Which tool should you use?
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista.
You are planning a security update infrastructure. You need to perform a security survey of the people, technology, and business processes in your environment.
Which tool should you use?
You need to ensure that all computers receive security updates, and you must reduce bandwidth requirements
Your company# s network is geographically dispersed across regions and is connected by slow WAN network connections. All servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You are planning a security update infrastructure. You will deploy a Windows Server Update Services (WSUS) server to each network location. You need to ensure that all computers receive security updates, and you must reduce bandwidth requirements.
What should you do?
Which ports should you specify?
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. Client computers run Windows XP. Your network has multiple subnets.
You configure a server to run the Microsoft Baseline Security Analyzer (MBSA). You plan to create a Windows Firewall exception policy to allow remote scanning of security updates on all client computers.
You need to specify the ports that the policy must allow to open.
Which ports should you specify?
Which tool should you specify?
Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You are developing a plan to reduce the number of attack surfaces on various servers.
You have the following requirements:
Deploy changes by using Group Policy. Analyze the roles that are installed on a given server. Be able to automatically roll back any changes.
Disable any functionality that is not needed for the roles that are installed. You need to specify the security management tool that meets these requirements.
Which tool should you specify?
You need to enable the auditing of failed attempts to modify group objects for the developer team
Your company has an Active Directory directory service domain . All servers run Windows Server 2003. Your company has the following Active Directory objects:
An organizational unit (OU) named Dev Users that contains user accounts for all developer team members
An OU named Dev Groups that contains group objects for the developer team
A Group Policy object (GPO) named Secure Dev Users that is linked to the Dev Users OU
A GPO named Secure Dev Groups that is linked to the Dev Groups OU
You need to enable the auditing of failed attempts to modify group objects for the developer team.
What should you do?
You need to support certificate autoenrollment for smart cards
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You are planning a public key infrastructure (PKI) to issue smart card certificates.
You need to support certificate autoenrollment for smart cards.
What should you do first?
Which CA should you specify for your PKI?
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You are designing a public key infrastructure (PKI) that uses Certificate Services.
You need to specify a certification authority (CA) that will issue certificates automatically.
Which CA should you specify for your PKI?
Which two actions should you perform? (Each correct answer presents part of the solution
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You install an Enterprise root certification authority (CA). You create a child domain.
You add the computer account of the CA server to the Certificate Publishers Active Directory security group in the child domain. You need to ensure that all users in the child domain can enroll Computer certificates.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
You need to ensure that all users can get certificates
Your company has a single Active Directory directory service domain. You have a Stand-alone certification authority (CA). The URL for the CA# s certificate revocation list (CRL) Web server becomes invalid.
Users of certificates issued by the CA are unable to access the CRL. You need to ensure that all users can get certificates.
What should you do?
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution
Your company has a single Active Directory directory service domain. You have multiple member servers that run Windows Server 2003 SP2 and are configured as Enterprise certification authorities (CAs).
Your CAs accept auto-enrollment requests but do not issue new certificates. You ascertain that multiple Active Directory security groups are missing from the configuration. You need to create the security groups that are necessary to ensure that all users can auto-enroll.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)