You are a security administrator for your company. The network consists of a single Active Directory domain. Four Windows Server 2003 computers run IIS and serve as Web servers on the lnternet.
The company’s written security policy states that computers that are accessible from the lnternet must be hardened against attacks. The procedure for hardening computers includes disabling unnecessary services. You evaluate which services are necessary by using the following information about the Web servers: Customers and business partners access Web content on the Web servers after they authenticate by using a user name and password. To access certain parts of the site, some of these connections use the SSL protocol. All software is installed locally on the Web servers by using removable media, except for service packs and security patches. The Web servers automatically download service packs and security patches from an internal computer that runs Software Update Services (SUS). The Web servers are not functioning as any other roles.
You need to create a security template for the Web servers that disables unnecessary services and allows necessary services to operate. exhibit What should you do? To answer, drag the appropriate service startup types to the correct locations in the work area.
Drag and drop question. Drag the items to the proper locations.

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional.
Twenty Windows Server 2003 computers serve as domain controllers. Your organization uses only Active Directory integrated DNS. The company’s written security policy states that computers that contain employee user account names and passwords must be hardened against attacks. The procedure for hardening computers includes disabling unnecessary services. You are evaluating which services are necessary by using the following information about the domain controllers: Domain controllers do not function as Web servers, application servers, file servers, or print servers. Service packs and security patches are manually installed on domain controllers from local media. Service packs and security patches are installed only by IT administrators. All servers in the company are remotely managed by using a third-party program. Printing is not allowed from the domain controllers. Domain controllers do not run any IP routing protocols.
You need to create a security template to be applied to all domain controllers that disables unnecessary services while allowing necessary services to operate. exhibit What should you do? To answer, drag the appropriate service startup types to the correct locations in the work area.
Drag and drop question. Drag the items to the proper locations.

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.
Your company uses the lnternet to sell products. Customers place and view the status of orders by using a Web application named App1. App1 is hosted on a Windows Server 2003 computer that runs IIS. Users access App1 by using various Web browsers. You configure SSL for connections to App1.
The company’s written security policy states the following requirements:
All users must enter a user name and password when they access App1.
All users must use the same authentication method.
All users must use credentials in the company’s domain.
You need to configure IIS to support the required authentication.
exhibit What should you do?
To answer, configure the appropriate option or options in the dialog box in the work area.
Hotspot question. Click on the correct location or locations in the exhibit.

You are a security administrator for your company. The network consists of two Active Directory domains named adatum.com and proseware.com. These domains are in the same Active Directory forest. The adatum.com Active Directory domain operates at a Windows 2000 mixed mode domain functional level. The proseware.com Active Directory domain operates at a Windows 2000 native mode domain functional level.
An application runs on four Windows Server 2003 computers. These computers are domain member servers in the adatum.com Active Directory domain. Authorized users in both the adatum.com and the proseware.com domains require access to this application. The network is depicted in the exhibit. (Click the Exhibit button.)
You need to plan an authorization model to control user access to the application. You will place adatum.com user accounts in a group named Adatum AppUsers. You will place proseware.com user accounts in a group named Proseware AppUsers. You will use a group named AppResources to assign permissions that allow access to the application.
You need to choose the appropriate types of groups to implement your plan. Which three types of groups should you choose?(Each correct answer presents part of the solution. Choose three.)

You are a security administrator for your company. The network consists of two Active Directory forests.
The first forest is named tailspintoys.com and contains domain controllers that run either Windows Server 2003 or Windows 2000 Server. The second forest is named wingtiptoys.com and contains domain controllers that run Windows Server 2003. No trust relationships are established.
A certification authority (CA) running Windows Server 2003 Certificate Services is deployed and all computers are issued a Computer certificate. A Windows Server 2003 computer named Server1 is a member of the wingtiptoys.com Active Directory domain. Server1 provides users in both domains access to a payroll application. You decide to implement IPSec to encrypt the payroll application data during transmission. You configure a custom IPSec policy named Payroll App on Server1 using the rules shown in the exhibit. (Click the Exhibit button.)
You configure an IPSec default Client policy on the client computers in both Active Directory domains. During testing, you notice that client computers in the wingtiptoys.com Active Directory domain use IPSec when communicating with Server1. However, client computers in the tailspintoys.com Active Directory domain cannot communicate with Server1.
You need to enable all client computers to use IPSec when communicating with Server1. What should you do?

You are the security administrator of your network. The network consists of an Active Directory domain. All computers on the network are in the domain. The domain controllers and file servers on the network run Windows Server 2003. The client computers run Windows XP Professional.
The file servers use a custom IPSec policy named Server Traffic. The Server Traffic policy contains rules to encrypt Telnet and SNMP traffic, as shown in the exhibit. (Click the Exhibit button.) All client computers use the Client (Respond Only) IPSec policy. The default exemptions to IPSec filtering are disabled on the client computer. You want to configure the network so that Telnet, SNMP, and Kerberos traffic is encrypted by IPSec.
You do not want to encrypt other network protocols. What should you do? (Each correct answer presents part of the solution. Choose two.)

You are a security administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network is configured as shown in the Network Diagram exhibit. (Click the Exhibit button.)
Users in the sales department use portable computers that are not connected to the company network. Each week sales users travel to the company’s main office and connect to the IEEE 802.11b wireless LAN (WLAN). The WLAN is configured as shown in the Wireless Configuration exhibit. (Click the Exhibit button.) The WLAN hardware does not support IEEE 802.1x. Once a Week, sales users connect to the WLAN to retrieve confidential sales documents from file servers on the network.
You discover that unauthorized users intercepted data in sales documents while the documents were transmitted over the WLAN. You need to protect sales documents from being intercepted by unauthorized users. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 computers.
Twelve of the Windows Server 2003 computers are configured as Web servers.
You need to produce a report that identifies which Microsoft security patches are not installed on the Web servers. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.
The company’s written security policy states that security patches must be manually installed on servers by administrators. You need to configure the network to comply with the written security policy.
You need to maintain security patches by using the minimum amount of administrative effort. What should you do?