What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. All domain controllers and servers run Windows Server 2003. All computers are members of the domain.
The domain contains 12 database servers. The database servers are in an organizational unit (OU) named DBServers. The domain controllers and the database servers are in the same Active Directory site. You receive a security report that requires you to apply a security template named Lockdown.inf to all database servers as quickly as possible. You import Lockdown.inf into a Group Policy object (GPO) that is linked to the DBServers OU.
You need to ensure that the settings in the Lockdown.inf security template are applied to all database servers as quickly as possible. What should you do?
Which three rules should you include in your software restriction policy?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
You manage the network by using a combination of Group Policy objects (GPOs) and scripts. File names for scripts have the .Vbs file name extension. Scripts are stored in a shared folder named Scripts on a server named Server1. Users report that they accidentally run scripts that are received through e-mail and the lnternet. They further report that these scripts cause problems with their client computers and often delete or change files. You discover that these scripts have .wsh, .wsf, .Vbs, or .vbe file name extensions. You decide to use software restriction policies to prevent the use of unauthorized scripts. You need to configure a software restriction policy for your network.
You want to achieve this goal without affecting management of your network. Which three rules should you include in your software restriction policy? (Each correct answer presents part of the solution. Choose three.)
Which two additional actions should you perform to configure the GPO?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional.
The company’s written security policy states the following requirements: All access to files must be audited. File servers must be able to record all security events.You create a new Group Policy object (GPO) and filter it to apply to only file servers. You configure an audit policy to audit files and folders on file servers. You configure a system access control list (SACL) to audit the appropriate files.
You need to ensure that the GPO enforces the written security policy. Which two additional actions should you perform to configure the GPO? (Each correct answer presents part of the solution. Choose two.)
What are two possible ways to achieve this goal?
You are a security administrator for your company. Your company uses an accounting and payroll application. Twenty payroll clerks use the application to input data from their client computers to a database running on a Microsoft SQL Server 2000 computer named Server1.
You need to prevent unauthorized interception of the data as it travels over the company network. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
Eight Windows Server 2003 computers are members of the domain. These computers are used to store confidential files. They reside in a data center that only lT administration personnel have physical access to.
You need to restrict members of a group named Contractors from connecting to the file server computers. All other employees require access to these computers. What should you do?
What should you do to configure the file servers?
You are a security administrator for your company. The network consists of a single Active Directory domain. Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows 2000 Professional. The latest operating system service pack is installed on each computer.
Thirty Windows Server 2003 computers are members of the domain and function as file servers. Client computers access files on these file servers over the network by using the Server Message Block (SMB) protocol. You are concerned about the possible occurrence of man-in-the-middle attacks during SMB communications. You need to ensure that SMB communications between the Windows Server 2003 file servers and the client computers are cryptographically signed. The file servers must not communicate with client computers if the client computers cannot sign SMB communications.
Client computers must be able to use unsigned SMB communications with all other computers in the domain. What should you do to configure the file servers?
What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
One hundred users in your company are currently using an application named App1. App1 is stored in a folder on the hard disk of each user’s client computer. To secure App1, you create a new Group Policy object (GPO) named App1 Policy. The App1 Policy GPO contains a file system security policy that applies a custom DACL to App1.
You configure the DACL to assign All users only the Allow – Read permission. You filter the App1 Policy GPO to apply only to computers that have App1 installed. After you apply the App1 GPO, users immediately report that they receive an error message when they attempt to use App1. You delete the entry for App1 in the file system security policy. Users continue to report that they receive the same error message when they attempt to use App1.
You need to configure the network so that users can use App1. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?
What should you do?
You are a security administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional.
You install Software Update Services (SUS) on a server named Server1. The company’s written security policy states that all updates must be tested and approved before they are installed on network computers.
You need to ensure that SUS uses the minimum amount of disk space on Server1. What should you do?
What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows 2003 Server. All client computers run Windows XP Professional.
All computers are configured to use Automatic Updates to install updates without user intervention. Updates are scheduled to occur during o peak hours. During a security audit, you notice some client computers are not receiving updates on a regular basis. You verify that Automatic Updates is running on All client computers, and you verify that users cannot modify the Automatic Updates settings.
You need to ensure that computers on your network receive all updates. What should you do?
What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
There are 15 Windows Server 2003 computers that serve as domain controllers. For security reasons, you do not allow the domain controllers to access Web sites over the lnternet. You need to scan all of the domain controllers to identify which Microsoft security patches are not installed.
You want to achieve this goal by using the minimum amount of administrative effort and by successfully completing the scan of all domain controllers. What should you do?