|
- UID
- 126357
- 帖子
- 63
- 积分
- 538
- 威望
- 48 点
- A币
- 273 元
- 阅读权限
- 25
- 最后登录
- 2009-1-8
|
1#
发表于 2008-10-7 18:11
| 只看该作者
认证名称:Implementing and Administering Security in a Microsoft Windows Server 2003 Network
考题数目:55
价格:¥ 300
更新:2008-09-01
1.You are a security administrator for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All client computers run Windows XP Professional.
Eight Windows Server 2003 computers are members of the domain. These computers are used to store confidential files. They reside in a data center that only IT administration personnel have physical access to.
You need to restrict members of a group named Contractors from connecting to the file server computers. Allother employees require access to these computers.
What should you do
A. Apply a security template to the file server computers that assigns the Access this computer from the network right to the Domain Users group.
B. Apply a security template to the file server computers that assigns the Deny access to this computer from the net work right to the Contractors group.
C. Apply a security template to the file server computers that assigns the Allow log on locally right to the Domain Users group.
D. Apply a security template to the file server computers that assigns the Deny log on locally right to the Contractors group.
Answer B
2. You are a security administrator for your company. The network consists of a single Active Directory domain.
Four Windows Server 2003 computers run IIS and serve as Web servers on the Internet.
The company's written security policy states that computers that are accessible from the Internet must be hardened against attacks. The procedure for hardening computers includes disabling unnecessary services. You evaluate which services are necessary by using the following information about the Web servers Customers and business partners access Web content on the Web servers after they authenticate by using a user
name and password. To access certain parts of the site, some of these connections use the SSL protocol.
All software is installed locally on the Web servers by using removable media, except for service packs and security patches.
The Web servers automatically download service packs and security patches from an internal computer that runs Software Update Services (SUS).
The Web servers are not functioning as any other roles.
You need to create a security template for the Web servers that disables unnecessary services and allows necessary services to operate.
What should you do
To answer, drag the appropriate service startup types to the correct locations in the work area.
Answer
3. You are a security administrator for your company. The network consists of a single Active Directory domain.
Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows 2000 Professional. The latest operating system service pack is installed on each computer.
Thirty Windows Server 2003 computers are members of the domain and function as file servers. Client computers access files on these file servers over the network by using the Server Message Block (SMB) protocol. You are concerned about the possible occurrence of man-in-the-middle attacks during SMB communications.
You need to ensure that SMB communications between the Windows Server 2003 file servers and the client computers are cryptographically signed. The file servers must not communicate with client computers if the client computers cannot sign SMB communications. Client computers must be able to use unsigned SMB
communications with all other computers in the domain.
What should you do to configure the file servers
A. Apply a security template that enables the Microsoft network server Digitally sign communications (always) setting.
B. Apply a security template that enables the Microsoft network server Digitally sign communications (if client agrees) setting.
C. Apply a security template that enables the Domain member Digitally sign secure channel data (when possible)setting.
D. Apply a security template that enables the Domain member Digitally encrypt or sign secure channel data(always) setting.
Answer A
4. You are a security administrator for your company. The network consists of two Active Directory domains that are in separate Active Directory forests. No Active Directory trust relationships exist between the domains. All servers run Windows Server 2003. Client computers run either Windows XP Professional or Windows 2000Professional. All domain controllers run Windows Server 2003.
You discover that users in one domain can obtain a list of account names for users in the other domain. This capability allows unauthorized users to guess passwords and to access confidential data.
You need to ensure that account names can be obtained only by users of the domain in which the accounts reside.
Which two actions should you perform on the domain controllers (Each correct answer presents part of the solution. Choose two.)
A. Apply a security template that disables the Network access Allow anonymous SIDName translation setting.
B. Apply a security template that enables the Network access Do not allow anonymous enumeration of SAM accounts setting.
C. Apply a security template that enables the Network security Do not store LAN Manager hash value on next password change setting.
D. Apply a security template that sets the Domain controller LDAP server signing requirements setting to Require signing.
Answer A AND B
5. You are a security administrator for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All client computers run Windows 2000 Professional. Twenty Windows Server 2003 computers serve as domain controllers. Your organization uses only Active Directory integrated DNS.
The company's written security policy states that computers that contain employee user account names and passwords must be hardened against attacks. The procedure for hardening computers includes disabling unnecessary services. You are evaluating which services are necessary by using the following information about the domain controllers
Domain controllers do not function as Web servers, application servers, file servers, or print servers.
Service packs and security patches are manually installed on domain controllers from local media. Service packs and security patches are installed only by IT administrators.
All servers in the company are remotely managed by using a third-party program.
Printing is not allowed from the domain controllers.
Domain controllers do not run any IP routing protocols.
You need to create a security template to be applied to all domain controllers that disables unnecessary services while allowing necessary services to operate.
What should you do
To answer, drag the appropriate service startup types to the correct locations in the work area.
Answer
点击下载70-299考试题库预览部分(PDF格式)
|
|
