SCP Exam SC0-502 Topic 2 Question 19 Discussion

Actual exam question for SCP's SC0-502 exam

Question #: 19
Topic #: 2

You go back through your notes to the day that you recommended that the company get a firewall in place. Purple had been convinced that the ISP protected the network, and that a firewall was too much technology on top of the router. Now that you have been given this responsibility, and since you have configured the router already, you wish to get the firewall in place as quickly as possible. You meet quickly with the CEO and mention that the network currently has no firewall, a serious problem. You inform the CEO that this must be fixed immediately, and that you have several firewall options. For this one instance, the CEO tells you to build the best solution; the decision is not oing to be based on direct cost. ased on your knowledge of and the information you have from MegaCorp, elect the best solution to the rganization firewall problem:} A. You decide to take advantage of the features of Microsoft ISA Server and Checkpoint NG. You implement wo firewalls, each with two network cards. From one Ethernet nterface of the outer, you connect to a Checkpoint firewall, and from the other Ethernet interface on the router, you connect to Microsoft ISA firewall. he Checkpoint firewall is connected via one NIC to the router, and the other NIC is nnected to the Web and TP Server. The Microsoft ISA Server is connected via one NIC o he router nd the other NIC is connected to the LAN switch. ou perform the following steps and configurations to setup the firewalls:

1.First, you configure the IP Address on both network cards of both firewalls.

2.Second, you select the Floodgate-1, SMART Clients, and Policy Server as the only components to install and omplete the installation of Checkpoint.

3.Third, you configure the Checkpoint firewall so only Web and FTP traffic are allowed inbound.

4.Fourth, you select the Cache Mode option during the install of ISA Server and complete the installation of icrosoft ISA Server. 5.Fifth, you allow all outbound traffic through the ISA Server. 6.Sixth, you allow only inbound traffic through the ISA Server that is in response to outbound requests.

BAfter analysis, you decide to implement a firewall using Checkpoint NG. You begin by installing a new achine, with a fresh hard drive, and the loading of NG. The new irewall will have our NICs. You connect the two Ethernet interfaces on the routers to two f the firewall NICs. You connect one irewall NIC to the Web and FTP server and one firewall NIC to the LAN witch. ou perform the following steps and configurations to setup the firewall:
.First, you configure the IP Addresses on all four network cards of the heckpoint firewall. 2.Second, you select only the VPN-1 Firewall-1 components to install and complete the installation of heckpoint. 3.Third, you configure the only new inbound network traffic to be destined for the WWW and FTP services on he Web and FTP server 4.Fourth, you block all other incoming traffic. 5.Fifth, you create anti-spoofing rules to block inbound traffic that might be spoofed.
6.Sixth, you configure all traffic to be allowed in the outbound direction C. After you analyze the network, you have decided that you are going to implement a firewall using icrosoft ISA Server. The new firewall will have four NICs. You connect he wo Ethernet nterfaces on the routers to two of the firewall NICs. You connect one NIC to he Web and FTP server and one IC to the LAN switch. ou perform the following steps and configurations to setup the firewall:
1.First, you format a new hard drive and install a new copy of Windows 2000 Server. 2.Second, you configure the correct IP Addresses on the four network cards. 3.Third, you install ISA Server into Firewall only mode, and complete the installation. 4.Fourth, you configure all inbound traffic to require the SYN flag to be set, all other inbound network traffic is enied 5.Fifth, you configure the network card towards the Web and FTP server will only allow ports 80, 20, and 21. 6.Sixth, you configure all outbound traffic to be allowed.

DAfter you run an analysis on the network and the MegaCorp needs, you decide to implement a firewall sing Checkpoint NG. The firewall will have three NICs. One NIC is onnected to the uter, one NIC is connected to the Web and FTP server and one NIC is connected to the AN switch. ou perform the following steps and configurations to setup the firewall:
1.First, you install a new version of Checkpoint NG, selecting the VPN-1 and Firewall-1 components, and omplete the installation. 2.Second, you configure the inbound rules to allow only SYN packets that are destined for ports 80, 20, and 21 n the Web and FTP server. 3.Third, you disallow all inbound traffic for he internal network, unless it is in response to an outbound equest. 4.Fourth, you configure anti-spoofing rules on the inbound interface and log those connections to a log server.

EAfter you analyze the company, you decide to implement a firewall using Microsoft ISA Server. You create DMZ with the Web and FTP server on the network segment etween the router nd the new firewall. The firewall will have two NICs, one connected to the router, and one connected to the LAN switch. ou perform the following steps and configurations to setup the firewall:
First, you install a new version of ISA Server, installed in Firewall mode.
2.Second, you configure the inbound network card to disallow all network traffic that did not originate from nside the network or from the Web and FTP Server. 3.Third, you configure anti-spoofing rules to prevent spoofing attacks. 4.Fourth, you configure all outbound traffic to be allowed. 5.Fifth, you configure inbound traffic with the SYN flag on to be allowed, and to be logged to a SYSLOG erver inside the network.

Show Suggested Answer

Suggested Answer: D

by Howard at May 08, 2022, 10:27 AM

Limited Time Offer

25%

Off

Get Premium SC0-502 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!