, Linux, UNIX, and Novell computers. The
routers are primarily Cisco and the network uses a T-1 to connect to the Internet. Internally, you
have configured NNTP on several servers. For security purposes, you have decided to block
incoming NNTP traffic at the Firewall. Which port will you block at the Firewall?

A. 23




                                                            om
B. 25
C. 53
D. 80
E. 119




                                                      .c
Answer: E

Question: 307                                  d
You are training some network administrators to analyze log files. Many of the logs present IP
                                            ie
Addresses in binary. You explain the usefulness of reading addresses in multiple formats. You
demonstrate several conversions between decimal and binary. What is the decimal equivalent of
                                      tif

the following binary IP address:
10101011.00010000.00100000.00110001
                               er


A. 13.16.32.01
B. 193.16.64.69
                         C



C. 169.138.32.39
D. 171.16.32.49
                   IT




E. 169.254.32.59

Answer: D
          Be




Question: 308
Your network had recently been heavily attacked. Part of the response has been the re-
assignment of IP addresses in the entire network. What is the last valid host ID you can use after
implementing a new IP network, using 172.16.44.0/23 as your address scheme?

A. 172.16.44.254
B. 172.16.44.255
C. 172.16.45.254
D. 172.16.45.255
E. 172.16.46.254

Answer: C

Question: 309
The three-way handshake utilizes three steps, identified as: Step 1, 2 and 3, that take place
between a client and a server in order to establish a TCP connection. In Step 2 of the three-way
handshake, the Server is said to be performing:

Page 91 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574



A. An Active Open
B. A Passive Open
C. Both Active and Passive Open
D. A Passive Open, while simultaneously closing the Client's Active Open
E. An Active Open, while simultaneously closing the Client's Passive Ope00000000000n

Answer: B

Question: 310
The exhibit shows the partial contents of a Network Monitor capture on a Windows 2000 FTP
Server. Each line represents information pertaining to a frame. What is the sequence number
used by TCP for the second part of the three way handshake?




                                                             om
                                               d      .c
                                            ie
                                      tif
                                  er


A. 0
B. 2052360113
C. 2052360112
                         C



D. win:16384, src: 2025 dst: 21
E. 261014593
                   IT




Answer: E
         Be




Question: 311
You are aware of the fact that TCP/IP is made up of several protocols, including IP. You are
analyzing IP packets for traffic analysis on your local network segment. There are several key
mechanisms that are implemented as fields in the IP header. For what is the Time to Live (TTL)
field in the IP header used?

A. The TTL field is used to provide a verification that the information used in processing Internet
   datagrams have been transmitted correctly. The data may contain errors. If the TTL fails, the
   Internet datagram is discarded at once by the entity, which detects the error.
B. The TTL field is used as an indication of an upper bound on the lifetime of an Internet
   datagram. The TTL is set by the sender of the datagram and reduced at the points along the
   route where it is processed. If the TTL reaches zero before the Internet datagram reaches its
   destination, the Internet datagram is destroyed.
C. The TTL field is used to provide control functions needed or useful in some situations but
   unnecessary for the most common communications. The TTL options include provisions for
   timestamps, security, and special routing.
D. The TTL field is used to indicate the quality of the service desired. The TTL is an abstract or
   generalized set of parameters, which characterize the service choices provided in the

Page 92 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574

   networks that make up the Internet. This ToS indication is to be used by gateways to select
   the actual transmission parameters for a particular network, the network to be used for the
   next hop, or the gateway when routing an Internet datagram.
E. The TTL field is used to determine the type of control messages that are to be sent between
   client and server during Internet datagram transmission. If the TTL field is labeled as unused,
   it is reserved for later extensions and must be zero when sent, and receivers should not use
   the TTL field (Except to include it in the checksum).

Answer: B

Question: 312
During your packet capture of traffic to check if your network is getting hit by a Denial of Service
attack, you analyze TCP headers. You notice there are many headers that seem to have the
same SEQ number, with the responding computer using different SEQ and ACK numbers in
response. If you are analyzing a normal three-way handshake between two Windows 2000
nodes, and the first packet has a SEQ of 0xD36077AF, what will the responding computer use




                                                             om
as an ACK?

A. 1xD36077B0
B. 0xD36077B0
C. 1xD36077AE




                                                       .c
D. 0xD36077AE
E. 1xD36077CF

Answer: B
                                                d
                                             ie
Question: 313
                                      tif

What is the bit length of an IPv6 address?
                               er


A. 16 bits
B. 24 bits
C. 48 bits
                          C



D. 64 bits
E. 128 bits
                   IT




Answer: E
         Be




Question: 314
As you become more involved in the security and networking of your organization, you wish to
learn the exact details of the protocols in use. It is suggested to you, by a friend, that you check
the RFC for each protocol. What is an RFC?

A. An RFC is a program that has a searchable index to troubleshoot network problems.
B. An RFC is a document that discusses issues surrounding the Internet, networking
   technologies, and/or networking protocols.
C. An RFC is a hidden resource, which can be called up via the Windows Help file to identify
   details about networking protocols.
D. An RFC is a single document that details all the communications protocols and technologies
   used on the Internet.
E. An RFC is a single document that details all the communications protocols and technologies
   used on an Intranet.

Answer: B

Question: 315

Page 93 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                       Exam Code:            SC0-411
Doc Type:            Q & A with Explanations                   Total Questions:      574

Which of the following represent an IPv6 address?

A. FEDC.BA98.7654.3210.FEDC.BA98.7654.3210
B. FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
C. 192.168.10.1
D. 192:168:10:1
E. FE:192.168.10.1:DC

Answer: B

Question: 316
Which of the following are reasons that a migration to IPv6 will take place?

A. IPv4 Address do not perform NAT efficiently
B. IPv4 Addresses are running out
C. IPv4 Routing Tables are too large




                                                             om
D. IPv4 Private addressing is insufficient
E. IPv4 Addresses cannot scale to very large networks

Answer: BC




                                                       .c
Question: 317
Which of the following presents an address that can be used during the transition of the
department from IPv4 to IPv6?
A. ::ffff:192.168.10.1
                                                d
                                             ie
B. 192.168.10.1:ffff::
                                       tif

C. :ffff:192.168.10.1
D. 192.168.10.1:ffff:
                                er


E. ::ff:192:168:10:1

Answer: A
                           C



Question: 318
                    IT




What is the loopback address used for IPv6?

A. 127.0.0.1
          Be




B. 127:0:0:1
C. ff::1
D. :f:1
E. ::1

Answer: E

Question: 319
What are the three types of addresses in an IPv6 implementation?

A. Unicast
B. Multicast
C. Broadcast
D. Directcast
E. Anycast

Answer: A, B, E


Page 94 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                            Exam Code:         SC0-411
Doc Type:           Q & A with Explanations                        Total Questions:   574

Question: 320
Your office branch has been assigned the network address of 10.10.0.0/16 by the Corporate HQ.
Presently your network addressing scheme has these addresses split into eight networks as
shown below:
1: 10.10.0.0/19
2: 10.10.32.0/19
3: 10.10.64.0/19
4: 10.10.96.0/19
5: 10.10.128.0/19
6: 10.10.160.0/19
7: 10.10.192.0/19
8: 10.10.224.0/19
You need to take the currently unused network 10.10.160.0/19 and further divide it into sixteen
networks for use by satellite branches that are being deployed shortly. What will the new subnet
mask be for these new networks?




                                                              om
A. 255.255.248.0
B. 255.255.252.0
C. 255.254.254.0
D. 255.255.240.0
E. 255.255.255.0




                                                        .c
Answer: C

Question: 321
                                                d
                                             ie
Your company has been assigned the network address of 172.16.0.0/16. Presently your branch
has been given the unused address block 172.16.80.0/20. It is your job to split your branch's
                                       tif

address block into eight equal networks. What subnet mask will you be using for your branch's
networks?
                                er


A. 255.255.252.0
B. 255.255.254.0
                          C



C. 255.255.240.0
D. 255.255.248.0
                   IT




E. 255.255.255.0
Answer: B
Question: 322
         Be




In a UDP Header, what is the function of the first sixteen bits?
A. To define the upper layer protocol
B. To define the source port number
C. To define the destination port number
D. To define the IP Version
E. To define the type

Answer: B

Question: 323
If you are using a Windows 2000 Server, and enter a command that provides the following output
in the Command Prompt, what command did you type?
Interface 4 (site 1): 10101
uses Neighbor Discovery
link-level address: 00-d0-09-7f-0b-21
duplicate address: fe80::2d0:9ff:fe7f:b21,
infinite/infinite


Page 95 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                      Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                  Total Questions:       574

A. ping if 4
B. ipv6ping if 4
C. ipv6 adapter 4
D. ipv6 if
E. ipconfig 4

Answer: D

Question: 324
You suspect an increase in malicious traffic on your network. You run several packet captures to
Analyze traffic patterns and look for signs of intruders. While studying the packets, you are
currently looking for TCP packets. You choose to use the IP Protocol ID to locate different kinds
of packets. What is the IP Protocol ID of TCP?

A. 1
B. 6




                                                           om
C. 17
D. 25
E. 9

Answer: B




                                                     .c
Question: 325
                                               d
You are setting up a Web server to host your company's Websites. You are implementing a
Windows 2000 Server to host these sites. One site needs to be secured using HTTPS. You have
                                            ie
a firewall on the network and need to allow the traffic through to the server. Which port on the
firewall do you need to open to permit the secure site's traffic flow?
                                      tif

A. 23
                               er


B. 443
C. 53
D. 80
                          C



E. 119
                    IT




Answer: B

Question: 326
         Be




According to the Internet Assigned Numbers Authority, port numbers are divided into three
ranges – the Well-Known Ports, the Registered Ports and the Dynamic and/or Private Ports. The
Well Known ports range from:

A. 0-255
B. 0-1023
C. 1-1024
D. 1024-49151
E. 1024-4999

Answer: B

Question: 327
You are configuring the IP addressing for your network. One of the subnets has been defined with
addresses already. You run ifconfig on a host and determine that it has an address of
10.12.32.18/14. What is the broadcast address for this network?


Page 96 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:       574

A. 0.0.0.0
B. 10.255.255.255
C. 10.12.0.0
D. 10.12.255.255
E. 10.15.255.255

Answer: E

Question: 328
You are introducing a co-worker to the security systems in place in your organization. During the
discussion you begin talking about the network, and how it is implemented. You mention
something in RFC 791, and are asked what that is. What does RFC 791 specify the standards
for?

A. IP
B. TCP




                                                             om
C. UDP
D. ICMP
E. Ethernet

Answer: A




                                                       .c
Question: 329
                                                d
Windows 2000 share permissions can be implemented slightly differently from Windows NT 4 as
you can selectively check the Allow or Deny boxes for Read, Change or Full Control. The
                                             ie
equivalent in Windows 2000 of selecting Windows NT 4's explicit 'No Access' share permission
is:
                                      tif

A. First Check the Allow boxes for Read, Change and Full Control. Then check the Deny box for
                               er


   Read. Explicitly denying Read access is the same as No Access.
B. Check the Deny box for Full Control. All three Deny boxes will then automatically be checked.
   This is the same as No Access.
                          C



C. Check the Deny box for Change. If you cannot Change, you cannot Read, and therefore you
   have No Access.
                    IT




D. Check the Deny box for Read and Change. If you are explicitly denied Read or Change
   permissions then you have No Access.
E. Keep the share as is. However, in the 'User Limit' dialog box you have an option to reduce
          Be




   the number of users that can access this share. Reduce this number to 0. This is the
   equivalent of No Access.

Answer: B

Question: 330
In Windows 2000, there are four methods of implementing IPSec. They are:
1- Require Security
2 - Request Security
3 - Respond Only
4 - No IPSec Policy
Your network hosts many servers, and different security policies are in place in different locations
in the network. The Clients and Servers in your network are configured as follows:
-You have servers numbered 1-9, which have a policy stating they require no network traffic
security.
-You have servers numbered 10-19, which have a policy stating they are not required to be
secure, but will encrypt network traffic if the client is able to receive it.


Page 97 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                      Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                  Total Questions:      574

-You have servers numbered 20-29, which have a policy stating they are required to be secure
and all network traffic they deliver must be secured.
-You have clients numbered 60-79 that are required to access secure servers 20-29 and no other
computers.
-You have clients numbered 80-99 that are not required to access secure servers 20-29, but are
required to access servers 1-9 and 10-19.
Based on the Client and Server configuration provided above, which of the following computer
types will implement IPSec method 1?

A. Computers numbered 1-9
B. Computers numbered 10-19
C. Computers numbered 20-29
D. Computers numbered 60-79
E. Computers numbered 80-99

Answer: C, D




                                                           om
Question: 331
Logging is critical when you want to determine whether or not your server is being attacked. You
Must enable logging on your Web servers. To help prevent malicious users from deleting files to
cover their tracks, you should make sure the ACLs on the IIS-generated log files




                                                     .c
(%systemroot%\system32\LogFiles) are set to Administrators (Full Control) and System (Full
Control). The ACL for the Everyone group should not be greater than which of the following?

A. Full Control
                                                 d
                                              ie
B. Modify
C. Read & Execute
                                        tif

D. List Folder
E. Read
                                er


Answer: C
                           C



Question: 332
What of the following user accounts are given the correct default User Identifier and Group
                   IT




Identifier, assuming the system is running Red Hat Linux?

A. ftp: User Identifier 21, Group Identifier 21
         Be




B. root: User Identifier 0, Group Identifier 0
C. bin: User Identifier 1, Group Identifier 1
D. adm: User Identifier 3, Group Identifier 3
E. mail: User Identifier 25, Group Identifier 25

Answer: B, C, D

Question: 333
You wish to add a new user to your Linux system. The user account is called Lnx_1,the password
Is QW3RTY, and the group is Users. What is the correct command to add this user account?

A. adduser -g Users Lnx_1
B. useradd Lnx_1 +grp Users
C. useradd Lnx_1 +g Users
D. adduser g/Users u/Lnx_1
E. adduser g/Users -act Lnx_1

Answer: A

Page 98 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:       574



Question: 334
In Windows NT and 2000 operating systems, partitions on the hard drive are shared at the root by
default with the drive letter assigned to them followed by a $ sign. These shares are also known
as Administrative shares. Which of the following describe how you, as an administrator, can
manage the permissions on administrative shares?

A. You cannot set permissions on these shares. Administrators can only access these shares
   over a network.
B. You can only set permissions on these shares over a network. Administrators cannot access
   these shares locally.
C. The only thing you can do about administrative shares as an administrator is to stop sharing
   them altogether.
D. First stop the share. Next, manually re-create the share. This time enter the drive letter
   followed by the $ sign- you must type this in yourself. Now you will be able to set permissions
   on this share.




                                                             om
E. You can only set permissions on administrative shares on Windows 2000 if IIS is installed.

Answer: A, C

Question: 335




                                                       .c
The computer you end up using on a day-to-day basis is a Windows 2000 Professional client in a
Pure Windows 2000 network. You have been informed that many people will use this machine in
                                                  d
the future as the company adds other shifts to the organization. You wish to implement the built-in
encryption of Windows 2000, and wish to use the command-line function to encrypt or decrypt a
                                               ie
file or folder. Which of the following is the command for performing this task?
                                       tif

A. encrypt
B. decrypt
                                er


C. extract
D. cipher
E. cryptor
                          C



Answer: D
                   IT




Question: 336
         Be




At the root@linuxbox$ prompt on a Linux machine you type cat /etc/passwd and one of the lines
in the output reads:
Simon:2cX1dMe9bfJcy:500:100:Simon Sez:/home/simon:/bin/bash
In the above output 2cX1dMe9bfJcy is which of the following?

A. User ID
B. Default shell
C. Group ID
D. Possible drive letters available to Simon
E. Encrypted password

Answer: E

Question: 337
The computer you are currently using is running Linux, and you are logged into the system with
Your normal user account. An application you wish to run requires root access to execute. Which
of the following can you do to have the application execute, and not have the security of the
system lowered?

Page 99 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:       574



A. Log out as your user account, and log in as root
B. You cannot run an application as a user other than the one you are logged in as
C. Use the sw ID 0 command
D. Install the Switch User application, restart the computer, log in as root, then switch to your
   current user account and run the application
E. Use the su root command

Answer: E

Question: 338
While you can are aware of how you can enable or disable well-known services such as Telnet,
FTP, TFTP and others, sometimes you find it is necessary to selectively grant or deny access to
such services. If your goal is only to control the service access, instead of enabling or disabling
the server, which of the following would you work with to meet this goal?




                                                               om
A. /etc/passwd
B. /etc/shadow
C. /usr/bin
D. Group IDs
E. TCP Wrappers




                                                        .c
Answer: E

Question: 339
                                                 d
                                              ie
What is the name of the informational page that is relevant to a particular command in Linux?
                                       tif

A. Readme Page
B. Lnx_nfo Page
                                er


C. Man Page
D. X_Win Page
E. Cmd_Doc Page
                          C



Answer: C
                   IT




Question: 340
During the configuration of your Linux system, you are working with the available drives in the
         Be




computer. What syntax defines the First (Primary) IDE hard disk drive?

A. /dev/sda
B. /dev/fda
C. /dev/hd1
D. /dev/hda
E. /dev/fd1

Answer: D

Question: 341
Your network is a mix of new and old computers and operating systems. You are concerned that
There may be authentication issues in the network. What is the authentication protocol that
Windows 2000 can use for communication with older (NT 4.0) machines on the network?

A. Kerberos
B. NTLM
C. NTLMv2

Page 100 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574

D. DES
E. 3-DES

Answer: B

Question: 342
During the configuration of your Linux system, you are working with the available drives in the
computer. What syntax defines the first floppy disk drive?

A. /dev/fda
B. /dev/hda
C. /dev/hd1
D. /dev/fd1
E. /dev/sda

Answer: A




                                                             om
Question: 343
You have just installed a new Routing and Remote Access Server to provide for your remote
clients. Once you complete the installation you are configuring authentication. Which of the
following are valid choices for you to choose for authentication on the RRAS?




                                                       .c
A. Windows Authentication
B. RADIUS
C. Kerberos
                                               d
                                            ie
D. IAS
E. NTLMv2
                                      tif

Answer: A, B
                               er


Question: 344
The security policy of your network has been revised to include specifications for the
                          C



implementation of IPSec. What protocol(s) is(are) IPSec able to protect?
                   IT




A. IP only
B. TCP only
C. UDP only
          Be




D. ICMP only
E. IP, TCP, UDP, and ICMP

Answer: E

Question: 345
To increase the security of your network and systems, it has been decided that EFS will be
Implemented in the appropriate situations. Two users are working on a common file, and often
email this file back and forth between each other. Is this a situation where the use of EFS will
increase security, and why?

A. No, the security will remain the same since both users will share the same key for encryption.
B. Yes, since the file will be using two keys for encryption the security will increase.
C. No, the security will remain the same since both users will share the same key for decryption.
D. Yes, since the file will be using two keys for decryption the security will increase.
E. No, EFS cannot be used for files that are shared between users.

Answer: E

Page 101 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                       Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                   Total Questions:       574



Question: 346
The security policy of your organization defines what data is to be locally encrypted and what is
not to be. You are running Windows 2000, which allows for local encryption, and you have data
that needs to be secured. Which of the following is the correct command for encrypting a
subfolder named "March" under a folder named "Financials"?

A. encrypt Financials/March
B. cipher /e Financials/March
C. encrypt Financials\March
D. cipher /e Financials\March
E. cipher /e %sysroot%/Financials\March

Answer: D

Question: 347




                                                            om
One of your assistants has configured a Windows 2000 server to use EFS. This server is only
Accessed from internal network clients over a 100BaseT infrastructure. You tell your assistant
that the security offered by EFS in this situation will not increase the security of the data
transferred. Why is this the case?




                                                      .c
A.   Each user would have to log in directly to the server to decrypt their files.
B.   There is no way to securely share the key that the server will use to perform the encryption.
C.
D.
                                               d
     The files cannot be encrypted remotely by users at client computers.
     The files will be decrypted remotely, then sent to the clients in clear text.
                                            ie
E.   The network cannot be configured to receive encrypted data without modifying the switches
     for such traffic.
                                      tif

Answer: D
                                er


Question: 348
Which of the following pieces of information are found in the Inode, on a Linux system?
                          C



A. Directory Location
                   IT




B. File ownership information
C. File size in Bytes
D. Filename
          Be




E. File access time

Answer: B, C, E

Question: 349
You wish to manage your Linux system remotely, using a web browser. Which of the following
tools will allow you to accomplish your task?

A. Snort
B. Bastille
C. Tripwire
D. Webmin
E. SSH

Answer: D

Question: 350
When a new user account is created in Linux, what values are assigned?

Page 102 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                           Exam Code:          SC0-411
Doc Type:           Q & A with Explanations                       Total Questions:    574



A. Shell_GID
B. SetGID
C. SetUID
D. UID
E. GID

Answer: D, E

Question: 351
To increase the security of your Windows 2000 file server, you are making some changes to the
permissions of the Registry. What are the two primary permissions you may apply when securing
Registry Keys?

A. Modify
B. Write




                                                                om
C. Read
D. Full Control
E. Read & Execute

Answer: C, D




                                                         .c
Question: 352
                                                 d
You have recently hired an assistant to help you with managing the security of your network. You
Are currently running an all Windows 2000 environment, and are describing the issues associated
                                              ie
with sharing folders. You describe different shared folder permissions. Which of the following
describes the maximum abilities of the Full Control permission?
                                        tif

A. Display folder names, filenames and data, and execute files
                                 er


B. Rename files and folders, delete files and folders
C. Create folders, add files to folders, change or delete flies in folders
D. Rename files and folders, and execute files
                           C



E. Change file permissions and take ownership of files
                    IT




Answer: E

Question: 353
          Be




You fear an unauthorized program has taken control of your CPU in your Linux system. What
Command will you run to see the CPU percentage per application in real-time?

A. top
B. netmon
C. ps
D. cpu_id
E. ps aux

Answer: A

Question: 354
You are setting the permissions on a new file in Linux. What will be the level of permission given
to the user if you assign an Octal value of 7?

A. rw-
B. r-x
C. ---

Page 103 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574

D. r--
E. rwx

Answer: E

Question: 355
You are setting the permissions on a new file in Linux. What will be the level of permission given
to the user if you assign an Octal value of 6?

A. rwx
B. rw-
C. r--
D. r-x
E. ---

Answer: B




                                                             om
Question: 356
You are configuring a new Windows 2000 network in a new branch office. This network will run
Active Directory. Since you will have a complex network configuration, there will be trust
relationships involved. What method is used by Windows 2000 to verify trust relationships in




                                                       .c
Active Directory?

A. DES
B. MD5
                                               d
                                            ie
C. Kerberos 5
D. RSA
                                      tif

E. 3-DES
                               er


Answer: C

Question: 357
                          C



You are setting the permissions on a new file in Linux. What will be the level of permission given
to the user if you assign an Octal value of 0?
                   IT




A. rw-
B. r--
         Be




C. r-x
D. ---
E. rwx

Answer: D

Question: 358
You are configuring the options on your newly installed Windows 2000 DNS server. You are
Concerned with zone transfer traffic, and are working on that configuration presently. What are
the options available to you in the Windows 2000 DNS configurations that control zone transfer
traffic?

A. Do not allow zone transfers
B. Allow zone transfers to any server
C. Allow zone transfers to all servers listed in the Name Servers property tab
D. Allow zone transfers to a specific list of IP addresses
E. Allow zone transfers to a specific list of MAC addresses


Page 104 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:       574

Answer: A, B, C, D

Question: 359
You have a file on your Linux system, and you need to modify the file's permissions. The
permissions you wish to apply are: Read, Write, and Execute for the User; Read and Write for the
Group: and Read for the Others. What command will allow you to achieve this?

A. chmod 700 test_file.tar.gz
B. chmod 600 test_file.tar.gz
C. chmod 774 test_file.tar.gz
D. chmod 644 test_file.tar.gz
E. chmod 674 test_file.tar.gz

Answer: C

Question: 360




                                                            om
On a Linux computer, what are /bin/sh, /bin/csh, /bin/ksh and /bin/bash all examples of?

A. Shell executables
B. Recycle bins
C. Home directories




                                                      .c
D. User accounts
E. Groups

Answer: A
                                               d
                                            ie
Question: 361
                                      tif

You have a file on your Linux system, and you need to modify the file's permissions. The
permissions you wish to apply are: Read, Write, and Execute for the User; Read for the Group:
                                er


and Read for the Others. What command will allow you to achieve this?

A. chmod 744 test_file.tar.gz
                         C



B. chmod 644 test_file.tar.gz
C. chmod 700 test_file.tar.gz
                  IT




D. chmod 774 test_file.tar.gz
E. chmod 600 test_file.tar.gz
         Be




Answer: A

Question: 362
You have just become the senior security professional in your office. After you have taken a
complete inventory of the network and resources, you begin to work on planning for a successful
security implementation in the network. You are aware of the many tools provided for securing
Windows 2000 machines in your network. What is the function of The Security Configuration and
Analysis snap-in?

A. This tool is used to manage the NTFS security permissions on objects in the domain.
B. This tool is used to create an initial security database for the domain.
C. This tool is used to analyze a large number of computers in a domain-based infrastructure.
D. This tool provides an analysis of the local system security configuration.
E. This tool provides a single point of management where security options can be applied to a
   local computer or can be imported to a GPO.

Answer: D


Page 105 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                       Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                   Total Questions:      574

Question: 363
You are in the process of securing several new machine on your Windows 2000 network. To help
with the process Microsoft has defined a set of Security Templates to use in various situations.
Which of the following best describes the Compatible Security Template?

A. This template is provided as a way to reverse the implementation of different Windows 2000
   security settings, except for user rights.
B. This template is provided so that Local Users have ideal security settings, while Power Users
   have settings that are compatible with NT 4 Users.
C. This template is provided to implement suggested security settings for all security areas,
   except for the following: files, folders, and Registry keys.
D. This template is provided to create the maximum level of security for network traffic between
   Windows 2000 clients.
E. This template is provided to allow for an administrator to run legacy applications on a DC.

Answer: B




                                                           om
Question: 364
You are in the process of securing several new machines on your Windows 2000 network. To
help with the process Microsoft has defined a set of Security Templates to use in various
situations. Which of the following best describes the Dedicated Domain Controller Security




                                                     .c
Template?

                                              d
A. This template is provided as a way to reverse the implementation of different Windows 2000
   security settings, except for user rights.
                                           ie
B. This template is provided so that Local Users have ideal security settings, while Power Users
   have settings that are compatible with NT 4 Users.
                                     tif

C. This template is provided to implement suggested security settings for all security areas,
   except for the following: files, folders, and Registry keys.
                                er


D. This template is provided to create the maximum level of security for network traffic between
   Windows 2000 clients.
E. This template is provided to allow for an administrator who does not need to run legacy
                         C



   applications on a DC.
                  IT




Answer: E

Question: 365
         Be




You have a file on your Linux system, and you need to modify the file's permissions. The
permissions you wish to apply are: Read and Write for the User; Read and Write for the Group:
and Read for the Others. What command will allow you to achieve this?

A. chmod 660 test_file.tar.gz
B. chmod 760 test_file.tar.gz
C. chmod 604 test_file.tar.gz
D. chmod 704 test_file.tar.gz
E. chmod 664 test_file.tar.gz

Answer: E

Question: 366
You have just installed a new Red Hat Linux file server for your company, and are running
through your initial configuration. You are preparing to make some changes in permissions to
several files that have been added to the system. What are the three categories to which you may
apply permissions?


Page 106 of 166
Exam Name:            Hardening the Infrastructure
Exam Type:            SCP                                      Exam Code:            SC0-411
Doc Type:             Q & A with Explanations                  Total Questions:      574

A. root
B. user
C. group
D. others
E. superuser

Answer: B, C, D

Question: 367
You are configuring the permissions to a file, called file1, on your Linux file server. You wish to
Change the permissions to allow all users to have read access to this file. Which of the following
commands will complete this task?

A. chmod a+r file1
B. umask a+r file1
C. chmod a=r file1




                                                             om
D. umask a=r file1
E. chmod g=r file1

Answer: A




                                                      .c
Question: 368
You are configuring the permissions to a file, called file1, on your Linux file server. You wish to
                                                 d
Change the permissions to remove the execute permission from the others and group. Which of
the following commands will complete this task?
                                              ie
A. umask x-og file1
                                        tif

B. umask og-x file1
C. chmod xog- file1
                                 er


D. chmod x-og file1
E. chmod og-x file1
                            C



Answer: E
                     IT




Question: 369

The test.doc file on your Linux system that needs the ownership changed. You wish to have the
          Be




new owner of the file to be vp_finance. Which of the following is the command to change
ownership to the vp_finance user account?

A. ch_own vp_finance test_doc
B. chown vp_finance test.doc
C. chown test/doc vp_finance
D. chown vp_finance test/doc
E. ch_own vp_finance test.doc

Answer: B

Question: 370
You manage a network that is approximately 300 Windows computers (both servers and clients),
150 Linux computers (both clients and servers), and 15 UNIX servers. You are responsible for the
security settings of the data stored on the Linux servers. If you use the command chmod 751
b.doc what will be the result in the permissions for this file?

A. drwxr-x--x

Page 107 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:           SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:     574

B. -rwx-rx--x
C. -rwxr-xr-x
D. -r-xr-xr-x
E. -rwxrwxr-x

Answer: B

Question: 371
The Forecast directory on your Linux system needs the ownership changed. You wish to change
The group ownership of the directory to marketing. Which of the following is the command to
change the ownership of the directory to the marketing group?

A. ch_own .marketing /Forecast
B. chown /marketing /Forecast
C. chown .marketing /Forecast
D. ch_own /marketing /Forecast




                                                            om
E. chown /Forecast -g/marketing

Answer: C

Question: 372




                                                      .c
If you have enabled the Shadow Password file on your Linux system, what will be visible as the
Password for a user account in the /etc/passwd file?
                                               d
A. An X for every character of the real password
                                            ie
B. An X for every character of the encrypted password
C. A single -
                                      tif

D. A single X
E. A single E
                               er


Answer: D
                         C



Question: 373
After you have configured your new Linux file server, a colleague wishes to check the permission
                   IT




Settings on some files. You run the command to view the permissions, and the onscreen result is:
-rw-r--rw- 1 ps_admin root 2345 10:23 file1 Which of the following are true based on this output?
A. ps_admin is the group
         Be




B. The owner has read and write permissions
C. The group has read and write permissions
D. The others have read and write permissions
E. root is the owner

Answer: B, D

Question: 374
You are viewing the /etc/passwd file on your Red Hat Linux computer, and you see the following
entry:
root:23rs5:0:0:root:/root:/bin/bash In this entry, what does the 23rs5 mean?

A. It is the code for the time when the root account was created
B. It is the group that the root account belongs to
C. It is the unencrypted password of the root account
D. It is the login name that the root account is to use
E. It is the encrypted password of the root account


Page 108 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:       574

Answer: E

Question: 375
Which of the following fields are found in a user account's line in the /etc/passwd file?

A. The User Identifier assigned to the user account
B. The home directory used by the user account
C. The number of days since the user account password was changed
D. The full name for the user account
E. The number of days until the user account's password must change

Answer: A, B, D

Question: 376
Which of the following fields are found in a user account's line in the /etc/shadow file?




                                                              om
A. The User Identifier assigned to the user account
B. The home directory used by the user account
C. The hashed version of the user account's password
D. The number of days since the user account password was changed
E. The number of days until the user account's password must change




                                                        .c
Answer: C, D, E

Question: 377
                                                d
                                             ie
Your Linux system is using Pluggable Authentication Modules (PAM). What are the four distinct
PAM Module types?
                                       tif

A. auth
                                er


B. account
C. access
D. password
                          C



E. session
                   IT




Answer: A, B, D, E

Question: 378
         Be




While configuring TCP Wrappers on your Linux system, you desire to create a line that will effect
Every computer in the 172.16.23.0 network. Which of the following lines will achieve this desired
result?

A. ALL: 172.16.23.
B. ALL: 172.16.23.1~254
C. ALL: NETWORK(172.16.23.)
D. NETWORK(172.16.23.0): ALL
E. 172.16.23.0_NET: ALL

Answer: A

Question: 379
While configuring TCP Wrappers on your Linux system, you desire to create a line that will effect
Every local host in the network's access to all services, other than the ftp service. Which of the
following lines will achieve this desired result?

A. ALL >OTHER< in.ftpd: LOCAL

Page 109 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:              SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:        574

B. ALL >EXCEPT< in.ftpd: LOCAL
C. ALL OTHER in.ftpd: LOCAL
D. ALL EXCEPT in.ftpd: LOCAL
E. LOCAL: ALL OTHER in.ftpd

Answer: D

Question: 380
You are reviewing the lines used in the configuration of TCP Wrappers on your Linux system.
When placed in the denial file, what is the function of the following line?
in.telnetd: 192.168.23.: spawn (/bin/echo %c >> /var/log/telnet.log)

A. This line will initiate a Telnet connection to the 192.168.23.0/24 network.
B. This line will write a log line to the /bin/echo directory when a host tries to use Telnet to
   connect to the 192.168.23.0/24 network.
C. This line will initiate an ICMP echo request when a host from the 192.168.23.0/24 network




                                                               om
   uses Telnet.
D. This line will write a log line that contains client information when a host from the
   192.168.23.0/24 network attempts to use Telnet.
E. This line will write a log line to the /var/log directory when a host tries to use Telnet to connect
   to the 192.168.23.0/24 network.




                                                         .c
Answer: D

Question: 381
                                                 d
                                              ie
To selectively grant or deny access to services, on your Linux host, the TCP Wrapper daemon,
tcpd. Will examine the contents of two files to determine if the connection will be accepted. The
                                        tif

two files are:
                                er


A. /etc/hosts.allow
B. /etc/hosts.disallow
C. /etc/hosts.grant
                           C



D. /etc/hosts.deny
E. /etc/tcpdaemon
                   IT




Answer: A, D
          Be




Question: 382
You are configuring the security of a service using Xinetd. You wish to add a line to the
configuration of the service that denies access to the 10.20.23.0 (with subnet mask
255.255.255.0) network. Which of the following lines will you need to add to the configuration to
achieve this result?

A. no_access = 10.20.23.0/24
B. deny_from = 10.20.23.0/24
C. deny_from = net_10.20.23.0/24
D. no_access = net_id 10.20.23.0/24
E. no_access = net_10.20.23.0/24

Answer: A

Question: 383
You are configuring the security of a service using Xinetd. You wish to add a line to the
configuration of the service that removes the option to track the Record on failures. Which of the
following lines will you need to add to the configuration to achieve this result?

Page 110 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574



A. -RECORD -> log_on_failure
B. log_on_failure -= RECORD
C. -RECORD = log_on_failure
D. log_on_failure remove>RECORD
E. RECORD remove log_on_failure

Answer: B

Question: 384
You are configuring the lines that control access to exported objects on your server running NFS.
If you have a directory called /Policy and you wish to export this directory to the entire network
172.16.55.0 with the permissions of read access, which of the following lines will accomplish this?

A. /Policy 172.16.55.0/255.255.255.0 (ro)
B. (RO) /Policy 172.16.55.0/255.255.255.0




                                                             om
C. /Policy 172.16.55.0/255.255.255.0(ro)
D. (RO) 172.16.55.0/255.255.255.0 /Policy
E. (RO):/Policy 172.16.55.0/255.255.255.0

Answer: C




                                                      .c
Question: 385
                                               d
Your network has been running NIS for distributed login information. You have decided that you
will need to upgrade the network to a more secure method of distributed login information. Which
                                            ie
of the following is a supported authentication system will can implement to address your need?
                                      tif

A. NIS+
B. NFS
                               er


C. Kerberos
D. NISv2.0
E. Secure RPC
                         C



Answer: C
                   IT




Question: 386
You want to increase the security of the boot loading process on your Linux computer. Select the
          Be




file you need to use to make this change, and select the line to add a password to the boot
loading process.

A. file: /etc/conf.d
B. file: /etc/lilo.conf
C. file: /etc/boot.ini
D. line: secure_boot=L1L0_p@s5
E. line: pwd= L1L0_p@s5
F. line: password=L1L0_p@s5

Answer: B, F

Question: 387
In Windows NT 4.0, before Service Pack 4 (SP4), there were only two supported methods of
authentication. What were those two methods?

A. NetBIOS
B. LM

Page 111 of 166
Exam Name:        Hardening the Infrastructure
Exam Type:        SCP                                     Exam Code:           SC0-411
Doc Type:         Q & A with Explanations                 Total Questions:     574

C. NTLM
D. NTLMv2
E. Kerberos

Answer: B, C

Question: 388
You are planning the new authentication system for your Windows 2000 network. What are the
authentication methods available to you in your pure Windows 2000 network?

A. Kerberos
B. NTLM
C. NTLMv2
D. Smart Cards
E. IPSec




                                                        om
Answer: A, B, C, D

Question: 389
What are the advantages of using NTLM Authentication over LM Authentication in Windows?




                                                   .c
A. Creates 128-bit hash with MD4
B. Creates 64-bit hash with DES
C. Single string of 14 characters
D. Uses 16-bit Unicode characters
                                             d
                                          ie
E. Uses standard character set
                                    tif

Answer: A, C, D
                             er


Question: 390
You run an enterprise network for a large company. There are a few isolated branches in the
company, that do not connect to the main network. You wish to increase the security of those
                        C



branches by implementing NTLMv2. Since, those branches are in areas of the world where
United States Export Restrictions are not met, what mode will NTLMv2 be installed in?
                  IT




A. 512-bit mode
B. 256-bit mode
          Be




C. 128-bit mode
D. 64-bit mode
E. 56-bit mode

Answer: E

Question: 391
When a new user is created in Linux, what is the starting value for the assignment of a User
Identifier?

A. 0
B. 1
C. 100
D. 500
E. 5000

Answer: D


Page 112 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574

Question: 392
What do LM, NTLM, and NTLMv2 use as their Authentication method?

A. Challenge/Response
B. Public Key Cryptography
C. Private Key Cryptography
D. Private Certificates
E. Public Certificates

Answer: A

Question: 393
You are going to implement the Gold Standard on your Windows 2000 computer. Which of the
Following are the correct settings of the Gold Standard?

A. Password History 0




                                                             om
B. Maximum Password Age 42
C. Minimum Password Length 8
D. Maximum Password Age 90
E. Password History 24
F. Minimum Password Length 0




                                                       .c
Answer: C, D, E

Question: 394
                                                d
                                             ie
You are creating a new Auditing and Logging policy for your network. On a Windows 2000
system, if you wish to audit events like Kerberos ticket information, which of the following options
                                      tif

would you use?
                               er


A. Audit Account Logon Events
B. Audit Account Management
C. Audit Logon Events
                          C



D. Audit Object Access
E. Audit System Events
                   IT




Answer: A
          Be




Question: 395
You are creating a new Auditing and Logging policy for your network. On a Windows 2000
system, if you wish to audit events like the creation or deletion of a user account or group, which
of the following options would you use?

A. Audit Account Logon Events
B. Audit Account Management
C. Audit Logon Events
D. Audit Object Access
E. Audit System Events

Answer: B

Question: 396
You are examining the Event IDs in your Windows 2000 network. There have been a large
number of failed attempts at logon in the network. What is the Event ID for a failed attempt at
Logon due to an unknown username or bad password?


Page 113 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:              SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:        574

A. 412
B. 529
C. 675
D. 749
E. 855

Answer: B

Question: 397
You are examining the Event IDs in your Windows 2000 network. There have been a large
number of failed attempts at logon in the network. What is the Event ID for a failed attempt at
Logon due to an account being disabled?

A. 107
B. 230
C. 374




                                                               om
D. 413
E. 531

Answer: E




                                                         .c
Question: 398
There are known utilities that are designed to mount a drive letter to any NTFS partition from
                                                 d
DOS or Windows 9x and read all the contents of that partition, completely bypassing local
security. As an administrator, how can you currently prevent someone from snooping on sensitive
                                              ie
files under Windows NT 4.0 using these third party tools?
                                        tif

A. by configuring Cluster sizes larger than 4K on the NTFS partition
B. by configuring disk striping for the NTFS partition
                                er


C. by specifying the Deny permission for List Folders/ Read Data on the NTFS partition
D. by specifying the Deny permission for Read Permissions on the NTFS partition
E. by specifying the files on the NTFS partition had been protected by enabling the encryption
                           C



   attribute checkbox
                   IT




Answer: A, B

Question: 399
          Be




You are running a computer that boots to multiple operating systems on multiple partitions and
wish to use Windows 2000 data encryption to protect your files. Which of the following options will
Windows 2000's EFS perform?

A. Allows you to encrypt a file as well as the file name, so no one other than you or the recovery
   agent can see the existence of the file.
B. Allows you to encrypt a folder as well as the folder name, so no one other than you or the
   recovery agent can see the existence of the folder.
C. Allows you to encrypt a file only if the folder it is in allows encryption.
D. Allows you to encrypt a folder but not the folder name; however, the folder itself is not
   encrypted. Only the files within the folder are encrypted.
E. Allows you to encrypt a file but not the file name; users with access to the folder that the file is
   in are not prohibited from viewing the existence of a file.

Answer: D, E

Question: 400
After you have created your contingency plan, it is critical that the plan be tested. What are the

Page 114 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                           Exam Code:         SC0-411
Doc Type:            Q & A with Explanations                       Total Questions:   574

Three general types of plan testing that you could use?

A. Backup Test
B. Recovery Test
C. Checklist Test
D. Walk-through Test
E. Full Interruption Test

Answer: C, D, E

Question: 401
To properly create the plan for the power supply of the organization, you must understand the
Primary disturbances that can happen to the electrical supply. Which of the following is when
there is a momentary (and total) loss in the electric supply?

A. Surge




                                                                 om
B. Sag
C. Fault
D. Brownout
E. Blackout




                                                          .c
Answer: C

Question: 402                                     d
What is a unique characteristic of a hot-site facility versus a cold-site facility?
                                               ie
A. The hot-site has replication disk drives
                                         tif

B. The hot-site has replication tape drives
C. The hot-site has replication wiring, controlled temperature, and raised flooring
                                 er


D. The hot-site requires authentication to gain access
E. The hot-site has replication PCs, Servers, and Telecommunications
                            C



Answer: E
                    IT




Question: 403
While creating the backup strategy for your organization, you examine the three primary types of
backups. What are those three types?
          Be




A. Hot-site
B. Incremental
C. Cold-site
D. Differential
E. Full
F. Warm-site

Answer: B, D, E

Question: 404
You are running a network that is all Windows 2000 computers. What is the built-in solution to
Creating and restoring backups?

A. Tar
B. Backup
C. Gzip
D. ExecSuite

Page 115 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:       574

E. Back_Suite

Answer: B

Question: 405
You are running a network that is all Linux computers. What is the built-in solution to managing
backups?

A. Tar
B. Backup
C. Gzip
D. ExecSuite
E. Back_Suite

Answer: A




                                                             om
Question: 406
You are creating the contingency plan, and are trying to take into consideration as many of the
Disasters as you can think of. Which of the following are examples of technological disasters?

A. Hurricane




                                                       .c
B. Terrorism
C. Tornado
D. Virus
E. Trojan Horse
                                                d
                                             ie
Answer: B, D, E
                                       tif

Question: 407
                               er


In order to create the security policy in your company, you are going to perform a short, high-level
Risk analysis. What are two types of risk analysis that you could perform?
                          C



A. Qualitative
B. Technological
                   IT




C. Environmental
D. Performance-based
E. Quantitative
          Be




Answer: A, E

Question: 408
When creating the contingency plan, what must be taken into consideration regarding the backup
ISP that is chosen?

A. That the backup ISP uses a different physical router than the primary ISP
B. That the backup ISP uses a unique range of IP Addresses that are not near the network
   addresses of the primary ISP
C. That the backup ISP is owed by a different company than the primary ISP
D. That the backup ISP connection point is a different physical connection than the primary ISP
E. That the backup ISP uses the same type of router that you have in your internal network

Answer: D

Question: 409


Page 116 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:       574

To maintain the security of your network you routinely run several checks of the network and
computers. Often you use the built-in tools, such as netstat. If you run the following command,
netstat –a which of the following will be the result?

A. Displays all connections and listening ports
B. Displays Ethernet statistics.
C. Displays addresses and port numbers in numerical form
D. Shows connections for the protocol specified
E. Displays per-protocol statistics

Answer: A

Question: 410
NetBus is a program that is known to be used by many computer and network professionals. If
you are configuring your Firewall to address the default port used by standard NetBus, what port
will you filter?




                                                            om
A. 5001
B. 12345
C. 31337
D. 1023




                                                      .c
E. 60666

Answer: B                                      d
                                            ie
Question: 411
You are running several security checks and scans in your network. The network is small, with
                                      tif

Only Windows 2000 computers in a single Workgroup and split between two Ethernet segments
with a bridge. You decide to use Nmap for some of the checks. What will be the result of running
                               er


the following command? nmap -v -sU -O 10.0.10.24

A. Uses TCP/IP fingerprinting to guess the remote operating systems on 10.0.10.24.
                         C



B. Performs a TCP UDP stealth port scan on 10.0.10.24
C. Performs TCP SYN stealth port scans on 10.0.10.24
                  IT




D. Performs TCP ACK port scans on 10.0.10.24
E. Does UDP scans on 10.0.10.24
           Be




Answer: A, E

Question: 412
While planning the Security Policy you bring up how critical physical security is to the
organization. You describe how systems can be damaged from an attacker gaining physical
access to sensitive machines. If an attacker were to get physical access to a Windows NT 4.0
Server, how could the SAM file be deleted?

A. The attacker would have to Telnet into the Server using the built-in administrator account and
    navigate to the appropriate folder, then simple press delete.
B. The attacker would have to Telnet into the Server using any administrator account and
   navigate to the appropriate folder, then simply press delete.
C. The attacker would have to boot the machine to another operating system and navigate to the
    appropriate folder, then simply press delete.
D. The attacker would have to boot to the Command Console in Windows 2000 and navigate to
    the appropriate folder, then simply press delete.
E. The attacker would have to ftp into the Server using the built-in administrator account and
   navigate to the appropriate folder using the parent paths option (../../../bin/ls)

Page 117 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:       574



Answer: C

Question: 413
While you were gone, an attacker used a program that sent thousands of email messages to
each of the users in your network. When you return you are asked what happened. You reply that
an attacker used an _______________ against the network.

A. Email Flash
B. Email Bomb
C. Email Spoof
D. Email Binge
E. Email Overflow

Answer: B




                                                              om
Question: 414
Before the security of the network was your responsibility, the network was hit with several
different DoS attacks. You have decided that you are going to try to identify and block as many of
these attacks as possible. Which of the following are well known DoS attacks?




                                                        .c
A. Bleep Flood
B. Bloop Flood
C. Smurf
D. SYN Flood
                                                d
                                             ie
E. ICMP Flood
                                       tif

Answer: C, D, E
                                er


Question: 415
Your network has been hit by a very bad virus recently. As you tracked the virus through the
network, it was changing from system, to system. Each time it went to infect a system; it had
                          C



evolved slightly to have a different file size, or different file structure. After extensive work, you
and your team were able to isolate and remove the virus from the network. Which of the following
                    IT




best identifies the type of virus that was in your network?

A. Boot Sector Virus
          Be




B. Macro Virus
C. Stealth Virus
D. Multi-part Virus
E. Polymorphic Virus

Answer: E

Question: 416
To increase the security of your corporate website, you are running some basic checks on leaked
information. You view the source code for a web page and see the following:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="FrontPage 4.0">
<meta name="ProgId" content="Editor.Document">
<title>Security Certifications for the IT Pro</title>
<style type="text/css">
<!--

Page 118 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:       574

P, TD, LI, TH { font-size: 10pt; font-family: Arial, Verdana, Helvetica }
.eight { font-size: 8pt }
-->
</style>
</head>
From this code, which of the following would an attacker most likely assume is the operating
system that
was used to create this web site?

A. OpenBSD
B. FreeBSD
C. Linux 5.0
D. Linux 6.0
E. Windows NT

Answer: E




                                                             om
Question: 417
You come into work and find that the network has been infected with a new Trojan horse program
And by default it has opened all ports as listening. You do some quick Internet searches, and find
there is a site that hosts a security program that is said to be able to rid a computer of the new




                                                       .c
Trojan. Although you have never been to this site before, this is exactly the tool you need for your
network. However, you are a careful administrator. You view any free tool with skepticism. In this
                                                d
case, what three concerns should you consider when downloading this new security program?
                                             ie
A. That the program includes a Virus.
B. That the program includes a Worm.
                                      tif

C. That the program includes a Trojan.
D. That the program will create out of spec packets on your machine while you download it.
                               er


E. If it is from a security website, you can be sure the program is fine.

Answer: A, B, C
                          C



Question: 418
                   IT




Often times attackers will run scans against the network to identify different network and
operating systems, and resources that are available. If an attacker runs scans on the network,
and you are logging the connections, which of the following represent the legitimate combination
          Be




of packets that will be sent between the attacker and target?

A. Attacker XMAS-FIN Scan, Target RST-FIN Response
B. Attacker RST-SYN Scan, Target NULL Response
C. Attacker NULL Scan, Target RST Response
D. Attacker SYN-FIN Scan, Target URG Response
E. Attacker FIN-SYN Scan, Target NULL Response

Answer: C

Question: 419
On Monday, during a routine check of a user's workstation, you find the following program, called
regedit.bat on the user's local hard drive:
Net localgroup administrators normal /all
Start regedit.exe
Exit
What is this program capable of doing on this computer?


Page 119 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                      Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                  Total Questions:      574

A. Nothing, the first line is coded wrong.
B. It will add the administrators to the normal group
C. It will add the normal user to the administrators group
D. It will add the administrators to all local groups
E. It will add the normal user to all local groups

Answer: C

Question: 420
You have decided to use Nmap to maintain the security of your network. You use it frequently to
Run various checks of the network. What type of scan is run if you use the following command:
nmap –sN

A. ping scan
B. UDP port scan
C. TCP ACK scan




                                                             om
D. TCP SYN stealth scan
E. TCP Null scan

Answer: E




                                                       .c
Question: 421
An attacker often attempts to locate information, such as OS identification, about a potential
                                                d
target by banner grabbing. Banner grabbing is a technique most often associated with which of
the following?
                                             ie
A. Logging on to a Windows 95 computer
                                       tif

B. Web browsing
C. RAS
                                er


D. RRAS
E. Telnet
                          C



Answer: E
                   IT




Question: 422

Often times attackers will run scans against the network to identify different network and
         Be




operating systems, and resources that are available. If an attacker runs scans on the network,
and you are logging the connections, which of the following represent the legitimate combination
of packets that will be sent between the attacker and target?

A. Attacker SYN-FIN Scan, Target RST-FIN Response
B. Attacker ACK Scan, Target NULL Response
C. Attacker NULL Scan, Target ACK-SYN Response
D. Attacker SYN Scan, Target NULL Response
E. Attacker FIN Scan, Target RST Response

Answer: E

Question: 423
You are having a discussion with your co-workers about active stack fingerprinting and decide to
examine your network traffic to see what an attacker via this methodology can learn. From the
following list, which three are active stack fingerprinting components?

A. TCP Initial Window Size

Page 120 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:      574

B. Don't Fragment Bit
C. May Fragment Bit
D. Time To Live value
E. Datagram Flag

Answer: A, B, D

Question: 424
Which of the following is the name of the Active X authentication system Microsoft has included to
prevent Active X controls from being altered or corrupted by attackers wanting to perform
unwarranted operations?

A. Driver Signing
B. Authenticode
C. Certificate services
D. NTLM




                                                             om
E. Kerberos

Answer: B

Question: 425




                                                      .c
You are running a vulnerability analysis on your new Windows 2000 Web Server (IP Address
10.10.10.1/24), which you just installed and is running IIS. You are concerned about the "double-
                                               d
dot" vulnerability. You issue the following request to the server:
http://10.10.10.1/scripts/../../winnt/system32/cnm.exe
                                            ie
and the request fails. Why did this request fail?
                                      tif

A. The IP address cannot be used for this request
B. The request needs at least 420 characters of buffer between the first "../" and the second "../"
                               er


C. Without at least one"%" sign in the URL request, this command cannot be completed on any
   web server.
D. The request was issued in the /scripts directory, when it should have been issued in the /cgi-
                          C



   bin directory
E. The security checking in IIS is designed to specifically stop the use of the "../" in a URL
                   IT




   request outside of the Inetpub folder.

Answer: E
          Be




Question: 426
You are running a vulnerability analysis on your new Windows 2000 Web Server (IP Address
10.10.10.1/24), which you just installed and is running IIS. You are concerned about the
"Unicode" vulnerability. You issue the following request to the server:
http://10.10.10.1/scripts/..%c0%af../winnt/system32/cnmd.exe
and the request succeeds in giving you a command prompt. Why did this request succeed?

A. Unicode characters are decoded after the IIS security check.
B. When using Unicode characters, all security checking in IIS is bypassed.
C. The Unicode characters were checked by the IIS security check then passed to the kernel
   subsystem for an additional security check, where the characters are not understood.
D. By using the above Unicode characters, the server 'thinks' that the administrator made the
   web request, and fulfills the request.
E. The Unicode characters split the request into two requests. One for the website, and the
   second called up the local cmd.exe window.

Answer: A

Page 121 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                       Exam Code:              SC0-411
Doc Type:            Q & A with Explanations                   Total Questions:        574



Question: 427
It has been decided that a Web server will be run in house. The server will be Apache running on
Red Hat Linux. Which of the following files is the main configuration file for the Apache server?

A. /var/www
B. /var/cache
C. .htpasswd
D. /usr/lib/apache
E. /httpd/conf

Answer: E

Question: 428
You are setting the options of your newly installed Apache Web server, running on Red Hat
Linux. You wish to modify the server so that it knows where to find the configuration files when it




                                                             om
starts up. Which configuration option will you modify to make this change?

A. ResourceConfig / AccessConfig
B. ServerRoot
C. KeepAlive




                                                      .c
D. ServerType
E. User / Group

Answer: B
                                                d
                                             ie
Question: 429
                                       tif

If your Web Server has been rendered inoperable to legitimate users by an attacker, what type of
Attack is your Web server receiving?
                                er


A. A Denial of Service Attack
B. A Virus Attack
                           C



C. A Worm Attack
D. A Macro Attack
                     IT




E. A Trojan Attack

Answer: A
          Be




Question: 430
You are concerned that email messages sent to your Outlook clients could contain customized
And dangerous scripting. What can you do to minimize the threat that this specific type of email
presents?

A. Install and Update Anti-Virus software
B. Update the Security Settings for the clients at the SMTP Server
C. Disable the Preview Pane
D. Be sure that all forms of scripting are disabled on all clients
E. Minimize the number of contacts allowed in an address book

Answer: C

Question: 431
What are the four Zones/Security Levels that are available in Internet Explorer 6.0?

A. Internet - Medium

Page 122 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                           Exam Code:         SC0-411
Doc Type:          Q & A with Explanations                       Total Questions:   574

B. Intranet - Medium-Low
C. Trusted - Low
D. Restricted - High
E. Paranoid - Highest

Answer: A, B, C, D

Question: 432
You are going to secure your web server with a security template. What template is
recommended by Microsoft to secure an IIS 5.0 server?

A. HISECWEB.inf
B. NIST2kws.inf
C. BASICWK.inf
D. HISECDC.inf
E. HISECWS.inf




                                                            om
Answer: A

Question: 433
In your office you use a Windows 2000 Professional computer with SP2. You are setting custom




                                                      .c
levels of security on your browser and are working with cookies. What are the two types of
cookies for you to manage?

A. Per session
                                               d
                                            ie
B. Per season
C. Persistent
                                      tif

D. ActiveX
E. Authenticode
                               er


Answer: A, C
                           C



Question: 434
Most companies that do business via the Web offer a shopping cart so you can specify all the
                  IT




items you want before placing the order. Poor shopping cart design, however, can allow a
different kind of hack. Take a look at the HTML code sample presented here and determine the
line that presents the vulnerability:
          Be




<FORM ACTION="http://10.0.10.236/cgi-bin/orders.pl" method="post">
<input type=hidden name="price" value="39.95">
<input type=hidden name="item_no" value="WIDGET9">
QUANTITY: <input type=text name="quantity" size=2 maxlength=2 value=1>
</FORM>

A. The line specifying the Perl script orders.pl
B. The line specifying input type for price
C. The line specifying input type for item number
D. The line specifying input type for quantity
E. The line specifying input type for item number and quantity

Answer: B

Question: 435
You are discussing the design and infrastructure of the Internet with several colleagues when a
disagreement begins over the actual function of the NAP in the Internet's design. What is the
function of a NAP in the physical structure of the Internet?

Page 123 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:       574



A. The NAP provides for a layered connection system of ISPs connecting to the backbone.
B. The NAP provides the actual connection point between a local user and the Internet.
C. The NAP provides the physical network with communication channels for the Internet and
   voice/data applications.
D. The NAP provides a national interconnection of systems, called peering centers, to the NSPs.
E. The NAP provides for a connection point between an ISP and the backbone of the Internet.

Answer: E

Question: 436
You run the network for a small local Tier Three ISP. The owner of the company has just
Announced that security is a top priority, and you are the new security professional. What are
some of the things an attacker would attempt to compromise at the ISP?

A. Usernames




                                                               om
B. Passwords
C. IP Addresses
D. ISP Subscriber's O/S Types
E. A direct link to the upline Tier One ISP.




                                                        .c
Answer: A, B, C

Question: 437                                     d
During a routine security inspection of the clients in your network, you find a program called
                                               ie
cgiscan.on one of the computers. You investigate the file, reading part of the contents. Using the
portion of the program shown below, identify the function of the program.
                                        tif

Temp[1] = "GET /cgi-bin/phf HTTP/1.0\n\n";
Temp[2] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n";
                                er


Temp[3] = "GET /cgi-bin/test-cgi HTTP/1.0\n\n";
Temp[4] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n";
Temp[5] = "GET /cgi-bin/handler HTTP/1.0\n\n";
                           C



Temp[6] = "GET /cgi-bin/webgais HTTP/1.0\n\n";
Temp[7] = "GET /cgi-bin/websendmail HTTP/1.0\n\n";
                   IT




A. The program is designed to launch the user's email program.
B. The program is designed to manage the counters on a target web server.
          Be




C. The program is simply old temp files, and nothing of interest.
D. The program is designed to test the functionality of the cgi email scripts that are installed on
   the server.
E. The program is a vulnerability scanner

Answer: E

Question: 438
You are monitoring the DNS traffic on your network to see what kind of zone transfer data is
Currently being exchanged. You wish to monitor all-zone transfers. You run a packet capture to
gather network traffic for this project. Which kind of network traffic are you looking for?

A. AXFR
B. MX
C. CNAME
D. HOST
E. PTR


Page 124 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574

Answer: A

Question: 439
You work for a medium sized ISP and there have been several attacks of the DNS configuration
recently. You are particularly concerned with DNS Spoofing attacks. If an attacker is able to send
out false data to a DNS client before the response from the DNS server arrives, this is which type
of DNS Spoofing?

A. DNS Server Compromise
B. DNS Cache Poisoning
C. Spoofing the DNS Response
D. DNS Source-Router Spoof
E. IXFR Source-Spoof

Answer: C




                                                             om
Question: 440
You are setting up a new web server. The machines will be running IIS on Windows 2000 Server.
You are going through the basic configuration and have decided to install the webroot directories
on a different partition from your system files. Why is this a good idea?




                                                       .c
A. You can compress the partition that holds the web directories and same disk space by using
   two partitions.
                                                d
B. The logging of two different partitions is more sophisticated than one partitions, and will allow
   you to track attacks better.
                                             ie
C. In case the web directories are compromised, they are on a different partition from the
   system files.
                                      tif

D. By using two partitions you are able to increase the physical security of the machine more
   efficiently.
                               er


E. By using two partitions you are able to create and manage backups easier.

Answer: C
                          C



Question: 441
                   IT




The exhibit represents a simple routed network. Node 7 is a Windows NT 4.0 Workstation that
establishes a TCP communication with Node 10, a Windows 2000 Professional host. The routers
are Cisco 2500 series running IOS 11.2. While working at Node 10, you run a packet capture.
          Be




Packets received by Node 10, and sent from Node 7, will reveal which of the following
combination of source IP and source Physical addresses?




Page 125 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574




                                                            om
                                               d      .c
                                            ie
                                      tif

A. Source IP address: 50.0.50.1, Source Physical address: Router D's Int E0
                               er


B. Source IP address: 50.0.50.1, Source Physical address: Node 7
C. Source IP address: 10.0.10.115, Source Physical address: Node 7
D. Source IP address: 10.0.10.115, Source Physical address: Router D's Int E0
                         C



E. Source IP addresses: 10.0.10.115 only. Routers cannot use Physical addresses for routing.
                  IT




Answer: D

Question: 442
          Be




You are configuring the Access Lists for your new Cisco Router. The following are the commands
That are entered into the router for the list configuration.
Router(config)#access-list 13 deny 10.10.10. 0 0.0.0.255
Router(config)#access-list 13 deny 10.10.11.0 0.0.0.255
Router(config)#access-list 13 permit 0.0.0.0 255.255.255.255
Router(config)#interface Serial 0
Router(config-if)#ip access-group 13 out
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




Page 126 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574




                                                            om
                                               d      .c
                                            ie
                                      tif
A. Block the 10.10.10.0 network from accessing the Internet
B. Block the 10.10.12.0 network from accessing the Internet
                               er


C. Block the 10.10.11.0 network from accessing the Internet
D. Block the 10.10.10.0 network from accessing all other networks
E. Block the 10.10.11.0 network from accessing all other networks
                         C



Answer: A, C
                  IT




Question: 443
You are configuring the Access Lists for your new Cisco Router. The following are the commands
          Be




That are entered into the router for the list configuration.
Router(config)#access-list 13 deny 10.10.10. 0 0.0.0.255
Router(config)#access-list 13 deny 10.10.12.0 0.0.0.255
Router(config)#access-list 13 permit 0.0.0.0 255.255.255.255
Router(config)#interface Serial 0
Router(config-if)#ip access-group 13 out
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




Page 127 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574




                                                            om
                                               d      .c
                                            ie
                                      tif
A. Block the 10.10.10.0 network from accessing the Internet
B. Block the 10.10.12.0 network from accessing the Internet
                               er


C. Block the 10.10.11.0 network from accessing the Internet
D. Block the 10.10.10.0 network from accessing all other networks
E. Block the 10.10.11.0 network from accessing all other networks
                         C



Answer: A, B
                  IT




Question: 444
You are configuring the Access Lists for your new Cisco Router. The following are the commands
         Be




That are entered into the router for the list configuration.
Router(config)#access-list 151 permit tcp 10.10.12.0 0.0.0.255 0.0.0.0 255.255.255.255 eq 20
Router(config)# access-list 151 permit tcp 10.10.12.0 0.0.0.255 0.0.0.0 255.255.255.255 eq 21
Router(config)#access-list 151 deny tcp any any eq 20
Router(config)# access-list 151 deny tcp any any eq 21
Router(config)#access-list 151 permit ip any any
Router(config)#interface Serial 0
Router(config-if)#ip access-group 151 out
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




Page 128 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574




                                                            om
                                               d       .c
                                            ie
                                      tif
A. Permit network 10.10.12.0 FTP to the Internet
B. Permit network 10.10.11.0 FTP to the Internet
                               er


C. Permit network 10.10.10.0 FTP to the Internet
D. Permit all networks Telnet access to the Internet
E. Permit all networks SMTP access to the Internet
                          C



Answer: A, D, E
                   IT




Question: 445
You are configuring the Access Lists for your new Cisco Router. The following are the commands
          Be




That are entered into the router for the list configuration.
Router(config)#access-list 145 deny tcp any 10.10.0.0 0.0.255.255 eq 80
Router(config)#access-list 145 deny tcp any 10.10.0.0 0.0.255.255 eq 25
Router(config)#access-list 145 permit ip any any
Router(config)#interface Serial 0
Router(config-if)#ip access-group 145 in
Router(config-if)#interface Ethernet 0
Router(config-if)# ip access-group 145 in
Router(config-if)#interface Ethernet 1
Router(config-if)# ip access-group 145 in
Router(config-if)#interface Ethernet 2
Router(config-if)# ip access-group 145 in
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




Page 129 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574




                                                            om
                                               d      .c
                                            ie
                                      tif
A. Permit network 10.10.10.0 to access SMTP on the Internet
B. Permit network 10.10.10.0 to access SMTP on network 10.10.11.0
                               er


C. Permit network 10.10.10.0 to access SMTP on network 10.10.12.0
D. Deny network 10.10.10.0 to access Internet WWW sites
E. Permit network 10.10.10.0 to access Internet WWW sites
                         C



Answer: A, E
                  IT




Question: 446
You are configuring the Access Lists for your new Cisco Router. The following are the commands
         Be




That are entered into the router for the list configuration.
Router(config)#access-list 117 deny tcp any 10.10.0.0 0.0.255.255 lt 1024
Router(config)#access-list 117 deny tcp 10.10.0.0 0.0.255.255 any eq 23
Router(config)# access-list 117 permit tcp 10.10.0.0 0.0.255.255 any lt 1024
Router(config)#access-list 117 permit ip any any
Router(config)#interface Serial 0
Router(config-if)#ip access-group 117 in
Router(config-if)#ip access-group 117 out
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




Page 130 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:      574




                                                            om
                                               d      .c
                                            ie
                                      tif
A. Permit Internet hosts Telnet to the 10.10.0.0 networks
B. Permit the 10.10.0.0 networks to access WWW sites on the Internet
                               er


C. Permit Internet hosts WWW access to the 10.10.0.0 networks
D. Permit the 10.10.0.0 networks Telnet access to each other
E. Permit Internet hosts SMTP access to the 10.10.0.0 networks
                         C



Answer: B, D
                  IT




Question: 447
You are configuring the Access Lists for your new Cisco Router. The following are the commands
          Be




That are entered into the router for the list configuration.
Router(config)#access-list 13 deny 10.10.10.0 0.0.0.255
Router(config)#access-list 13 permit 10.10.11.0 0.0.0.255
Router(config)#access-list 15 deny 10.10.12.0 0.0.0.255
Router(config)#access-list 15 permit 10.10.11.0 0.0.0.255
Router(config)#interface Ethernet 1
Router(config-if)#ip access-group 15 out
Router(config-if)#interface Ethernet 2
Router(config-if)#ip access-group 15 out
Based on this configuration, and using the exhibit, select the answers that identify what the list
will accomplish.




Page 131 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574




                                                             om
                                               d      .c
                                            ie
                                      tif
A. Deny network 10.10.10.0 from accessing network 10.10.11.0
B. Deny network 10.10.12.0 from accessing network 10.10.10.0
                               er


C. Permit network 10.10.12.0 access to all other networks
D. Deny network 10.10.10.0 from accessing network 10.10.12.0
E. Permit network 10.10.11.0 access to all other networks
                         C



Answer: A, D, E
                   IT




Question: 448
You have been given the task of router configuration and security in your network. One of the first
          Be




things you wish to do is to modify the Terminal password. Which of the following shows the
correct syntax for all the Terminal sessions?

A. line vty 0
   login
   password s3cr3+
B. line vty 4
   login
   password s3cr3+
C. line vty-0 4
   passwd s3cr3+
D. line vty 0 4
   login
   password s3cr3+
E. line vty 0 4
   password
   login s3cr3+



Page 132 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574

Answer: D

Question: 449
You are configuring your new Cisco router. During your configuration you wish to eliminate any
Security risks you can, as based on your organizational security policy. The policy states that the
Cisco Discovery Protocol is not to be used on any interface on any of the routers. What is the
command to turn off CDP for the entire router?

A. no cdp broadcast
B. cdp disable
C. no cdp enable
D. no cdp run
E. no cdp neighbors

Answer: D




                                                             om
Question: 450
You are configuring your new Cisco router. During your configuration you wish to eliminate any
security risks you can, as based on your organizational security policy. The policy states that the
Cisco Discovery Protocol is not to be used on any interface that is connected to the Internet.
What is the command to turn off CDP for a specific router interface?




                                                      .c
A. no cdp broadcast
B. cdp enable
C. no cdp enable
                                               d
                                            ie
D. no cdp run
E. no cdp neighbors
                                      tif

Answer: C
                               er


Question: 451
You are configuring a Cisco Router, and are creating Access Control Lists as part of the security
                         C



of the network. When creating Wildcard Masks, which of the following rules apply?
                   IT




A. If the wildcard mask bit is a 1, then do not check the corresponding bit of the IP address for a
   match.
B. If the wildcard mask bit is a 0, then do not check the corresponding bit of the IP address for a
          Be




   match.
C. If the wildcard mask bit is a 1, then do check the corresponding bit of the IP address for a
   match.
D. If the wildcard mask bit is a 0, then do check the corresponding bit of the IP address for a
   match.
E. To create a Wildcard Mask, always take the inverse of the Subnet Mask.

Answer: A, D

Question: 452
You are concerned about attacks against your network, and have decided to implement some
Defensive measure on your routers. If you have 3 interfaces, S1, S0, and E0, and you implement
the following configuration, what attack will you be defending against?
Router#config terminal
Router(config)# Interface Ethernet 0
Router(config-if)#no ip directed broadcast
Router(config-if)#Interface Serial 0
Router(config-if)#no ip directed broadcast

Page 133 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                      Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                  Total Questions:      574

Router(config-if)#Interface Serial 1
Router(config-if)#no ip directed broadcast
Router(config)#Z
Router#

A. Smurf
B. BO2K
C. SubSeven
D. Any Trojan
E. Any Worm

Answer: A

Question: 453
In order to add to your layered defense, you wish to implement some security configurations on
Your router. If you wish to have the router work on blocking TCP SYN attacks, what do you add to




                                                           om
the end of an ACL statement?

A. The IP addresses for allowed networks
B. The port range of allowed applications
C. The word Established




                                                     .c
D. The word Log
E. The string: no service udp-small-servers

Answer: C
                                                 d
                                              ie
Question: 454
                                       tif

You are building custom ACLs on your routers to prevent known attacks from being successful
Against your network. If you have configured and implemented the following statements, what two
                                er


attacks are you working towards preventing?
Router(config)#access-list 160 deny tcp any any eq 27665
Router(config)#access-list 160 deny udp any any eq 31335
                          C



Router(config)#access-list 160 deny udp any any eq 27444
Router(config)#access-list 160 deny tcp any any eq 6776
                   IT




Router(config)#access-list 160 deny tcp any any eq 6669
Router(config)#access-list 160 deny tcp any any eq 2222
Router(config)#access-list 160 deny tcp any any eq 7000
         Be




A. A SYN Attack
B. A Land Attack
C. TRIN00 DDoS Attack
D. SubSeven DDoS Attack
E. A Spoofing Attack

Answer: C, D

Question: 455
If you configure an access-list to block the following networks, what are you trying to protect
against?
Network 127.0.0.0/8, Network 0.0.0.0\0, Network 10.0.0.0\8, Network 172.16.0.0\16, and Network
192.168.0.0\16.

A. You are trying to protect against hijacking
B. You are trying to protect against spoofing
C. You are trying to protect against sniffing

Page 134 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                      Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                  Total Questions:       574

D. You are trying to protect against splicing
E. You are trying to protect against capturing

Answer: B

Question: 456
You are going to enable a new Auditing and Logging system in your network. What are the
methods of Logging on a Cisco router?

A. Console Logging
B. Terminal Logging
C. Buffered Logging
D. SMTP Logging
E. Syslog Logging

Answer: A, B, C, E




                                                           om
Question: 457
During your review of the logs of your Cisco router, you see the following line. What is the
meaning of this line?
%SYS-5-CONFIG_I: Configured from console by vty1 (172.16.10.1)




                                                     .c
A. A normal, but noteworthy event
B. An informative message
C. A warning condition has occurred
                                                d
                                             ie
D. A debugging message
E. An error condition has occurred
                                       tif

Answer: A
                                er


Question: 458
The exhibit shows a router with three interfaces E0, E1 and S0. Interfaces E0 and E1 are
                          C



connected to internal networks 192.168.10.0 and 192.168.20.0 respectively and interface S0 is
connected to the Internet. The objective is to deny access to the Internet to the single host
                   IT




192.168.20.16 while allowing others. This same host should be allowed to access resources in
192.168.10.0. From the following, select all the access list statements that are required to make
this possible.
          Be




Page 135 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                      Exam Code:           SC0-411
Doc Type:          Q & A with Explanations                  Total Questions:     574




                                                          om
                                              d     .c
                                           ie
                                     tif
A. access-list 23 deny 192.168.20.16 0.0.0.0
B. access-list 80 deny 192.168.20.16 0.0.0.0
C. access-list 23 deny 192.168.20.16 0.0.0.0
                              er


D. access-list 80 permit 0.0.0.0 255.255.255.255
E. int S0, ip access-group 80 out
                         C



F. int S0, ip access-group 23 out
                  IT




Answer: B, D, E

Question: 459
          Be




Your new Cisco router has many different modes of authentication. What are the two main
categories of authentication to the Cisco router?

A. Kerberos
B. The AAA Method
C. RADIUS
D. The Non-AAA Method
E. TACACS

Answer: B, D

Question: 460
You have decided to implement SSH for communicating to your router. What does SSH use to
establish a secure channel of communication?

A. RSA Public Key Cryptography
B. DES Public Key Cryptography
C. MD5 Private Key Cryptography


Page 136 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                       Exam Code:           SC0-411
Doc Type:          Q & A with Explanations                   Total Questions:     574

D. MD5 Public Key Cryptography
E. RSA Private Key Cryptography

Answer: A

Question: 461
To implement Access Lists you are going to have to create Wildcard Masks. You are configuring
A wildcard mask to use for the subnet 10.15.10.32 / 255.255.255.224. Which of the following
wildcard masks will you use for this subnet?

A. 255.255.255.0
B. 0.0.0.224
C. 255.255.255.224
D. 0.0.0.31
E. 10.15.10.0




                                                           om
Answer: D

Question: 462
The exhibit represents a simple routed network. Node 7 is a Windows NT 4.0 Workstation that
establishes a TCP communication with Node 10, a Windows 2000 Professional host. The routers




                                                     .c
are Cisco 2500 series running IOS 11.2. While working at Node 10, you run a packet capture.
Packets received by Node 10, and sent from Node 7 will reveal which of the following
                                              d
combination of destination IP and destination Physical addresses:
                                           ie
                                     tif
                              er
                         C
                  IT
          Be




A. destination IP address 10.0.10.115, destination Physical address for Node 7
B. destination IP address 50.0.50.150, destination Physical address for Node 7
C. destination IP address 50.0.50.150, destination Physical address for Node 10


Page 137 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                        Exam Code:          SC0-411
Doc Type:           Q & A with Explanations                    Total Questions:    574

D. destination IP address 10.0.10.115, destination Physical address Router D's Int E0
E. destination IP addresses for both Nodes 7 and Router D's Int E0, destination Physical address
   for both Nodes 7 and Router D's Int E0.

Answer: C

Question: 463
Which of the following is a distance vector routing protocol algorithm?

A. Bell-Lapuda
B. Diffie-Hellman
C. Dijkstra
D. Bellman-Ford
E. Floyd-Warshall
F. Cisco-Ebert




                                                             om
Answer: D

Question: 464
In order to properly manage the network traffic in your organization, you need a complete
understanding of protocols and networking models. In regards to the 7-layer OSI model, what is




                                                       .c
the function of the Network Layer?

                                                d
A. The Network layer allows two applications on different computers to establish, use, and end a
   session. This layer establishes dialog control between the two computers in a session,
                                             ie
   regulating which side transmits, plus when and how long it transmits.
B. The Network layer manages logical addresses. It also determines the route from the source
                                      tif

   to the destination computer and manages traffic problems, such as routing, and controlling
   the congestion of data packets.
                               er


C. The Network layer packages raw bits from the Physical (Layer 1) layer into frames (structured
   packets for data). Physical addressing (as opposed to network or logical addressing) defines
   how devices are addressed at the data link layer. This layer is responsible for transferring
                          C



   frames from one computer to another, without errors. After sending a frame, it waits for an
   acknowledgment from the receiving computer.
                    IT




D. The Network layer transmits bits from one computer to another and regulates the
   transmission of a stream of bits over a physical medium. For example, this layer defines how
   the cable is attached to the network adapter and what transmission technique is used to send
         Be




   data over the cable.
E. The Network layer handles error recognition and recovery. It also repackages long
   messages, when necessary, into small packets for transmission and, at the receiving end,
   rebuilds packets into the original message. The corresponding Network layer at the receiving
   end also sends receipt acknowledgments.

Answer: B

Question: 465
Network Monitor was run on a Windows 2000 Server. The exhibit shows the actual contents of a
Network Monitor capture file. What are the IP addresses of the source and destination hosts
involved in this communication? To help you determine the two hosts, they have been outlined
within the captured content.




Page 138 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574



A. 10.18.10.211 & 10.18.71.12
B. 10.28.33.131 & 10.28.64.20
C. 172.16.30.1 & 172.16.30.2
D. 17.26.30.1 & 19.26.30.2
E. 212.168.15.1 & 192.168.15.2

Answer: C

Question: 466
One of the firewalls in your organization has been moved and requires a new configuration. While
You work on the new configuration, you remember that there is an application that has been
developed in-house that uses Unicast addressing. You tell your assistant this, and are asked
what Unicast is. Which of the following best describes Unicast?

A. Unicast is the term used to describe communication where a piece of information is sent from




                                                             om
   one or more points to a set of other points.
B. Unicast is the term used to describe communication where a piece of information is sent from
   many points to one single point.
C. Unicast is the term used to describe communication where a piece of information is sent from
   one point to all other points.




                                                       .c
D. Unicast is the term used to describe communication where several pieces of information are
   sent from one or more points to all other points.
                                               d
E. Unicast is the term used to describe communication where a piece of information is sent from
   one point to another point.
                                            ie
Answer: E
                                      tif

Question: 467
                               er


You are running a packet capture to check for invalid and suspicious network traffic in your
organization. You suspect that someone is running a SYN Flood against the network. Which of
the following represents the correct process of the three-way handshake?
                          C



A. 1. Client to Server - ACK; 2. Server to Client - SYN / ACK; 3. Client to Server - SYN
                   IT




B. 1. Client to Server - SYN; 2. Server to Client - SYN / ACK; 3. Client to Server - ACK
C. 1. Client to Server - SYN; 2. Server to Client - ACK / ACK; 3. Client to Server - ACK
D. 1. Client to Server - ACK; 2. Server to Client - ACK / ACK; 3. Client to Server - SYN
          Be




E. 1. Client to Server - ACK; 2. Server to Client - SYN / SYN; 3. Client to Server - SYN

Answer: B

Question: 468
On your firewall you are allowed to make rules based on a variety of different addresses. You
wish to implement rules based on logical addresses. Which of the following layers of the OSI
model specifies logical addressing?

A. The Physical layer
B. The Data Link layer
C. The Session Layer
D. The Transport Layer
E. The Network Layer

Answer: E

Question: 469

Page 139 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:      574

You are setting up a Web server for your company. You are implementing a Windows 2000
Server to host the sites. One site needs to be secured using HTTPS. You have a firewall on the
network and need to allow the traffic through to the server. Which port on the firewall do you need
to open?

A. 23
B. 25
C. 53
D. 80
E. 443

Answer: E

Question: 470
You are training some network administrators to analyze log files. Some of the logs present IP
Addresses in binary. You explain the usefulness of reading addresses in multiple formats. You




                                                             om
demonstrate several conversions between decimal and binary. What is the decimal equivalent of
the following binary IP address:
11001111.10001010.01101101.01110001

A. 197.138.119.113




                                                      .c
B. 217.126.109.213
C. 217.138.119.113
D. 197.136.119.117
E. 207.138.109.113
                                               d
                                            ie
Answer: E
                                      tif

Question: 471
                               er


You are training some network administrators to analyze log files. Some of the logs present IP
addresses in binary. You explain the usefulness of reading addresses in multiple formats. You
demonstrate several conversions between decimal and binary. What is the binary equivalent of
                         C



the following IP address:
13.10.191.1
                   IT




A. 00011001.00001010.10111111.00000001
B. 00001101.00011010.10111111.00000001
         Be




C. 00001101.00001010.10111111.00000001
D. 01011001.00001010.00001010.00000001
E. 00001101.00001010.11110111.00000001

Answer: C

Question: 472
You are configuring the IP addressing for your network. One of the subnets has been defined with
addresses already. You run ifconfig on a host and determine that it has an address of
172.18.32.54 with a mask of 255.255.254.0. What is the network ID to which this host belongs?

A. 172.18.0.0
B. 0.0.32.0
C. 172.0.0.0
D. 172.18.32.32
E. 172.18.32.0

Answer: E

Page 140 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                     Exam Code:             SC0-411
Doc Type:            Q & A with Explanations                 Total Questions:       574



Question: 473
You are configuring the IP addressing for your network. One of the subnets has been defined with
addresses already. You run ifconfig on a host and determine that it has an address of
10.12.32.18/14. What is the broadcast address for this network?

A. 0.0.0.0
B. 10.255.255.255
C. 10.12.0.0
D. 10.12.255.255
E. 10.15.255.255

Answer: E

Question: 474
You are using Network Monitor in Windows 2000 to perform packet captures. What are the three




                                                           om
Panes that present the details of a packet, once you have viewed the summary of all the packets
captured?

A. Summary Pane
B. Packet Pane




                                                     .c
C. Collection Pane
D. Detail Pane
E. Hex Pane                                     d
                                             ie
Answer: A, D, E
                                       tif

Question: 475
In order to properly manage the network traffic in your organization, you need a complete
                                er


understanding of protocols and networking models. In regards to the 7-layer OSI model, what is
the function of the Physical Layer?
                           C



A. The Physical layer allows two applications on different computers to establish, use, and end a
   session. This layer establishes dialog control between the two computers in a session,
                     IT




   regulating which side transmits, plus when and how long it transmits.
B. The Physical layer manages logical addresses. It also determines the route from the source
   to the destination computer and manages traffic problems, such as routing, and controlling
          Be




   the congestion of data packets.
C. The Physical layer packages raw bits from the Physical (Layer 1) layer into frames
   (structured packets for data). Physical addressing (as opposed to network or logical
   addressing) defines how devices are addressed at the data link layer. This layer is
   responsible for transferring frames from one computer to another, without errors. After
   sending a frame, it waits for an acknowledgment from the receiving computer.
D. The Physical layer transmits bits from one computer to another and regulates the
   transmission of a stream of bits over a physical medium. For example, this layer defines how
   the cable is attached to the network adapter and what transmission technique is used to send
   data over the cable.
E. The Physical layer handles error recognition and recovery. It also repackages long
   messages, when necessary, into small packets for transmission and, at the receiving end,
   rebuilds packets into the original message. The corresponding Physical layer at the receiving
   end also sends receipt acknowledgments.

Answer: D

Question: 476

Page 141 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                        Exam Code:            SC0-411
Doc Type:            Q & A with Explanations                    Total Questions:      574

If you are looking for plain-text ASCII characters in the payload of a packet you capture using
Network Monitor, which Pane will provide you this information?

A. Summary Pane
B. Packet Pane
C. Collection Pane
D. Hex Pane
E. Detail Pane

Answer: D

Question: 477
You are introducing a co-worker to the security systems in place in your organization. During the
discussion you begin talking about the network, and how it is implemented. You decide to run a
packet capture to identify different aspects of network traffic for your co-worker. In the packet
capture you are able to identify Protocol IDs. What is the IP Protocol ID for TCP?




                                                                om
A. Protocol ID 217
B. Protocol ID 44
C. Protocol ID 6
D. Protocol ID 17




                                                          .c
E. Protocol ID 4

Answer: C                                         d
                                               ie
Question: 478
In order to perform promiscuous mode captures using the Ethereal capture tool on a Windows
                                         tif

2000 machine, what must first be installed?
                                 er


A. IPv4 stack
B. IPv6 stack
C. WinPcap
                           C



D. Nothing, it will capture by default
E. At least two network adapters
                     IT




Answer: C
          Be




Question: 479
In an IP Header, what is the function of the first four bits?

A. To define the type
B. To define the source port number
C. To define the destination port number
D. To define the IP Version
E. To define the upper layer protocol

Answer: D

Question: 480
You are trouble-shooting a Windows 2000 File Server. The trouble seems to be that some clients
Can establish sessions with the server while others cannot. You verify that networking
components such as the network card and associated driver are installed and configured
properly. To further aid your investigation you enable Network Monitor and configure it to capture
all transmissions to and from the server. You start the capture and ping the loopback adapter and
notice no activity in Network Monitor, even though the ping is successful. You then ping the IP

Page 142 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                       Exam Code:             SC0-411
Doc Type:            Q & A with Explanations                   Total Questions:       574

address of your server, 10.0.10.236. Again, while the ping itself is successful, you notice that no
packets have been captured by Network Monitor. You then call a co-worker and ask her to ping
your server's IP address. Not only is the ping successful, but Network Monitor captures the
packets. You then go to Microsoft's Technet web site to do some research about this matter and
find the answer. Why were you unable to capture ping packets of your loopback adapter?

A. The loopback adapter was unplugged
B. The loopback adapter driver was for Windows 98
C. The BIOS on the motherboard was not configured to recognize the loopback adapter.
D. Loopback drivers bypass the network adapter card completely.
E. You need a cross-over cable when working with a loopback adapter.

Answer: D

Question: 481
During your packet capture of traffic to check if your network is getting hit by a Denial of Service




                                                             om
attack, you analyze TCP headers. You notice there are many headers that seem to have the
same SEQ number, with the responding computer using different SEQ and ACK numbers in
response. If you are analyzing a normal three-way handshake between two Windows 2000
nodes, and the first packet has a SEQ of 0x2F0CFFD2, what will the responding computer use as
an ACK?




                                                       .c
A. 1x2F0CFFF2
B. 0x2F0CFFF2
C. 1x2F0CFFD1
                                                d
                                             ie
D. 0x2F0CFFD1
E. 0x2F0CFFD3
                                       tif

Answer: E
                                er


Question: 482
Your organization has created a multicast application that sends out sales reports to all the
                           C



salespeople on a weekly basis. You are running a network sniffer to capture multicast packets
during the testing of the application. Which IP address range is reserved for Multicast?
                     IT




A. 224.0.0.0 /4
B. 169.254.0.0 /16
          Be




C. 172.16.0.0 /12
D. 192.168.0.0 /16
E. 10.0.0.0 /8

Answer: A

Question: 483
Your network is a mixed environment of Windows, Linux, UNIX, and Novell computers. The
routers are primarily Cisco and the network uses a T-1 to connect to the Internet. You are
experimenting with setting up Telnet in a production environment for internal use only. So you
configured Telnet on a server. You do not want this server to receive any requests from anywhere
but the internal network. Therefore you have decided to block Telnet at the firewall. Which port
will you block at the firewall?

A. 23
B. 25
C. 53
D. 80

Page 143 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:         SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:   574

E. 119

Answer: A

Question: 484
In an ICMP Message, what is the function of the first eight bits?

A. To define the source port number
B. To define the type
C. To define the destination port number
D. To define the IP Version
E. To define the upper layer protocol

Answer: B

Question: 485




                                                             om
In order to properly manage the network traffic in your organization, you need a complete
understanding of protocols and networking models. In regards to the 7-layer OSI model, what is
the function of the Transport Layer?

A. The Transport layer allows two applications on different computers to establish, use, and end




                                                       .c
   a session. This layer establishes dialog control between the two computers in a session,
   regulating which side transmits, plus when and how long it transmits.
                                                d
B. The Transport layer manages logical addresses. It also determines the route from the source
   to the destination computer and manages traffic problems, such as routing, and controlling
                                             ie
   the congestion of data packets.
C. The Transport layer packages raw bits from the Physical (Layer 1) layer into frames
                                       tif

   (structured packets for data). Physical addressing (as opposed to network or logical
   addressing) defines how devices are addressed at the data link layer. This layer is
                                er


   responsible for transferring frames from one computer to another, without errors. After
   sending a frame, it waits for an acknowledgment from the receiving computer.
D. The Transport layer transmits bits from one computer to another and regulates the
                          C



   transmission of a stream of bits over a physical medium. For example, this layer defines how
   the cable is attached to the network adapter and what transmission technique is used to send
                   IT




   data over the cable.
E. The Transport layer handles error recognition and recovery. It also repackages long
   messages, when necessary, into small packets for transmission and, at the receiving end,
         Be




   rebuilds packets into the original message. The corresponding Transport layer at the
   receiving end also sends receipt acknowledgments.

Answer: E

Question: 486
The three-way handshake utilizes three steps, identified as: Step 1, 2 and 3, that take place
between a client and a server in order to establish a TCP connection. In Step 2 of the three-way
handshake, the Server is said to be performing:

A. An Active Open
B. A Passive Open
C. Both Active and Passive Open
D. A Passive Open, while simultaneously closing the Client's Active Open
E. An Active Open, while simultaneously closing the Client's Passive Open

Answer: B


Page 144 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:           SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:     574

Question: 487
As per the specifications of the RFC on TCP, identify from the list below the correct order of the
Control Bits in the TCP header from the left to the right (i.e., in the order they are sent):

A. PSH, URG, ACK, RST, SYN, FIN
B. SYN, FIN, ACK, PSH, RST, URG
C. ACK, SYN, FIN, URG, PSH, RST
D. URG, ACK, PSH, RST, SYN, FIN
E. FIN, SYN, URG, ACK, PSH, RST

Answer: D

Question: 488
Recently you feel your network has been attacked by people sending out of spec packets to your
Firewall in order to get past the firewall rules. You have decided that you will capture all the
packets on the firewall segment with network monitor to analyze the TCP headers for proper use.




                                                             om
If you capture a packet that is the second part of a legitimate three way handshake, with a SEQ of
0xF8ADCCEA and an AQK of 0xD36077B0, what will the responding host send back in packet
three of the three way handshake?

A. SEQ 0xD36077C9, ACK 0xF8ADCCEB




                                                       .c
B. SEQ 0xD36077B0, ACK 0xF8ADCCEB
C. SEQ 0xD36077B1, ACK 0xF8ADCCEB
D. SEQ 0xD36077C9, ACK 0xF8ADCCE0
E. SEQ 0xD36077B0, ACK 0xF8ADCCE0
                                                d
                                             ie
Answer: B
                                      tif

Question: 489
                               er


What is the bit length of an IPv6 address?

A. 16 bits
                          C



B. 24 bits
C. 48 bits
                   IT




D. 64 bits
E. 128 bits
          Be




Answer: E

Question: 490
Which of the following represent an IPv6 address?

A. FEDC.BA98.7654.3210.FEDC.BA98.7654.3210
B. FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
C. 192.168.10.1
D. 192:168:10:1
E. FE:192.168.10.1:DC

Answer: B

Question: 491
Which of the following are reasons that a migration to IPv6 will take place?

A. IPv4 Address do not perform NAT efficiently
B. IPv4 Addresses are running out

Page 145 of 166
Exam Name:           Hardening the Infrastructure
Exam Type:           SCP                                     Exam Code:            SC0-411
Doc Type:            Q & A with Explanations                 Total Questions:      574

C. IPv4 Routing Tables are too large
D. IPv4 Private addressing is insufficient
E. IPv4 Addresses cannot scale to very large networks

Answer: B, C

Question: 492
Which of the following presents an address that can be used during the transition of the
department from IPv4 to IPv6?

A. ::ffff:192.168.10.1
B. 192.168.10.1:ffff::
C. :ffff:192.168.10.1
D. 192.168.10.1:ffff:
E. ::ff:192:168:10:1




                                                           om
Answer: A

Question: 493
What is the loopback address used for IPv6?




                                                     .c
A. 127.0.0.1
B. 127:0:0:1
C. ff::1
D. :f:1
                                                d
                                             ie
E. ::1
                                       tif

Answer: E
                                er


Question: 494
What are the three types of addresses in an IPv6 implementation?
                           C



A. Unicast
B. Multicast
                    IT




C. Broadcast
D. Directcast
E. Anycast
          Be




Answer: A, B, E

Question: 495
Which of the following is implemented in an IPv6 environment, which helps to increase security?

A. EFS
B. IPsec
C. Caching
D. S/MIME
E. Destination and Source Address Encryption

Answer: B

Question: 496
Your office branch has been assigned the network address of 10.10.0.0/16 by the Corporate HQ.
Presently your network addressing scheme has these addresses split into eight networks as
shown below:

Page 146 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                            Exam Code:         SC0-411
Doc Type:           Q & A with Explanations                        Total Questions:   574

1: 10.10.0.0/19
2: 10.10.32.0/19
3: 10.10.64.0/19
4: 10.10.96.0/19
5: 10.10.128.0/19
6: 10.10.160.0/19
7: 10.10.192.0/19
8: 10.10.224.0/19
You need to take the currently unused network block 10.10.160.0/19 and further divide it into four
networks for use by a satellite branch that is being created on the top floor of your building. What
will the new subnet mask be for these new networks?

A. 255.255.248.0
B. 255.255.0.0
C. 255.248.0.0
D. 255.255.240.0




                                                              om
E. 255.255.255.0

Answer: A

Question: 497




                                                        .c
Your company has been assigned the network address of 172.16.0.0/16. Presently your branch
has been given the unused address block 172.16.150.0/24. It is your job to split your branch's
                                                d
address block into 16 equal networks. What subnet mask will you be using for your branch's
networks?
                                             ie
A. 255.255.255.248
                                       tif

B. 255.255.255.192
C. 255.255.255.164
                                er


D. 255.255.255.252
E. 255.255.255.240
                          C



Answer: E
                   IT




Question: 498
In a TCP Header, what is the function of the first sixteen bits?
          Be




A. To define the type
B. To define the IP Version
C. To define the destination port number
D. To define the upper layer protocol
E. To define the source port number

Answer: E

Question: 499
In a UDP Header, what is the function of the first sixteen bits?

A. To define the upper layer protocol
B. To define the source port number
C. To define the destination port number
D. To define the IP Version
E. To define the type

Answer: B

Page 147 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                      Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                  Total Questions:       574



Question: 500
If you are using a Windows 2000 Server, and enter a command that provides the following output
in the Command Prompt, what command did you type?
Interface 4 (site 1): 10101
uses Neighbor Discovery
link-level address: 00-d0-09-7f-0b-21
duplicate address: fe80::2d0:9ff:fe7f:b21,
infinite/infinite

A. ping if 4
B. ipv6ping if 4
C. ipv6 adapter 4
D. ipv6 if
E. ipconfig 4




                                                           om
Answer: D

Question: 501
You suspect an increase in malicious traffic on your network. You run several packet captures to
analyze traffic patterns and look for signs of intruders. While studying the packets, you are




                                                     .c
currently looking for UDP packets. You choose to use the IP Protocol ID to locate different kinds
of packets. What is the IP Protocol ID of UDP?

A. 1
                                               d
                                            ie
B. 6
C. 17
                                      tif

D. 25
E. 9
                               er


Answer: C
                          C



Question: 502
Your network is a mixed environment of Windows, Linux, UNIX, and Novell computers. The
                    IT




routers are primarily Cisco and the network uses a T-1 to connect to the Internet. You are
experimenting with setting up a mail server in a production environment for internal use only. So
you configure SMTP on a server. You do not want this mail server to receive any requests from
         Be




anywhere but the internal network. Therefore you have decided to block incoming SMTP traffic at
the Firewall. Which port will you block at the Firewall?

A. 23
B. 80
C. 53
D. 25
E. 110

Answer: D

Question: 503
According to the Internet Assigned Numbers Authority, port numbers are divided into three
ranges – the Well-Known Ports, the Registered Ports and the Dynamic and/or Private Ports. The
Well Known ports range from:

A. 0-255
B. 0-1023

Page 148 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:              SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:        574

C. 1-1024
D. 1024-49151
E. 1024-4999

Answer: B

Question: 504
You are introducing a co-worker to the security systems in place in your organization. During the
discussion you begin talking about the network, and how it is implemented. You mention
something in RFC 791, and are asked what that is. What does RFC 791 specify the standards
for?

A. IP
B. TCP
C. UDP
D. ICMP




                                                               om
E. Ethernet

Answer: A

Question: 505




                                                         .c
As per the specifications of the RFC on TCP, within the TCP header, port numbers are used to
identify the application layer protocols. From the list below identify the correct statement on the bit
values of both the source and destination ports: d
                                              ie
A. The Source Port is a 32-bit number, the Destination Port is a 32-bit number
B. The Source Port is a 16-bit number, the Destination Port is a 16-bit number
                                        tif

C. The Source Port is a 16-bit number, the Destination Port is a 32-bit number
D. The Source Port is a 32-bit number, the Destination Port is a 16-bit number
                                er


E. The Source Port is a 48-bit number, the Destination Port is a 16-bit number

Answer: B
                           C



Question: 506
                   IT




What is the name of the informational page that is relevant to a particular command in Linux?

A. Readme Page
         Be




B. Lnx_nfo Page
C. Man Page
D. X_Win Page
E. Cmd_Doc Page

Answer: C

Question: 507
You have a Windows 2000 Server that you have been told must be reached by the Internet.
Although you recommend against it, you are instructed to provide Telnet service to authorized
users through this server. In order to increase security by restricting access to the Telnet server,
you choose to restrict access to a single group of users. Which of the following techniques will
allow you to restrict Telnet access as you are required?

A. Creating a TelnetClients group and include within this group those users you wish to grant
   access to the Telnet server.
B. Configuring the properties of the Telnet Service to allow only a list of users to access the
   service.

Page 149 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                       Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                   Total Questions:      574

C. Configuring the properties of the RPC Service (as Telnet Service is dependent on RPC) to
   allow only a group of users to access the service.
D. Configuring the properties of the RPC Locator Service (as Telnet Service is dependent on
   RPC) to allow only a group of users to access the service.
E. Creating a hardware profile and configuring the Telnet Service to start only when this
   hardware profile is chosen upon login.

Answer: A

Question: 508
At the root@linuxbox$ prompt on a Linux machine you type ls -l b.doc and the output reads:
-rw-rw-r-- 1 simon users 31337 Oct 5 11:21 b.doc
According to this output, which of the following is true?

A. b.doc is a word document
B. Nobody but the owner can execute this file




                                                            om
C. This file is infected by the Netbus trojan
D. Nobody can read this file
E. Everyone can read this file

Answer: E




                                                      .c
Question: 509
                                                d
You are running a Linux Server for your organization. You realize after a security scan that the
Telnet service is accepting connections, which you do not want. In order to disable the
                                             ie
computer's ability to accept incoming Telnet sessions, the easiest method for you to choose is
which of the following?
                                       tif

A. Remove the Telnet service from the server
                                er


B. Comment out the Telnet line in inetd.conf
C. Stop the Telnet service on the server
D. Pause the Telnet service on the server
                          C



E. Configure the firewall to block Telnet requests
                   IT




Answer: B

Question: 510
         Be




The computer you are currently using is running Linux, and you are logged into the system with
Your normal user account. An application you wish to run requires root access to execute. Which
of the following can you do to have the application execute, and not have the security of the
system lowered?

A. Log out as your user account, and log in as root
B. You cannot run an application as a user other than the one you are logged in as
C. Use the sw ID 0 command
D. Install the Switch User application, restart the computer, log in as root, then switch to your
   current user account and run the application
E. Use the su root command

Answer: E

Question: 511
If you encrypt or decrypt files and folders located on a remote computer that has been enabled for



Page 150 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:            SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:      574

remote encryption; the data that is transmitted over the network by this process is not encrypted.
In order to keep data encrypted as it is transmitted over the network, which of the following must
you do?

A. You must implement EFS.
B. You must implement B2 security for Windows.
C. You must use IPSec.
D. You must use a recovery agent.
E. You must transmit the entire folder, not individual files.

Answer: C

Question: 512
During the configuration of your Linux system, you are working with the available drives in the
computer. What syntax defines the First (Primary) IDE hard disk drive?




                                                                om
A. /dev/sda
B. /dev/fda
C. /dev/hd1
D. /dev/hda
E. /dev/fd1




                                                         .c
Answer: D

Question: 513
                                                  d
                                               ie
During the configuration of your Linux system, you are working with the available drives in the
computer. What syntax defines the first floppy disk drive?
                                        tif

A. /dev/fda
                                 er


B. /dev/hda
C. /dev/hd1
D. /dev/fd1
                           C



E. /dev/sda
                    IT




Answer: A

Question: 514
          Be




Which of the following pieces of information are found in the Inode, on a Linux system?

A. Directory Location
B. File ownership information
C. File size in Bytes
D. Filename
E. File access time

Answer: B, C, E

Question: 515
You have just finished installing new servers and clients in your office network. All the new
machines are running Windows 2000. You are now working on securing all user authentication
related areas of the systems. Where is user account information stored, both for the Domain and
the local machine?

A. Domain user account information is stored in the Active Directory.
B. Local user account information is stored in the SAM.

Page 151 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:         SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:   574

C. Local user account information is stored in the Active Directory.
D. Domain user account information is stored in the SAM.
E. Domain user account information is stored in the Metabase

Answer: A, B

Question: 516
When a new user account is created in Linux, what values are assigned?

A. Shell_GID
B. SetGID
C. SetUID
D. UID
E. GID

Answer: D, E




                                                             om
Question: 517
You wish to manage your Linux system remotely, using a web browser. Which of the following
tools will allow you to accomplish your task?




                                                       .c
A. Snort
B. Bastille
C. Tripwire
D. Webmin
                                                d
                                             ie
E. SSH
                                       tif

Answer: D
                                er


Question: 518
You fear an unauthorized program has taken control of your CPU in your Linux system. What
Command will you run to see the CPU percentage per application in real-time?
                          C



A. top
                   IT




B. netmon
C. ps
D. cpu_id
          Be




E. ps aux

Answer: A

Question: 519
There are several clients of your network that require the ability to connect remotely. You are
Using Internet Authentication Services (IAS) in Windows 2000 for security. What is IAS the
Windows implementation of?

A. MD5
B. DES
C. RSA
D. PKI
E. RADIUS

Answer: E

Question: 520

Page 152 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                          Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                      Total Questions:      574

You are going to use EFS to increase the security of the files and folders on your Windows 2000
Systems in your network. You wish to have complete knowledge of the process of EFS, so that
you may manage any situations or problems that may arise. What is file data encrypted with
when using EFS?

A. DES (Data Encryption Standard)
B. FEK (File Encryption Key)
C. DDF (Data Decryption Field)
D. DRF (Data Recovery Field)
E. RSA (Rivest Shamir Adelman

Answer: B

Question: 521
The security policy of your organization defines what data is to be locally encrypted and what is
not to be. You are running Windows 2000, which allows for local encryption, and you have data




                                                             om
that has been secured. Which of the following is the correct command for decrypting a subfolder
named "March" under a folder named "Financials"?

A. decrypt Financials/March
B. cipher /d Financials/March




                                                       .c
C. cipher /d Financials\March
D. decrypt Financials\March
E. cipher /d %sysroot%/Financials\March        d
                                            ie
Answer: C
                                      tif

Question: 522
Although you are aware of the many benefits of using EFS on your machine, you also are aware
                               er


of some of the limitations it can present. From the following answers, choose the ones that define
some of the negative limitations of files encrypted with EFS.
                          C



A. Encrypted files cannot be accessed by normal users
B. Encrypted files remain encrypted if using Microsoft Backup
                   IT




C. EFS does not cache any keys to the hard drive
D. EFS only works on Windows 2000 NTFS
E. Files that are encrypted with EFS cannot be compressed
          Be




Answer: D, E

Question: 523
You are setting the permissions on a new file in Linux. What will be the level of permission given
to the user if you assign an Octal value of 7?

A. rw-
B. r-x
C. ---
D. r--
E. rwx

Answer: E

Question: 524
You are making changes to your Windows 2000 file server, to increase security. You are aware
from your auditing that attackers have been trying to map your network and perform

Page 153 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                           Exam Code:          SC0-411
Doc Type:           Q & A with Explanations                       Total Questions:    574

reconnaissance. You wish to stop attackers from enumerating share names. What can you do to
stop this?

A. Disable the NULL Session under Local Policies, Security Options
B. Be sure that the ADMIN$ share has been removed
C. Be sure the %sysroot% is not accessible remotely
D. Disable the Traverse Folders option from the %sysroot% directory
E. Share Enumeration cannot be stopped. Enable Object Access logging to watch for this type of
   traffic pattern.

Answer: A

Question: 525
You have recently hired an assistant to help you with managing the security of your network. You
Are currently running an all Windows 2000 environment, and are describing the issues associated
with sharing folders. You describe different shared folder permissions. Which of the following




                                                                om
describes the maximum abilities of the Read permission?

A. Display folder names, filenames and data, and execute files
B. Rename files and folders, delete files and folders
C. Create folders, add files to folders, change or delete flies in folders




                                                         .c
D. Rename files and folders, and execute files
E. Change file permissions and take ownership of files

Answer: A
                                                 d
                                              ie
Question: 526
                                        tif

You are setting the permissions on a new file in Linux. What will be the level of permission given
to the user if you assign an Octal value of 6?
                                 er


A. rwx
B. rw-
                           C



C. r--
D. r-x
                    IT




E. ---

Answer: B
          Be




Question: 527
In Windows 2000, there are four methods of implementing IPSec. They are:
1 - Require Security
2 - Request Security
3 - Respond Only
4 - No IPSec Policy
Your network hosts many servers, and different security policies are in place in different locations
in the network. The Clients and Servers in your network are configured as follows:
-You have servers numbered 1-9, which have a policy stating they require no network traffic
security.
-You have servers numbered 10-19, which have a policy stating they are not required to be
secure, but will encrypt network traffic if the client is able to receive it.
-You have servers numbered 20-29, which have a policy stating they are required to be secure
and all network traffic they deliver must be secured.
-You have clients numbered 60-79 that are required to access secure servers 20-29.
-You have clients numbered 80-99 that are not required to access secure servers 20-29, but are
required to access servers 1-9 and 10-19.

Page 154 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:       574

Based on the Client and Server configuration provided above, which of the following computers
will implement IPSec method 4?

A. Computers numbered 1-9
B. Computers numbered 10-19
C. Computers numbered 20-29
D. Computers numbered 60-79
E. Computers numbered 80-99

Answer: A, E

Question: 528
You have a file on your Linux system, and you need to modify the file's permissions. The
permissions you wish to apply are: Read, Write, and Execute for the User; Read and Write for the
Group: and Read for the Others. What command will allow you to achieve this?




                                                             om
A. chmod 700 test_file.tar.gz
B. chmod 600 test_file.tar.gz
C. chmod 774 test_file.tar.gz
D. chmod 644 test_file.tar.gz
E. chmod 674 test_file.tar.gz




                                                       .c
Answer: C

Question: 529
                                                d
                                             ie
You have a file on your Linux system, and you need to modify the file's permissions. The
permissions you wish to apply are: Read, Write, and Execute for the User; Read for the Group:
                                       tif

and Read for the Others. What command will allow you to achieve this?
                                er


A. chmod 744 test_file.tar.gz
B. chmod 644 test_file.tar.gz
C. chmod 700 test_file.tar.gz
                          C



D. chmod 774 test_file.tar.gz
E. chmod 600 test_file.tar.gz
                   IT




Answer: A
          Be




Question: 530
In your Windows 2000 Active Directory enabled network it has been decided that Dynamic DNS
will be implemented. Once implemented this should help to minimize IP address to name
mapping issues. One of your assistants' wonders if using DDNS will present a single point of
failure for the network. Which of the following is the reason that this is not the case?

A. Each client builds a DNS table that can be shared if need be.
B. Each client is configured with an Internet DNS server address in addition to the internal server.
C. All the Windows 2000 servers maintain a copy of the DDNS database.
D. All the Windows NT domain controllers maintain a copy of the DDNS database.
E. All the Windows 2000 domain controllers maintain a copy of the DDNS database.

Answer: E

Question: 531
You are configuring a complex set of policies in your Windows 2000 Active Directory network.
You have parent and child GPOs. If you do not want the child GPO to inherit policy from the
parent GPO, you would do which of the following?

Page 155 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                       Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                   Total Questions:      574



A. Check the Block Policy Inheritance checkbox.
B. Uncheck the Disallow Inheritable Permissions to Traverse from Parent to Child Object box.
C. Uncheck the Reset Permissions on All Child Objects and Enable Propagation of Inheritable
   Permissions.
D. Check the Disallow Inheritable Permissions to Traverse from Parent to Child Object box.
E. You cannot block policy inheritance from parent to child GPOs.

Answer: A

Question: 532
As you configure your Red Hat Linux computer, you make sure to modify TCP Wrappers as
required by the security policy. What are two benefits that TCP Wrappers provides you with in
controlling the security of the system?

A. Connection Logging




                                                           om
B. Password Encryption
C. Network Encryption
D. Network Access Control
E. Secure Packet Encapsulation




                                                     .c
Answer: AD

Question: 533                                 d
You have just become the senior security professional in your office. After you have taken a
                                           ie
Complete inventory of the network and resources, you begin to work on planning for a successful
security implementation in the network. You are aware of the many tools provided for securing
                                     tif

Windows 2000 machines in your network. What is the function of Secedit.exe?
                               er


A.   This tool is used to set the NTFS security permissions on objects in the domain.
B.   This tool is used to create an initial security database for the domain.
C.   This tool is used to analyze a large number of computers in a domain-based infrastructure.
                         C



D.   This tool provides an analysis of the local system security configuration.
E.   This tool provides a single point of management where security options can be applied to a
                   IT




     local computer or can be imported to a GPO.

Answer: C
          Be




Question: 534
You are in the process of securing several new machine on your Windows 2000 network. To help
with the process Microsoft has defined a set of Security Templates to use in various situations.
Which of the following best describes the Secure Security Template?

A. This template is provided as a way to reverse the implementation of different Windows 2000
   security settings, except for user rights.
B. This template is provided so that Local Users have ideal security settings, while Power Users
   have settings that are compatible with NT 4 Users.
C. This template is provided to implement suggested security settings for all security areas,
   except for the following: files, folders, and Registry keys.
D. This template is provided to create the maximum level of security for network traffic between
   Windows 2000 clients.
E. This template is provided to allow for an administrator to run legacy applications on a DC.

Answer: C


Page 156 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                        Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                    Total Questions:       574

Question: 535
You have a file on your Linux system, and you need to modify the file's permissions. The
permissions you wish to apply are: Read and Write for the User; Read and Write for the Group:
and Read for the Others. What command will allow you to achieve this?

A. chmod 660 test_file.tar.gz
B. chmod 760 test_file.tar.gz
C. chmod 604 test_file.tar.gz
D. chmod 704 test_file.tar.gz
E. chmod 664 test_file.tar.gz

Answer: E

Question: 536
If you wish to change the permissions of a parent directory in your Linux system, and want the
permissions to be changed on the files and subdirectories in the parent directory to be the same,




                                                            om
what switch must you use?

A. -G
B. -R
C. -P




                                                      .c
D. -S
E. -F

Answer: B
                                               d
                                            ie
Question: 537
                                      tif

When a new user is created in Linux, what is the starting value for the assignment of a User
Identifier?
                                er


A. 0
B. 1
                         C



C. 100
D. 500
                  IT




E. 5000

Answer: D
          Be




Question: 538
The test.doc file on your Linux system that needs the ownership changed. You wish to have the
new owner of the file to be vp_finance. Which of the following is the command to change
ownership to the vp_finance user account?

A. ch_own vp_finance test_doc
B. chown vp_finance test.doc
C. chown test/doc vp_finance
D. chown vp_finance test/doc
E. ch_own vp_finance test.doc

Answer: B

Question: 539
The Forecast directory on your Linux system needs the ownership changed. You wish to change
the group ownership of the directory to marketing. Which of the following is the command to
change the ownership of the directory to the marketing group?

Page 157 of 166
Exam Name:            Hardening the Infrastructure
Exam Type:            SCP                                        Exam Code:             SC0-411
Doc Type:             Q & A with Explanations                    Total Questions:       574



A. ch_own .marketing /Forecast
B. chown /marketing /Forecast
C. chown .marketing /Forecast
D. ch_own /marketing /Forecast
E. chown /Forecast -g/marketing

Answer: C

Question: 540
If you have enabled the Shadow Password file on your Linux system, what will be visible as the
password for a user account in the /etc/passwd file?

A. An X for every character of the real password
B. An X for every character of the encrypted password
C. A single -




                                                              om
D. A single X
E. A single E

Answer: D




                                                        .c
Question: 541
You are configuring the permissions to a file, called file1, on your Linux file server. You wish to
                                                 d
change the permissions to remove the execute permission from the others and group. Which of
the following commands will complete this task?
                                              ie
A. umask x-og file1
                                        tif

B. umask og-x file1
C. chmod xog- file1
                                 er


D. chmod x-og file1
E. chmod og-x file1
                            C



Answer: E
                   IT




Question: 542
Which of the following fields are found in a user account's line in the /etc/passwd file?
         Be




A. The User Identifier assigned to the user account
B. The home directory used by the user account
C. The number of days since the user account password was changed
D. The full name for the user account
E. The number of days until the user account's password must change

Answer: A, B, D

Question: 543
Which of the following fields are found in a user account's line in the /etc/shadow file?

A. The User Identifier assigned to the user account
B. The home directory used by the user account
C. The hashed version of the user account's password
D. The number of days since the user account password was changed
E. The number of days until the user account's password must change

Answer: C, D, E

Page 158 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                         Exam Code:             SC0-411
Doc Type:          Q & A with Explanations                     Total Questions:       574



Question: 544
After you have configured your new Linux file server, a colleague wishes to check the permission
Settings on some files. You run the command to view the permissions, and the onscreen result is:
-rwx-rw-rw- 1 ps_admin root 2345 10:23 file1
Which of the following are true based on this output?

A. The owner has read, write, and execute permissions
B. The group has read, write, and execute permissions
C. The others have read, write, and execute permissions
D. ps_admin is the owner
E. root is the group

Answer: A, D, E

Question: 545




                                                            om
You are viewing the /etc/passwd file on your Red Hat Linux computer, and you see the following
entry:
root:23rs5:0:0:root:/root:/bin/bash In this entry, what does the 23rs5 mean?

A. It is the code for the time when the root account was created




                                                      .c
B. It is the group that the root account belongs to
C. It is the unencrypted password of the root account
                                               d
D. It is the login name that the root account is to use
E. It is the encrypted password of the root account
                                            ie
Answer: E
                                      tif

Question: 546
                               er


While configuring TCP Wrappers on your Linux system, you desire to create a line that will effect
Every local computer's access to the ftp service. Which of the following lines will achieve this
desired result?
                         C



A. NETWORK(LOCAL): in.ftpd
                   IT




B. in.ftpd: LOCAL
C. in.ftpd: NETWORK
D. in.ftpd: NETWORK(LOCAL)
          Be




E. LOCAL_NET: in.ftpd

Answer: B

Question: 547
On your Linux computer you are examining the contents of various files to ensure they are
secured and contain the designated information. Entries in the /etc/hosts file consist of which of
the following?

A. The IP address, the host-name and aliases (if any)
B. The IP address, subnet mask, the host-name (if any)
C. The IP address, subnet mask, the host-name and aliases (if any)
D. The IP address, subnet mask, default gateway and the host-name
E. The IP address, subnet mask, default gateway, the host-name and aliases (if any)

Answer: A

Question: 548

Page 159 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                          Exam Code:              SC0-411
Doc Type:           Q & A with Explanations                      Total Questions:        574

While configuring TCP Wrappers on your Linux system, you desire to create a line that will effect
The single host 10.20.23.45 accessing the telnet service. Which of the following lines will achieve
this desired result?

A. 10.20.23.45_HOST: in.telnetd
B. HOST(10.20.23.45): in.telnetd
C. in.telnetd: HOST_10.20.23.45
D. in.telnetd: ONLY_10.20.23.45/32
E. in.telnetd: 10.20.23.45

Answer: E

Question: 549
You are reviewing the lines used in the configuration of TCP Wrappers on your Linux system.
When placed in the denial file, what is the function of the following line?
in.telnetd: 192.168.23.: spawn (/bin/echo %c >> /var/log/telnet.log)




                                                               om
A. This line will initiate a Telnet connection to the 192.168.23.0/24 network.
B. This line will write a log line to the /bin/echo directory when a host tries to use Telnet to
   connect to the 192.168.23.0/24 network.
C. This line will initiate an ICMP echo request when a host from the 192.168.23.0/24 network




                                                         .c
   uses Telnet.
D. This line will write a log line that contains client information when a host from the
                                                 d
   192.168.23.0/24 network attempts to use Telnet.
E. This line will write a log line to the /var/log directory when a host tries to use Telnet to connect
                                              ie
   to the 192.168.23.0/24 network.
                                        tif

Answer: D
                                er


Question: 550
To increase the security of your Red Hat Linux system you have decided to implement control of
The services running with Xinetd. What is the name of the file that manages Xinetd?
                            C



A. /etc/system32/xinetd.d
                   IT




B. /etc/xinetd.d
C. /etc/xinetd.conf
D. /xinetd/config.conf
         Be




E. /xinetd/conf.d

Answer: C

Question: 551
You are configuring the security of a service using Xinetd. You wish to add a line to the
configuration of the service that grants access during the hours of 6AM to 7PM. Which of the
following lines will you need to add to the configuration to achieve this result?

A. access_from = 6:00 - 19:00
B. access_times = 6AM:7PM
C. access_from = 6AM:7PM
D. access_times = 6:00<->19:00
E. access_times = 6:00 - 19:00

Answer: E

Question: 552

Page 160 of 166
Exam Name:            Hardening the Infrastructure
Exam Type:            SCP                                     Exam Code:             SC0-411
Doc Type:             Q & A with Explanations                 Total Questions:       574

You are configuring the security of a service using Xinetd. You wish to add a line to the
configuration of the service that limits the number of simultaneous connections to a service at 5,
and defines the wait for new connections at 45 seconds. Which of the following lines will you
need to add to the configuration to achieve this result?

A. cps = 5 45
B. conn_5; time_45
C. conn=5; time=45
D. cps = 5:cps = 45
E. time=>45: conn=>5

Answer: A

Question: 553
You have decided to use NFS for file sharing in your network. Using a Linux box as the server,
what are the three primary configuration files you will need to modify to securely use NFS?




                                                            om
A. /etc/hosts.deny
B. /etc/hosts.allow
C. /etc/hosts/deny
D. /etc/exports




                                                      .c
E. /etc/hosts/allow

Answer: A, B, D                                  d
                                              ie
Question: 554
You are configuring the lines that control access to exported objects on your server running NFS.
                                        tif

If you have a directory called /Tech and you wish to export this directory to network
192.168.20.0/24, allowing root access, and the permissions of read and write, which of the
                                 er


following lines will accomplish this?

A. (RW) no_root_squash /Tech 192.168.20.0/24
                            C



B. /Tech 192.168.20.0/24 (rw) no_root_squash
C. (RW) no_root_squash 192.168.20.0/24 /Tech
                      IT




D. (RW)no_root_squash:/Tech 192.168.20.0/24
E. /Tech 192.168.20.0/24(rw) no_root_squash
          Be




Answer: E

Question: 555
You are using Samba on your Red Hat Linux system to share files with a Windows network. What
is the command to access the shared directory Finance on Windows machine Mktg_01 with user
account User_01 from your Linux machine?

A. net use //Mktg_01/Finance -U User_01
B. net use -U User_01 //Mtkg_01/Finance
C. smbclient \Mtkg_01\Finance -U User_01
D. smbclient \\Mtkg_01\\Finance -U User_01
E. smbclient //Mktg_01/Finance -U User_01

Answer: E

Question: 556
You are logged in to your Linux system as root. You are testing the command telinit. If you enter
The telinit 6 command, what will happen?

Page 161 of 166
Exam Name:              Hardening the Infrastructure
Exam Type:              SCP                                   Exam Code:            SC0-411
Doc Type:               Q & A with Explanations               Total Questions:      574



A. The system will enter Single-user Mode
B. The system will enter Multi-user Mode
C. The system will enter Multi-user Mode, with a Graphical Login
D. The system will reboot
E. The system will halt

Answer: D

Question: 557
You suspect that your root account has been compromised. What command can you run on your
Linux system, in the /var/log directory to see you the recent login activity of the root account?

A. root_access -R
B. -R root
C. last -U /acct:root




                                                            om
D. last -a -d root
E. last -R /acct:root

Answer: D




                                                       .c
Question: 558
What of the following user accounts are given the correct default User Identifier and Group
                                                   d
Identifier, assuming the system is running Red Hat Linux?
                                                ie
A. ftp: User Identifier 21, Group Identifier 21
B. root: User Identifier 0, Group Identifier 0
                                          tif

C. bin: User Identifier 1, Group Identifier 1
D. adm: User Identifier 3, Group Identifier 3
                                   er


E. mail: User Identifier 25, Group Identifier 25

Answer: B, C, D
                              C



Question: 559
                    IT




In Windows NT 4.0, before Service Pack 4 (SP4), there were only two supported methods of
authentication. What were those two methods?
          Be




A. NetBIOS
B. LM
C. NTLM
D. NTLMv2
E. Kerberos

Answer: B, C

Question: 560
You are planning the new authentication system for your Windows 2000 network. What are the
authentication methods available to you in your pure Windows 2000 network?

A. Kerberos
B. NTLM
C. NTLMv2
D. Smart Cards
E. IPSec


Page 162 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:       574

Answer: A, B, C, D

Question: 561
You run an enterprise network for a large company. There are a few isolated branches in the
company, that do not connect to the main network. You wish to increase the security of those
branches by implementing NTLMv2. Since, those branches are in areas of the world where
United States Export Restrictions are not met, what mode will NTLMv2 be installed in?

A. 512-bit mode
B. 256-bit mode
C. 128-bit mode
D. 64-bit mode
E. 56-bit mode

Answer: E




                                                              om
Question: 562
What do LM, NTLM, and NTLMv2 use as their Authentication method?

A. Challenge/Response
B. Public Key Cryptography




                                                        .c
C. Private Key Cryptography
D. Private Certificates
E. Public Certificates                          d
                                             ie
Answer: A
                                       tif

Question: 563
You are going to implement the Gold Standard on your Windows 2000 computer. Which of the
                                er


following are the correct settings of the Gold Standard?

A. Password History 0
                          C



B. Maximum Password Age 42
C. Minimum Password Length 8
                   IT




D. Maximum Password Age 90
E. Password History 24
F. Minimum Password Length 0
          Be




Answer: C, D, E

Question: 564
You are creating a new Auditing and Logging policy for your network. On a Windows 2000
system, if you wish to audit events like access to a file, folder, or printer, which of the following
options would you use?

A. Audit Account Logon Events
B. Audit Account Management
C. Audit Logon Events
D. Audit Object Access
E. Audit System Events

Answer: D

Question: 565


Page 163 of 166
Exam Name:         Hardening the Infrastructure
Exam Type:         SCP                                       Exam Code:            SC0-411
Doc Type:          Q & A with Explanations                   Total Questions:      574

You are creating a new Auditing and Logging policy for your network. On a Windows 2000
system, if you wish to audit events like the computer restarting, which of the following options
would you use?

A. Audit Account Logon Events
B. Audit Account Management
C. Audit Logon Events
D. Audit Object Access
E. Audit System Events

Answer: E

Question: 566
You are examining the Event IDs in your Windows 2000 network. There have been a large
number of failed attempts at logon in the network. What is the Event ID for a failed attempt at
Logon due to an unknown username or bad password?




                                                           om
A. 412
B. 529
C. 675
D. 749




                                                     .c
E. 855

Answer: B                                     d
                                           ie
Question: 567
You are examining the Event IDs in your Windows 2000 network. There have been a large
                                     tif

number of failed attempts at logon in the network. What is the Event ID for a failed attempt at
Logon due to an account being disabled?
                              er


A. 107
B. 230
                         C



C. 374
D. 413
                  IT




E. 531

Answer: E
         Be




Question: 568
You are examining the Event IDs in your Windows 2000 network. There have been a large
number of failed attempts at logon in the network. What is the Event ID for a failed attempt at
Logon due to an account having expired?

A. 231
B. 375
C. 414
D. 532
E. 676

Answer: D

Question: 569
You wish to add a new user to your Linux system. The user account is called Lnx_1,the password
Is QW3RTY, and the group is Users. What is the correct command to add this user account?


Page 164 of 166
Exam Name:          Hardening the Infrastructure
Exam Type:          SCP                                         Exam Code:             SC0-411
Doc Type:           Q & A with Explanations                     Total Questions:       574

A. adduser -g Users Lnx_1
B. useradd Lnx_1 +grp Users
C. useradd Lnx_1 +g Users
D. adduser g/Users u/Lnx_1
E. adduser g/Users -act Lnx_1

Answer: A

Question: 570
You are examining the Authentication Logs on your Windows 2000 server. Specifically, you are
looking for types of logon that were successful. Which of the following correctly match the Logon
Type with its numerical value?

A. Logon Type 0 - Interactive with Smart Card
B. Logon Type 1 - Network with Smart Card
C. Logon Type 2 - Interactive




                                                              om
D. Logon Type 3 - Network
E. Logon Type 7 - Unlock the Workstation

Answer: C, D, E




                                                        .c
Question: 571
You wish to increase the security of your Windows 2000 system by modifying TCP/IP in the
                                                d
Registry. To alter how Windows reacts to SYN Attacks, which three values are adjusted?
                                             ie
A. TCPMaxPortsExhausted
B. TCPMaxHalfOpen
                                       tif

C. TCPAllowedConnections
D. TCPMaxHalfOpenRetried
                                er


E. TCPAllowedSessions

Answer: A, B, D
                          C



Question: 572
                   IT




On your Windows 2000 system, you want to control inbound access to various ports. What
feature of Windows 2000 will allow you to do this?
          Be




A. Datagram Filtering
B. IPSec
C. EFS
D. TCP/IP Filtering
E. Session Management

Answer: D

Question: 573
Many security professionals find it is preferred to use the 'regedt32' Registry editor over the
'regedit' editor. Why is 'regedt32' the preferred method, from a security perspective, of editing the
Registry?

A. With regedt32 you can search for keys, values and data
B. With regedt32 you can specify permissions for individual keys
C. With regedt32 you can encrypt individual keys
D. Keys created with regedt32 cannot be viewed with regedit
E. With regedt32 you can choose to open the registry in read-only mode

Page 165 of 166
Exam Name:        Hardening the Infrastructure
Exam Type:        SCP                                      Exam Code:           SC0-411
Doc Type:         Q & A with Explanations                  Total Questions:     574



Answer: B, E

Question: 574
You wish to add a new group to your Linux system. The group is called SCNP_Admins, and is to
be given a Group Identifier of 1024. What is the correct command to add this new group?

A. addgroup SCNP_Admins -id 1024
B. groupadd -g 1024 SCNP_Admins
C. addgroup SCNP_Admins id/1024
D. groupadd id/1024 g/SCNP_Admins
E. groupadd g/1024 SCNP_Admins

Answer: B




                                                         om
                                       End of Document




                                             d     .c
                                          ie
                                    tif
                             er
                        C
                  IT
         Be




Page 166 of 166

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:111
posted:5/20/2011
language:English
pages:166
Description: BeITCertified SCP Free Download Actual SC0-411 exam questions dumps as PDF