What should you do?
You are a security administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional.
You install Software Update Services (SUS) on a server named Server1. The company’s written security policy states that all updates must be tested and approved before they are installed on network computers.
You need to ensure that SUS uses the minimum amount of disk space on Server1. What should you do?
What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows 2003 Server. All client computers run Windows XP Professional.
All computers are configured to use Automatic Updates to install updates without user intervention. Updates are scheduled to occur during o peak hours. During a security audit, you notice some client computers are not receiving updates on a regular basis. You verify that Automatic Updates is running on All client computers, and you verify that users cannot modify the Automatic Updates settings.
You need to ensure that computers on your network receive all updates. What should you do?
What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
There are 15 Windows Server 2003 computers that serve as domain controllers. For security reasons, you do not allow the domain controllers to access Web sites over the lnternet. You need to scan all of the domain controllers to identify which Microsoft security patches are not installed.
You want to achieve this goal by using the minimum amount of administrative effort and by successfully completing the scan of all domain controllers. What should you do?
Which two actions should you perform?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All computers are members of the domain.
The network contains 10 Active Directory sites. Each site represents one of the company’s offices. The offices are located around the world. Each office has a connection to the lnternet. The company maintains dedicated leased lines between the offices. You are planning a security patch management infrastructure for Microsoft security patches. You install Software Update Services (SUS) on a server named Server1. You need to ensure that Automatic Updates on the client computers and servers installs only security patches that are company approved.
You want to limit the use of the leased lines between the offices by allowing each computer to download the security patches from the lnternet. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
The company occasionally experiences downtime because of malicious lnternet worms that arrive as Microsoft Visual Basic Scripting Edition (VBS) files. You examine several client computers and discover that VBS files are downloaded by using Microsoft Outlook, instant messaging, or peer-to-peer file sharing programs.
You need to prevent users from running VBS files regardless of how they arrive on client computers. What should you do?
What should you do?
You are a security administrator for your company. The company has one main office and five branch offices. Network administrators work in the main office and each branch office.
Network administrators in the main office frequently create scripts that automate common administrative tasks. You review each script to ensure it does not introduce security vulnerabilities. Scripts that do not introduce security vulnerabilities are considered approved. Occasionally, branch office administrators modify these scripts and distribute the modified scripts to other branch office administrators. Branch office administrators often report that they accidentally run a modified version of a script.
You need to ensure that branch office administrators can verify which scripts are approved scripts. What should you do?
What should you do?
You are a security administrator for your company. The network consists of three Active Directory domains. All Active Directory domains are running at a Windows Server 2003 mode functionality level.
Employees in the editorial department of your company need access to resources on file servers that are in each of the Active Directory domains. Each Active Directory domain in the company contains at least one editorial department employee user account.
You need to create a single group named Company Editors that contains all editorial department employee user accounts and that has access to the resources on file server computers. What should you do?
What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. The network contains Windows XP Professional client computers and Windows Server 2003 computers.
You install Certificate Services to issue certificates to employees for secure e-mail encryption and Web site authentication. You revoke the certificates used by an employee when that employee leaves the company. Several thousand certificates are currently revoked, and multiple revocations occur daily. Company e-mail and Web applications already use strong revocation checking of certificates. You need to reduce the time that it takes for client computers to find out about certificate revocations and to process certificate revocation information.
You also need to limit the negative impacts that this change will have on network performance. What should you do?
Which three actions should you perform?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
Your company hosts an extranet Web site that allows employees from a partner company to access confidential information over the lnternet. You want to require the partner company employees to use certificate-based authentication to access the extranet Web site. You have a public key infrastructure (PKI), which consists of a stand-alone root certification authority (CA) and an enterprise subordinate CA. The partner company does not have a PKI. You decide to issue certificates from your CA hierarchy to the partner company employees. The partner company certificates will require a different certificate policy than the policy currently used for issuing certificates to internal employees. Certificate revocation checking will be used during certificate-based authentication. You need to implement the necessary PKI changes to comply with these requirements.
You want to achieve this goal by using the minimum amount of administrative effort. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.
Your company hosts Web applications for customers. Each customer is a company that has multiple employees who require access to the Web applications. Each customer has one Web application. Each Web application is configured as a virtual directory. You configure a user account for each customer. You assign this account permission to read the virtual directory that contains the customer’s Web application. You need to ensure that employees can access only their company’s Web application.
You must accomplish this task without requiring customers to disclose passwords. What should you do?