You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
Administrators in your company use scripts to perform administrative tasks when they troubleshoot problems on client computers. They connect to the Telnet service on client computers when they run these scripts. For security reasons, All Telnet traffic is encrypted by using an IPSec policy. In addition, the Telnet service is configured for manual startup on all client computers. Administrators manually start and stop the Telnet service when they perform administrative tasks. Administrators report that they sometimes cannot start the Telnet service on client computers. You examine several client computers and discover that the Telnet service is disabled.
You need to ensure that administrators can troubleshoot problems on client computers at all times. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
Users are in the marketing, sales, or production department. A high-performance color print device named ColorPrinter1 is attached to a server named Server1. ColorPrinter1 is shared by the users in the marketing department. Only users in the marketing department are permitted to print documents on ColorPrinter1. Melanie is a user in the marketing department. Melanie is responsible for ensuring that print jobs on ColorPrinter1 print properly. She is also responsible for replacing paper and for general print device maintenance. Melanie is not permitted to modify the printer itself. You need to configure permissions for ColorPrinter1.
You create a global group named Marketing. You add all marketing users to the Marketing global group. What else should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All servers are members of the domain.
The company plans to deploy a new application named App1. The application runs on servers. To test the compatibility between App1 and other applications that run on the servers, you need to change several file and registry permissions in the Windows folder on the servers. A security template named TestPerms contains the file and registry permissions that need to be set for the application testing. You create a new Group Policy object (GPO) named TestApp. You import the TestPerms security template into the TestApp GPO. You link the TestApp GPO to an organizational unit (OU) that contains only the servers that are used for the test.
You need to ensure that the file and registry permissions are set to the permissions in the TestPerms security template only during application testing. What should you do when the application testing ends?

You are a security administrator for your company. The network consists of a single Active Directory domain. All domain controllers and servers run Windows Server 2003. All computers are members of the domain.
The domain contains 12 database servers. The database servers are in an organizational unit (OU) named DBServers. The domain controllers and the database servers are in the same Active Directory site. You receive a security report that requires you to apply a security template named Lockdown.inf to all database servers as quickly as possible. You import Lockdown.inf into a Group Policy object (GPO) that is linked to the DBServers OU.
You need to ensure that the settings in the Lockdown.inf security template are applied to all database servers as quickly as possible. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows 2000 Professional.
The company’s written security policy states the following requirements: All access to files must be audited. File servers must be able to record all security events.You create a new Group Policy object (GPO) and filter it to apply to only file servers. You configure an audit policy to audit files and folders on file servers. You configure a system access control list (SACL) to audit the appropriate files.
You need to ensure that the GPO enforces the written security policy. Which two additional actions should you perform to configure the GPO? (Each correct answer presents part of the solution. Choose two.)

You are a security administrator for your company. Your company uses an accounting and payroll application. Twenty payroll clerks use the application to input data from their client computers to a database running on a Microsoft SQL Server 2000 computer named Server1.
You need to prevent unauthorized interception of the data as it travels over the company network. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
Eight Windows Server 2003 computers are members of the domain. These computers are used to store confidential files. They reside in a data center that only lT administration personnel have physical access to.
You need to restrict members of a group named Contractors from connecting to the file server computers. All other employees require access to these computers. What should you do?

You are a security administrator for your company. The network consists of a single Active Directory domain. Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows 2000 Professional. The latest operating system service pack is installed on each computer.
Thirty Windows Server 2003 computers are members of the domain and function as file servers. Client computers access files on these file servers over the network by using the Server Message Block (SMB) protocol. You are concerned about the possible occurrence of man-in-the-middle attacks during SMB communications. You need to ensure that SMB communications between the Windows Server 2003 file servers and the client computers are cryptographically signed. The file servers must not communicate with client computers if the client computers cannot sign SMB communications.
Client computers must be able to use unsigned SMB communications with all other computers in the domain. What should you do to configure the file servers?

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
One hundred users in your company are currently using an application named App1. App1 is stored in a folder on the hard disk of each user’s client computer. To secure App1, you create a new Group Policy object (GPO) named App1 Policy. The App1 Policy GPO contains a file system security policy that applies a custom DACL to App1.
You configure the DACL to assign All users only the Allow – Read permission. You filter the App1 Policy GPO to apply only to computers that have App1 installed. After you apply the App1 GPO, users immediately report that they receive an error message when they attempt to use App1. You delete the entry for App1 in the file system security policy. Users continue to report that they receive the same error message when they attempt to use App1.
You need to configure the network so that users can use App1. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?