PrepAway - Latest Free Exam Questions & Answers

Category: 70-299 (v.1)

Exam 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network

You need to create a single group named Help Desk that contains all help desk department user accounts …

You are a security administrator for your company. The network consists of an Active Directory forest that contains two domains. The domains are named treyresearch.com and litwareinc.com. All Active Directory domains are running at a Windows Server 2000 mixed mode functionality level.

Employees in the help desk department need to modify certain attributes of employee user accounts that reside in the treyresearch.com domain. The help desk department user accounts reside in the litwareinc.com domain.

You need to create a single group named Help Desk that contains all help desk department user accounts and that can be granted access to modify the employee user accounts in the treyresearch.com domain. What should you do?

Which three actions should you perform to configure IPSec? (Each correct answer presents part of the solution

You are a security administrator for your company. The network consists of a perimeter network that is configured as shown in the exhibit. (Refer to the Exhibit.)

All computers in the perimeter network run Windows Server 2003. The company’s written security policy states the following: All computers must pass a security inspection before they are placed in the perimeter network. Only computers that pass inspection are permitted to communicate with firewalls or other computers that pass inspection. All communication in the perimeter network is inspected by a networ based intrusion-detection system (IDS). Communication between computers in the perimeter network must use the strongest possible authentication methods.You decide to deploy IPSec in the perimeter network to enforce the written security policy. You enable IPSec on the firewall computers.

You need to plan IPSec configuration for the Windows Server 2003 computers so that it meets the written security policy. Which three actions should you perform to configure IPSec? (Each correct answer presents part of the solution. Choose three.)

You need to ensure that users from the domain can successfully establish a VPN connection to Server3

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains three member servers named Server1, Server2, and Server3.

The three member servers are connected to the Internet. You plan to implement remote access to the company network for users that work from home. You configure and enable Routing and Remote Access on Server1 and Server2. An assistant, who is an administrator on all member servers, configures and enables Routing and Remote Access on Server3. Users from the domain can successfully establish VPN connections from the lnternet to Server1 and Server2. However, users cannot establish a VPN connection to Server3. You discover that Server3 can only authenticate Internet VPN connections from local user accounts.

You need to ensure that users from the domain can successfully establish a VPN connection to Server3. What should you do?

You need to ensure that all computers in Segment B automatically install security patches

You are the security administrator for your company. The network consists of two segments named Segment A and Segment B. The client computers on the network run Windows XP Professional. The servers run Windows Server 2003.

Segment A contains a single server named Server1. Segment B contains all other computers, including a server named Server2. The company’s written security policy states that Segment B must not be connected to the lnternet. Segment A is allowed to connect to the lnternet. There is no network connection between Segment A and Segment B. You can copy files from Segment A to Segment B only by using a CD-ROM to transport the files between the two segments. The network topology is displayed in the exhibit. (Refer to the Exhibit.)

You are planning a patch management infrastructure. On Segment B, you install Software Update Services (SUS) on Server2. You configure Automatic Updates on all computers in Segment B to use http://Server2 and to install security patches.

You need to ensure that all computers in Segment B automatically install security patches. What should you do?

You need to prevent users from running VBS files regardless of how they arrive on client computers

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.

The company occasionally experiences downtime because of malicious lnternet worms that arrive as Microsoft Visual Basic Scripting Edition (VBS) files. You examine several client computers and discover that VBS files are downloaded by using Microsoft Outlook, instant messaging, or peer-to-peer file sharing programs.

You need to prevent users from running VBS files regardless of how they arrive on client computers. What should you do?

You need to select an appropriate certification authority (CA) to serve as the issuer for your Web server SSL

You are a security administrator for your company. The network contains a Windows Server 2003 computer that runs IIS.

You use this server to host an lnternet Web site for customer product purchasing. You plan to use SSL on this server. You do not want customers to receive a certificate-related security alert when they use SSL to connect to your Web site.

You need to select an appropriate certification authority (CA) to serve as the issuer for your Web server SSL certificate. What should you do?

You need to create a single group named Help Desk that contains all help desk department user accounts …

You are a security administrator for your company. The network consists of an Active Directory forest that contains two domains. The domains are named treyresearch.com and litwareinc.com. All Active Directory domains are running at a Windows Server 2000 mixed mode functionality level.

Employees in the help desk department need to modify certain attributes of employee user accounts that reside in the treyresearch.com domain. The help desk department user accounts reside in the litwareinc.com domain.

You need to create a single group named Help Desk that contains all help desk department user accounts and that can be granted access to modify the employee user accounts in the treyresearch.com domain. What should you do?

Which three rules should you include in your software restriction policy? (Each correct answer presents part o

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.

You manage the network by using a combination of Group Policy objects (GPOs) and scripts. File names for scripts have the .Vbs file name extension. Scripts are stored in a shared folder named Scripts on a server named Server1. Users report that they accidentally run scripts that are received through e-mail and the lnternet. They further report that these scripts cause problems with their client computers and often delete or change files. You discover that these scripts have .wsh, .wsf, .Vbs, or .vbe file name extensions. You decide to use software restriction policies to prevent the use of unauthorized scripts. You need to configure a software restriction policy for your network.

You want to achieve this goal without affecting management of your network. Which three rules should you include in your software restriction policy? (Each correct answer presents part of the solution. Choose three.)

You need to protect sales documents from being intercepted by unauthorized users

You are a security administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network is configured as shown in the Network Diagram exhibit. (Refer to the Exhibit.)

Users in the sales department use portable computers that are not connected to the company network. Each week sales users travel to the company’s main office and connect to the IEEE 802.11b wireless LAN (WLAN). The WLAN is configured as shown in the Wireless Configuration exhibit. (Refer to the Exhibit.) The WLAN hardware does not support IEEE 802.1x. Once a Week, sales users connect to the WLAN to retrieve confidential sales documents from file servers on the network.

You discover that unauthorized users intercepted data in sales documents while the documents were transmitted over the WLAN. You need to protect sales documents from being intercepted by unauthorized users. What should you do?

You need to ensure that all computers in Segment B automatically install security patches

You are the security administrator for your company. The network consists of two segments named Segment A and Segment B. The client computers on the network run Windows XP Professional. The servers run Windows Server 2003.

Segment A contains a single server named Server1. Segment B contains all other computers, including a server named Server2. The company’s written security policy states that Segment B must not be connected to the lnternet. Segment A is allowed to connect to the lnternet. There is no network connection between Segment A and Segment B. You can copy files from Segment A to Segment B only by using a CD-ROM to transport the files between the two segments. The network topology is displayed in the exhibit. (Click the Exhibit button.)

You are planning a patch management infrastructure. On Segment B, you install Software Update Services (SUS) on Server2. You configure Automatic Updates on all computers in Segment B to use http://Server2 and to install security patches.

You need to ensure that all computers in Segment B automatically install security patches. What should you do?


Page 1 of 712345...Last »