SC0-502 資格取得 過去問 問題 1:
Certkiller is a company that makes state of the art aircraft for commercial and
government use. Recently Certkiller has been working on the next generation of low
orbit space vehicles, again for both commercial and governmental markets.
Certkiller has corporate headquarters in Testbed, Nevada, US
A. Testbed is a small
town, with a population of less than 50,000 people. Certkiller is the largest company
in town, where most families have at least one family member working there.
The corporate office in Testbed has 4,000 total employees, on a 40-acre campus
environment. The largest buildings are the manufacturing plants, which are right
next to the Research and Development labs. The manufacturing plants employee
approximately 1,000 people and the R&D labs employ 500 people. There is one
executive building, where approximately 500 people work. The rest of the employees
work in Marketing, Accounting, Press and Investor Relations, and so on. The entire
complex has a vast underground complex of tunnels that connect each building.
All critical functions are run from the Testbed office, with remote offices around the
world. The remote offices are involved in marketing and sales of Certkiller products.
These offices also perform maintenance on the Certkiller aircraft and will
occasionally perform R&D and on-site manufacturing.
There are 5 remote offices, located in: New York, California, Japan, India, and
England. Each of the remote offices has a dedicated T3 line to the Certkiller HQ,
and all network traffic is routed through the Testbed office - the remote offices do
not have direct Internet connections.
You had been working for two years in the New York office, and have been
interviewing for the lead security architect position in Testbed. The lead security
architect reports directly to the Chief Security Officer (CSO), who calls you to let
you know that you got the job. You are to report to Testbed in one month, just in
time for the annual meeting, and in the meantime you review the overview of the
Your first day in Certkiller Testbed, you get your office setup, move your things in
place, and about the time you turn on your laptop, there is a knock on your door. It
is Blue, the Chief Security Officer, who informs you that there is a meeting that you
need to attend in a half an hour.
With your laptop in hand, you come to the meeting, and are introduced to everyone.
Blue begins the meeting with a discussion on the current state of security in
"For several years now, we have constantly been spending more and more money
on our network defense, and I feel confident that we are currently well defended."
Blue, puts a picture on the wall projecting the image of the network, and then
continues, "We have firewalls at each critical point, we have separate Internet
access for our public systems, and all traffic is routed through our controlled access
points. So, with all this, you might be wondering why I have concern."
At this point a few people seem to nod in agreement. For years, Certkiller has been
at the forefront of perimeter defense and security. Most in the meeting are not
aware that there is much else that could be done.
Blue continues, "Some of you know this, for the rest it is new news: MassiveCorp is
moving their offices to the town right next to us here. Now, as you all know,
MassiveCorp has been trying to build their orbital systems up to our standards for
years and have never been able to do so. So, from a security point of view, I am
This is news to most people, Green, the Vice President of Research asks, "We have
the best in firewalls, we have the best in you and your systems, what are you
Blue responds, "I suggest trust. Not with MassiveCorp, but in our own systems. We
must build trusted networks. We must migrate our network from one that is
well-defended to one that is well-defended and one that allows us to trust all the
The meeting continues for some time, with Blue leading the discussion on a whole
new set of technologies currently not used in the network. After some time, it is
agreed upon that Certkiller will migrate to a trusted networking environment.
The following week, Blue informs you that you will be working directly together on
the development of the planning and design of the trusted network. The network is
going to run a full PKI, with all clients and servers in the network using digital
certificates. You are grateful that in the past two years, Blue has had all the systems
changed to be running only Windows 2000, both server and professional systems,
running Active Directory. You think the consistent platform will make the PKI roll
The entire Certkiller network is running Active Directory, with the domain
structure as in the following list:
Testbed. Certkiller .org
Newyork. Certkiller .org
California. Certkiller .org
Japan. Certkiller .org
India. Certkiller .org
England. Certkiller .org
Although you will be working in the Testbed office, the plan you develop will need
to include the entire Certkiller organization.
Based on this information, select the solution that describes the best plan for the
new trusted network of Certkiller :}
A. You design the plan for two weeks, and then you present it to Blue. Your plan follows
these critical steps:
1. Draft a Certification Practice Statement (CPS) to define what users will be allowed to
do with their certificates, and a Certificate Policy (CP) to define the technology used to
ensure the users are able to use their certificates as per the CPS.
2. Draft a CPF based on your own guidelines, including physical and technology
3. Design the system to be a full hierarchy, with the Root CA located in the executive
building. Every remote office will have a subordinate CA, and every other building on
the campus in Testbed will have a subordinate CA.
4. Design the hierarchy with each remote office and building having it's own enrollment