You are a security administrator for your company. The network consists of a single Active Directory domain. All domain controllers and servers run Windows Server 2003. All computers are members of the domain.

The domain contains 12 database servers. The database servers are in an organizational unit (OU) named DBServers. The domain controllers and the database servers are in the same Active Directory site. You receive a security report that requires you to apply a security template named Lockdown.inf to all database servers as quickly as possible. You import Lockdown.inf into a Group Policy object (GPO) that is linked to the DBServers OU.

You need to ensure that the settings in the Lockdown.inf security template are applied to all database servers as quickly as possible. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.

You manage the network by using a combination of Group Policy objects (GPOs) and scripts. File names for scripts have the .Vbs file name extension. Scripts are stored in a shared folder named Scripts on a server named Server1. Users report that they accidentally run scripts that are received through e-mail and the lnternet. They further report that these scripts cause problems with their client computers and often delete or change files. You discover that these scripts have .wsh, .wsf, .Vbs, or .vbe file name extensions. You decide to use software restriction policies to prevent the use of unauthorized scripts. You need to configure a software restriction policy for your network.

You want to achieve this goal without affecting management of your network. Which three rules should you include in your software restriction policy? (Each correct answer presents part of the solution. Choose three.)

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional.

The company’s written security policy states the following requirements: All access to files must be audited. File servers must be able to record all security events.You create a new Group Policy object (GPO) and filter it to apply to only file servers. You configure an audit policy to audit files and folders on file servers. You configure a system access control list (SACL) to audit the appropriate files.

You need to ensure that the GPO enforces the written security policy. Which two additional actions should you perform to configure the GPO? (Each correct answer presents part of the solution. Choose two.)

You are a security administrator for your company. Your company uses an accounting and payroll application. Twenty payroll clerks use the application to input data from their client computers to a database running on a Microsoft SQL Server 2000 computer named Server1.

You need to prevent unauthorized interception of the data as it travels over the company network. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)