SCP SC0-502 問題集

質問 1：
GlobalCorp is a company that makes state of the art aircraft for commercial and government use. Recently GlobalCorp has been working on the next generation of low orbit space vehicles, again for both commercial and governmental markets.
GlobalCorp has corporate headquarters in Testbed, Nevada, USA. Testbed is a small town, with a population of less than 50,000 people. GlobalCorp is the largest company in town, where most families have at least one family member working there.
The corporate office in Testbed has 4,000 total employees, on a 40-acre campus environment. The largest buildings are the manufacturing plants, which are right next to the Research and Development labs. The manufacturing plants employee approximately 1,000 people and the R&D labs employ 500 people. There is one executive building, where approximately 500 people work. The rest of the employees work in Marketing, Accounting, Press and Investor Relations, and so on. The entire complex has a vast underground complex of tunnels that connect each building.
All critical functions are run from the Testbed office, with remote offices around the world. The remote offices are involved in marketing and sales of GlobalCorp products. These offices also perform maintenance on the GlobalCorp aircraft and will occasionally perform R&D and on-site manufacturing.
There are 5 remote offices, located in: New York, California, Japan, India, and England. Each of the remote offices has a dedicated T3 line to the GlobalCorp HQ, and all network traffic is routed through the Testbed office the remote offices do not have direct Internet connections.
You had been working for two years in the New York office, and have been interviewing for the lead security architect position in Testbed. The lead security architect reports directly to the Chief Security Officer (CSO), who calls you to let you know that you got the job. You are to report to Testbed in one month, just in time for the annual meeting, and in the meantime you review the overview of the GlobalCorp network.

Your first day in GlobalCorp Testbed, you get your office setup, move your things in place, and about the time you turn on your laptop, there is a knock on your door. It is Blue, the Chief Security Officer, who informs you that there is a meeting that you need to attend in a half an hour.
With your laptop in hand, you come to the meeting, and are introduced to everyone. Blue begins the meeting with a discussion on the current state of security in GlobalCorp.
"For several years now, we have constantly been spending more and more money on our network defense, and I feel confident that we are currently well defended." Blue, puts a picture on the wall projecting the image of the network, and then continues, "We have firewalls at each critical point, we have separate Internet access for our public systems, and all traffic is routed through our controlled access points. So, with all this, you might be wondering why I have concern."
At this point a few people seem to nod in agreement. For years, GlobalCorp has been at the forefront of perimeter defense and security. Most in the meeting are not aware that there is much else that could be done.
Blue continues, "Some of you know this, for the rest it is new news: MassiveCorp is moving their offices to the town right next to us here. Now, as you all know, MassiveCorp has been trying to build their orbital systems up to our standards for years and have never been able to do so. So, from a security point of view, I am concerned."
Blue responds, "I suggest trust. Not with MassiveCorp, but in our own systems. We must build trusted networks. We must migrate our network from one that is well-defended to one that is well-defended and one that allows us to trust all the network traffic."
The meeting continues for some time, with Blue leading the discussion on a whole new set of technologies currently not used in the network. After some time, it is agreed upon that GlobalCorp will migrate to a trusted networking environment.
The following week, Blue informs you that you will be working directly together on the development of the planning and design of the trusted network. The network is going to run a full PKI, with all clients and servers in the network using digital certificates. You are grateful that in the past two years, Blue has had all the systems changed to be running only Windows 2000, both server and professional systems, running Active Directory. You think the consistent platform will make the PKI roll out easier.
The entire GlobalCorp network is running Active Directory, with the domain structure as in the following list:
Testbed.globalcorp.org
Newyork.globalcorp.org
California.globalcorp.org
Japan.globalcorp.org
India.globalcorp.org
England.globalcorp.org
Although you will be working in the Testbed office, the plan you develop will need to include the entire GlobalCorp organization. Based on this information, select the solution that describes the best plan for the new trusted network of GlobalCorp:}
A. You design the plan for two weeks, and then you present it to Blue. Your plan follows these critical steps:
1.Draft a Certification Practice Statement (CPS) to define what users will be allowed to do with
their certificates, and a Certificate Policy (CP) to define the technology used to ensure the users
are able to use their certificates as per the CPS.
2.Draft a CPF based on your own guidelines, including physical and technology controls.
3.Design the system, outside of the executive office, to be a full hierarchy, with the Root CA for the
hierarchy located in the executive building. Every remote office will have a subordinate CA, and
every other building on the campus in Testbed will have a subordinate CA.
4.In the executive building, you design the system to be a mesh CA structure, with one CA per
floor of the building.
5.Design the hierarchy with each remote office and building having it own enrollment CA.
6.Build a small test pilot program, to test the hierarchy, and integration with the existing network.
7.Implement the CA hierarchy in the executive office, and get all users acclimated to the system.
8.Implement the CA hierarchy in each other campus building in Testbed, and get all users
acclimated to the system.
9.One at a time, implement the CA hierarchy in each remote office; again getting all users
acclimated to the system.
10.Test the team in each location on proper use and understanding of the overall PKI and their
portion of the trusted network.
11.Evaluate the rollout, test, and modify as needed to improve the overall security of the
GlobalCorp trusted network.
B. You design the plan for two weeks, and then you present it to Blue. Your plan follows these critical steps:
1.Draft a Certification Practice Statement (CPS) to define what users will be allowed to do with
their certificates, and a Certificate Policy (CP) to define the technology used to ensure the users
are able to use their certificates as per the CPS.
2.Draft a CPF based on your own guidelines, including physical and technology controls.
3.Design the system to be a full mesh, with the Root CA located in the executive building.
4.Design the mesh with each remote office and building having it own Root CA.
5.Build a small test pilot program, to test the hierarchy, and integration with the existing network.
6.Implement the CA mesh in the executive office, and get all users acclimated to the system.
7.Implement the CA mesh in each other campus building in Testbed, and get all users acclimated
to the system.
8.One at a time, implement the CA mesh in each remote office; again getting all users acclimated
to the system.
9.Test the team in each location on proper use and understanding of the overall PKI and their
portion of the trusted network.
10.Evaluate the rollout, test, and modify as needed to improve the overall security of the
GlobalCorp trusted network.
C. You design the plan for two weeks, and then you present it to Blue. Your plan follows these critical steps:
1.Draft a Certification Practice Statement (CPS) to define what users will be allowed to do with
their certificates, and a Certificate Policy (CP) to define the technology used to ensure the users
are able to use their certificates as per the CPS.
2.Draft a CPF based on your own guidelines, including physical and technology controls.
3.Design the system to be a full hierarchy, with the Root CA located in the executive building.
Every remote office will have a subordinate CA, and every other building on the campus in
Testbed will have a subordinate CA.
4.Design the hierarchy with each remote office and building having it's own enrollment CA.
5.Build a small test pilot program, to test the hierarchy, and integration with the existing network.
6.Implement the CA hierarchy in the executive office, and get all users acclimated to the system.
7.Implement the CA hierarchy in each other campus building in Testbed, and get all users
acclimated to the system.
8.One at a time, implement the CA hierarchy in each remote office; again getting all users
acclimated to the system.
9.Test the team in each location on proper use and understanding of the overall PKI and their
portion of the trusted network.
10.Evaluate the rollout, test, and modify as needed to improve the overall security of the
GlobalCorp trusted network.
D. You design the plan for two weeks, and then you present it to Blue. Your plan follows these critical steps:
1.Draft a Certificate Policy (CP) document to define what users will be allowed to do with their
certificates, and a Certification Practice Statement (CPS) document to define the technology used
to ensure the users are able to use their certificates as per the CPS.
2.Draft a Certificate Practices Framework (CPF) document based on RFC 2527, including every
primary component.
3.Design the system to be a full hierarchy, with the Root CA located in the executive building.
Every remote office will have a subordinate CA, and every other building on the campus in
Testbed will have a subordinate CA.
4.Design the hierarchy with each remote office and building having it own enrollment CA.
5.Build a small test pilot program, to test the hierarchy, and integration with the existing network.
6.Implement the CA hierarchy in the executive office, and get all users acclimated to the system.
7.Implement the CA hierarchy in each other campus building in Testbed, and get all users
acclimated to the system.
8.One at a time, implement the CA hierarchy in each remote office; again getting all users
acclimated to the system.
9.Test the team in each location on proper use and understanding of the overall PKI and their
portion of the trusted network.
10.Evaluate the rollout, test, and modify as needed to improve the overall security of the
GlobalCorp trusted network.
E. You design the plan for two weeks, and then you present it to Blue. Your plan follows these critical steps:
1.Draft a Certificate Policy (CP) document to define what users will be allowed to do with their
certificates, and a Certification Practice Statement (CPS) document to define the technology used
to ensure the users are able to use their certificates as per the CPS.
2.Draft a Certificate Practices Framework (CPF) document based on RFC 2527, including every
primary component.
3.Design the system to be a full mesh, with the Root CA located in the executive building.
3.Design the system to be a full mesh, with the Root CA located in the executive building.
4.Design the mesh with each remote office and building having it own Root CA.
5.Build a small test pilot program, to test the hierarchy, and integration with the existing network.
6.Implement the CA mesh in the executive office, and get all users acclimated to the system.
7.Implement the CA mesh in each other campus building in Testbed, and get all users acclimated
to the system.
8.One at a time, implement the CA mesh in each remote office; again getting all users acclimated
to the system.
9.Test the team in each location on proper use and understanding of the overall PKI and their
portion of the trusted network.
10.Evaluate the rollout, test, and modify as needed to improve the overall security of the
GlobalCorp trusted network.
正解：D

質問 2：
You have now been involved in several major changes in the security of GlobalCorp, and specifically the Testbed campus. You have worked on the planning and design of the trusted network, you have worked on the initial rollout of the CA hierarchy, you have worked on assigning certificates to the end users and computers in the Executive building of the Testbed campus, and you have managed the implementation of secure email a critical service for GlobalCorp.
Blue has asked you to meet with the other administrative staff of the Testbed campus and discuss how the certificates will impact the organization. There are a total of about 40 people in the meeting, and you have decided that your primary focus during this meeting will be on encryption\cryptography.
Choose the best solution for providing the correct information to your administrative staff on how encryption\cryptography and digital certificates will be properly used in the network:}
A. You gather the administrative staff together in the conference room to discuss cryptography in the network. You begin your talk with the function of cryptography, in general, and then you move towards specific implementations in the GlobalCorp network.
You explain that public key cryptography is founded on math, and that the big picture fundamental point is that UserA and UserB have a set of mathematically linked keys. You explain that one key of each key pair is made available to the other users in the network. You illustrate this with an example of sending an encrypted message from UserA to UserB.
"We know, for example, that UserA wishes to send a message to UserB and wants that message to be secure. UserA will use the private key that UserB has made available to encrypt the message. Once encrypted, UserA will send the message over the network to UserB. UserB will then use the other key of the pair, the public key to decrypt the message," you explain to the group.
You further explain some of the common algorithms used in the network. You tell them that RSA was the first widely used private key algorithm, and that RSA itself is not used to secure messages, rather to exchange a symmetric key. You explain that Diffie-Hellman was another breakthrough in that it was a private key algorithm that was able to secure messages.
You then describe digital certificates and some of their features. You tell the group that digital certificates can be assigned to different entities, including users and computers. You state that these digital certificates include many options, for example an Issuer Field that holds the distinguished name of the entity that issued the certificate, and a Subject Field that holds the distinguished name of the person who has the private key that corresponds to the public key in the certificate.
B. You gather the administrative staff together in the conference room to discuss cryptography in the network. You begin your talk with the function of cryptography, in general, and then you move towards specific implementations in the GlobalCorp network.
You explain that public key cryptography is founded on math, and that the big picture fundamental point is that UserA and UserB have a set of mathematically linked keys. You explain that one key of each key pair is made available to the other users in the network. You illustrate this with an example of sending an encrypted message from UserA to UserB.
"We know, for example, that UserA wishes to send a message to UserB and wants that message to be secure. UserA will use the public key that UserB has made available to encrypt the message. Once encrypted, UserA will send the message over the network to UserB. UserB will then use the other key of the pair, the private key to decrypt the message," you explain to the group.
You further explain some of the common algorithms used in the network. You tell them that RSA was the first widely used private key algorithm, and that RSA itself is not used to secure messages, rather to exchange a symmetric key. You explain that Diffie-Hellman was another breakthrough in that it was a private key algorithm that was able to secure messages.
You then describe digital certificates and some of their features. You tell the group that digital certificates can be assigned to different entities, including users and computers. You state that these digital certificates include many options, for example an Issuer Field that holds the distinguished name of the entity that issued the certificate, and a Subject Field that holds the distinguished name of the person who has the private key that corresponds to the public key in the certificate.
C. You gather the administrative staff together in the conference room to discuss cryptography in the network. You begin your talk with the function of cryptography, in general, and then you move towards specific implementations in the GlobalCorp network.
You explain that public key cryptography is founded on math, and that the big picture fundamental point is that UserA has a pair of keys and UserB has a pair of keys. You explain that one key of each key pair is made available to the other users in the network. You illustrate this with an example of sending an encrypted message from UserA to UserB.
"We know, for example, that UserA wishes to send a message to UserB and wants that message to be secure. UserB will use the public key that UserA has made available to encrypt the message. Once encrypted, UserB will send the message over the network to UserA. UserA will then use the other key of the pair, the private key to decrypt the message," you explain to the group.
You further explain some of the common algorithms used in the network. You tell them that Diffie-Hellman was the first widely used private key algorithm, and that Diffie-Hellman itself is not used to secure messages, rather to exchange a symmetric key. You explain that RSA was another breakthrough in that it was a private key algorithm that was able to secure messages.
You then describe digital certificates and some of their features. You tell the group that digital certificates can be assigned to different entities, including users and computers. You state that these digital certificates include many options, for example an Issuer Field that holds the distinguished name of the entity that issued the certificate, and a Subject Field that holds the distinguished name of the person who has the private key that corresponds to the public key in the certificate.
D. You gather the administrative staff together in the conference room to discuss cryptography in the network. You begin your talk with the function of cryptography, in general, and then you move towards specific implementations in the GlobalCorp network.
You explain that public key cryptography is founded on math, and that the big picture fundamental point is that UserA and UserB have a set of mathematically linked keys. You explain that one key of each key pair is made available to the other users in the network. You illustrate this with an example of sending an encrypted message from UserA to UserB.
"We know, for example, that UserA wishes to send a message to UserB and wants that message to be secure. UserA will use the private key that UserB has made available to encrypt the message. Once encrypted, UserA will send the message over the network to UserB. UserB will then use the other key of the pair, the public key to decrypt the message," you explain to the group.
You further explain some of the common algorithms used in the network. You tell them that RSA was the first widely used private key algorithm, and that RSA itself is not used to secure messages, rather to exchange a symmetric key. You explain that Diffie-Hellman was another breakthrough in that it was a private key algorithm that was able to secure messages.
You then describe digital certificates and some of their features. You tell the group that digital certificates can be assigned to different entities, including users and computers. You state that these digital certificates include many options, for example an Issuer Field that holds the distinguished name of the person who issued the certificate, and a Subject Field that holds the full OIDs describing the use of the certificate by the holder of the certificate.
E. You gather the administrative staff together in the conference room to discuss cryptography in the network. You begin your talk with the function of cryptography, in general, and then you move towards specific implementations in the GlobalCorp network.
You explain that public key cryptography is founded on math, and that the big picture fundamental point is that UserA has a pair of keys and UserB has a pair of keys. You explain that one key of each key pair is made available to the other users in the network. You illustrate this with an example of sending an encrypted message from UserA to UserB.
"We know, for example, that UserA wishes to send a message to UserB and wants that message to be secure. UserA will use the public key that UserB has made available to encrypt the message. Once encrypted, UserA will send the message over the network to UserB. UserB will then use the other key of the pair, called the private key, to decrypt the message," you explain to the group.
You further explain some of the common algorithms used in the network. You tell them that Diffie-Hellman was the first widely used public key algorithm, and that Diffie-Hellman itself is not used to secure messages, rather to exchange a symmetric key. You explain that RSA was another breakthrough in that it was a public key algorithm that was able to secure messages.
You then describe digital certificates and some of their features. You tell the group that digital certificates can be assigned to different entities, including users and computers. You state that these digital certificates include many options, for example an Issuer Field that holds the distinguished name of the entity that issued the certificate, and a Subject Field that holds the distinguished name of the person who has the private key that corresponds to the public key in the certificate.
正解：E

質問 3：
It has been quite some time since you were called in to address the network and security needs of MegaCorp. You feel good in what you have accomplished so far. You have been able to get MegaCorp to deal with their Security Policy issue, you have secured the router, added a firewall, added intrusion detection, hardened the Operating Systems, and more.
One thing you have not done however, is run active testing against the network from the outside. This next level of testing is the final step, you decide, in wrapping up this first stage of the new MegaCorp network and security system. You setup a meeting with the CEO to discuss.
"We have only one significant issue left to deal with here at MegaCorp," you begin. We need some really solid testing of our network and our security systems."
"Sounds fine to me, don't you do that all the time anyway? I mean, why meet about this?"
"Well, in this case, I'd like to ask to bring in outside help. Folks who specialize in this sort of thing. I can do some of it, but it is not my specialty, and the outside look in will be better and more independent from an outside team."
"What does that kind of thing cost, how long will it take?"
"It will cost a bit of money, it won't be free, and with a network of our size, I think it can be done pretty quick. Once this is done and wrapped up, I will be resigning as the full time security and network pro here. I need to get back to my consulting company full time. Remember, this was not to be a permanent deal. I can help you with the interview, and this is the perfect time to wrap up that transition."
"All right, fair enough. Get me your initial project estimates, and then I can make a more complete decision. And, Il get HR on hiring a new person right away."
Later that afternoon you talk to the CEO and determine a budget for the testing. Once you get back to your office, you are calling different firms and consultants, and eventually you find a consulting group that you will work with.
A few days later you meet with the group in their office, and you describe what you are looking for, and that their contact and person to report to is you. They ask what is off limits, and your response is only that they cannot do anything illegal, to which they agree and point out is written in their agreement as well.
With this outside consulting group and your knowledge of the network and company, review and select the solution that will best provide for a complete test of the security of MegaCorp.}
A. The consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.
The consultants have decided on a direct strategy. They will work inside the MegaCorp office, with the group introducing themselves to the employees. They will directly interview each employee, and perform extensive physical security checks of the network.
They will review and provide analysis on the security policy, and follow that with electronic testing. They will run a single very robust vulnerability scanner on every single client and server in the network, and document the findings of the scan.
B. The consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.
The consultants surprise you with their initial strategy. They intend to spend nearly 100% of their efforts over the first week on social engineering and other physical techniques, using little to no technology. They have gained access to the building as a maintenance crew, and will be coming into the office every night when employees are wrapping up for the day.
All of their testing will be done through physical contact and informal questioning of the employees. Once they finish that stage, they will run short and direct vulnerability scanners on the systems that they feel will present weakness.
C. The consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.
The consultants will first run remote network surveillance to identify hosts, followed by port scans and both passive and active fingerprinting. They will then run vulnerability scanners on the identified systems, and attempt to exploit any found vulnerabilities.They will next scan and test the router and firewall, followed by testing of the IDS rules.
They will then perform physical surveillance and dumpster diving to learn additional information. This will be followed by password sniffing and cracking. Finally, they will call into MegaCorp to see what information they can learn via social engineering.
D. The consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.
The consultants will start the process with remote network surveillance, checking to see what systems and services are available remotely. They will run both passive and active fingerprinting on any identified system. They will run customized vulnerability scanners on the identified systems, and follow that through with exploits, including new zero-day exploits they have written themselves.
They will next run scans on the router, firewall, and intrusion detection, looking to identify operating systems and configurations of these devices. Once identified, they will run customized scripts to gain access to these devices. Once they complete the testing on the systems, they will dumpster dive to identify any leaked information.
E. The consulting group has identified the steps it will follow in testing the network. You have asked to be kept up to date, and given an approximate schedule of events. You intend to follow along with the test, with weekly reports.
The first thing the consultants will do is dumpster diving and physical surveillance, looking for clues as to user information and other secret data that should not be outside of the network. Once they have identified several targets through the dumpster diving, they will run scans to match up and identify the workstations for those users.
After identifying the user workstations, they will run vulnerability checks on the systems, to find holes, and if a hole is found they have been given permission to exploit the hole and gain access of the system.
They will attempt to gain access to the firewall and router remotely, via password guessing, and will test the response of the network to Denial of Service attacks. Finally, they will call into MegaCorp to see what information they can learn via social engineering.
正解：C

質問 4：
Things have been running smoothly now at GlobalCorp for the last several weeks. There have been no major attacks, and it seems that the systems in place are performing just as expected.
You are putting together some paperwork when you get a call from Orange to meet in the conference room.
When you get there, Orange is wrapping up a meeting with the senior Vice President of Sales, whom you say hello to on your way in.
"I was just talking with our senior VP here, and we're run into a new issue to discuss," Orange tells you.
"Wel Il let you two sort this out. Orange, do let me know when it all ready to go." With that the VP leaves.
You sit down across from Orange, who starts, "That was an interesting meeting. It seems that even though I have always said no to the request, we are being pressured to implement a wireless network."
"Here?" you ask, "In the executive building?"
"Yes, right here. The sales team wishes to have the ability to be mobile. Instead of running a full scale roll out I have trimmed the request down to running a test implementation on the second floor. The test run on that floor will be used to determine the type of wireless rollout for the rest of the building, and eventually the rest of the campus. So, here is what we need to do. I need you to create the roll out plan, and bring that plan to me. Il review with you and implement as required."
"As always, what is my budget restriction?" you ask.
"In this case, security is the top priority. If we are going to run wireless, it has to be as secure as possible, use whatever you need. That being said, your plan has to use existing technologies, we are not going to fund the development of a new protocol or proprietary encryption system right now."
You begin your work on this problem by pulling out your own wireless networking gear. You have a laptop that uses an ORiNOCO card, and you have a full directional antenna that you can hold or mount on a small tripod. You take your gear to the lobby of the second floor, and you load up NetStumbler quickly to run a quick check that there are no access points in your area.
The immediate area is clear of any signal, so you take you gear and walk the entire second floor, waiting to see if there is any signal, and you find none. With your quick walk through complete, you take your gear back to your office and start working on your plan.
Using your knowledge of the GlobalCorp network, select the best solution to the wireless networking rollout problem:}
A. You have figured out that since the network is a test roll out, you have some flexibility in its configuration. After your walk through test, you begin by configuring the wireless nodes in the network to run in Ad Hoc mode, creating an Independent Basic Service Set (IBSS).
You will use a complex SSID of 5cN@4M3! on all wireless nodes. You will next configure every node to no longer broadcast any beacon packets. You will configure all the nodes to not use the default channel, and instead move them all to channel six.
You will configure every node to use MAC address filtering, to avoid unauthorized nodes from attempting to gain access to the network. Finally, you will configure each node to use WEP in the strong 128-bit mode, along with a complex 16-character passphrase.
Once the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access.
B. You figure out that you will run the test network in infrastructure mode, using a SSID of GlobalCorp. You will create one single Basic Service Set (BSS), all running through one access point. All test nodes will be configured to participate in the BSS, using the SSID of GlobalCorp, and the access point will be configured with MAC address filtering of the test nodes.
You will configure the access point to utilize a combination of 802.1x and WPA. The WPA settings will be fully secured with TKIP, and 128-bit keys, which change on a per session basis. The 802.1x settings will be to use Lightweight EAP (LEAP). The clients will be configured to use LEAP, with a fallback to TKIP at 128-bits.
You will configure the access point to utilize a combination of 802.1x and WPA. The WPA settings will be fully secured with TKIP, and 128-bit keys, which change on a per session basis. The 802.1x settings will be to use Lightweight EAP (LEAP). The clients will be configured to use LEAP, with a fallback to TKIP at 128-bits.
When the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access. You will continue the test by running checks from the parking lot, ensuring that you cannot gain access.
C. You determine that for the test network, you will run in infrastructure mode, using a SSID of FLOOR2. During the test, you will create one single Independent Basic Service Set (IBSS), running through one access point. All test nodes will be configured to participate in the IBSS, using the SSID of FLOOR2.
You will configure the access point to use WPA, with an algorithm of TKIP. You will configure WPA to utilize the full 128-bit key option, with the pre-shared WPA key option. The client computers will need supplicants, so you will configure the Funk Software Odyssey Client on the clients, matching the key settings and TKIP settings.
You will disable the access point from broadcasting its SSID, and you will configure MAC address filtering.
Once the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access.
D. You determine that for the test network, you will run the network in infrastructure mode, using a SSID of FLOOR2. During the test, you will create one single Basic Service Set (BSS), running through one access point. All test nodes will be configured to participate in the BSS, using the SSID of FLOOR2, and the access point will be configured with MAC address filtering of the test nodes.
You will configure the access point to use EAP, specifically EAP-TLS. You will configure a Microsoft RADIUS Server as the authentication server. You will configure the RADIUS server with a digital certificate. Using EAP-TLS, both the server and the client will be required to authenticate using their digital certificates before full network access will be granted. Clients will have supplicant software configured where required.
You will next make a physical map of the office, using the tool Ekahau. Working with this tool, you will map out and track the positioning of each wireless device once the network is active.
When the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access. You will continue the test by running checks from the parking lot, ensuring that you cannot gain access.
E. You have figured out that since the network is a test roll out, you have some flexibility in its configuration. After your walk through test, you begin by configuring the wireless nodes in the network to run in Ad Hoc mode, creating an Extended Basic Service Set (EBSS).
You will use a complex SSID of 5cN@4M3! on all wireless nodes. You will next configure every node to no longer broadcast any beacon packets. You will configure all the nodes to not use the default channel, and instead move them all to channel six.
You will configure every node to use MAC address filtering, to avoid unauthorized nodes from attempting to gain access to the network. Finally, you will configure each node to use WEP in the strong 128-bit mode, along with a complex 16-character passphrase for generating four keys. You will manually input the WEP Keys into each node. You will divide the test nodes into quarters, and configure each quarter to startup on the network using a different default WEP key.
Once the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access.
正解：D