In Windows 2003, there are four methods of implementing IPSec. They are:
1 – Require Security
2 – Request Security
3 – Respond Only
4 – No IPSec Policy
Your network hosts many servers, and different security policies are in place in different locations
in the network. The Clients and Servers in your network are configured as follows:
-You have servers numbered 1-9, which have a policy stating they require no network traffic
security.
-You have servers numbered 10-19, which have a policy stating they are not required to be
secure, but will encrypt network traffic if the client is able to receive it.
-You have servers numbered 20-29, which have a policy stating they are required to be secure
and all network traffic they deliver must be secured.
-You have clients numbered 60-79 that are required to access secure servers 20-29.
-You have clients numbered 80-99 that are not required to access secure servers 20-29, but are
required to access servers 1-9 and 10-19.
Based on the Client and Server configuration provided above, which of the following computers
must implement IPSec method 3?

You are the main person responsible for the security of a mid-sized company. To have control
over all the aspects of the security of the network, you study and analyze each component
thoroughly. Your network is running all Windows 2003 servers, and you are studying the logon
process. You know there are many components of the process, and are now at the point where
you are analyzing the Security Accounts Manager (SAM). What is the SAM?

You have recently introduced the users of your Windows 2003 Domain network to EFS, and the
company policy indicates that several users must take advantage of EFS for certain files. Since it
is new, you are concerned with EFS being implemented in ways not defined in the policy. Which
user account is, by default, the Recovery Agent, that can decrypt data if need be?

It has been decided that the network you manage will implement new Windows 2003 Servers,
using Active Directory. You are configuring several of the Active Directory objects in your Windows
2003 network.
What is used as the default security for these objects?

You have just finished installing new servers and clients in your office network. All the new client
machines are running Windows 2000 Professional, and the servers are running Windows Server
2003. You are now working on securing all user authentication related areas of the systems.
Where is user account information stored, both for the Domain and the local machine?

There are several clients of your network that require the ability to connect remotely. You are
using Internet Authentication Services (IAS) in Windows Server 2003 for security. What is IAS the
Windows implementation of?

You are going to use EFS to increase the security of the files and folders on your Windows Server
2003 systems in your network. You wish to have complete knowledge of the process of EFS, so
that you may manage any situations or problems that may arise. What is file data encrypted with

when using EFS?

The security policy of your organization defines what data is to be locally encrypted and what is
not to be. You are running Windows Server 2003, which allows for local encryption, and you have
data that has been secured. Which of the following is the correct command for decrypting a
subfolder named “March” under a folder named “Financials”?

You are making changes to your Windows Server 2003 file server, to increase security. You are
aware from your auditing that attackers have been trying to map your network and perform
reconnaissance. You wish to stop attackers from enumerating share names. What can you do to
stop this?

You have recently hired an assistant to help you with managing the security of your network. You
are currently running an all Windows Server 2003 environment, and are describing the issues
associated with sharing folders. You describe different shared folder permissions. Which of the
following describes the maximum abilities of the Read permission?