What should you do?
You are a security administrator for your company. The network consists of a single Active Directory domain. Four Windows Server 2003 computers run IIS and serve as Web servers on the lnternet.
The company’s written security policy states that computers that are accessible from the lnternet must be hardened against attacks. The procedure for hardening computers includes disabling unnecessary services. You evaluate which services are necessary by using the following information about the Web servers: Customers and business partners access Web content on the Web servers after they authenticate by using a user name and password. To access certain parts of the site, some of these connections use the SSL protocol. All software is installed locally on the Web servers by using removable media, except for service packs and security patches. The Web servers automatically download service packs and security patches from an internal computer that runs Software Update Services (SUS). The Web servers are not functioning as any other roles.
You need to create a security template for the Web servers that disables unnecessary services and allows necessary services to operate.exhibit What should you do? To answer, drag the appropriate service startup types to the correct locations in the work area.
Drag and drop question. Drag the items to the proper locations.
What should you do?
You are a security administrator for your company. The company consists of two divisions. One division is named Coho Winery and is located in San Francisco. The other division is named Coho Vineyard and is located in Paris. Each division is connected to the lnternet by a 1. 544 Mbps WAN connection.
Coho Winery consists of a single Active Directory forest named cohowinery.com. All servers run Windows Server 2003. All client computers run Windows XP Professional. Coho Winery has a Microsoft SQL Server 2000 database that contains customer information. The SQL Server 2000 database is hosted on a Windows Server 2003 computer named Server1.
Coho Vineyard consists of a single Active Directory forest named cohovineyard.com. All servers run Windows 2000 Server. All client computers run Windows 2000 Professional or Windows NT Workstation. All computers run the latest service packs.
To enable data replication, you configure a new Windows Server 2003 computer named Server2 in the cohovineyard.com forest. You install SQL Server 2000 on Server2. Your database administrator configures the database on Server1 to replicate to Server2 every night.
Management reports that a competitor acquired confidential customer data. You determine that the competitor intercepted customer data as it replicated from Server1 to Server2. You decide to use IPSec to protect customer data as it replicates.
You need to configure an IPSec policy to protect customer data as it replicates. What should you do?
The solution you are designing should be employed to provide for the desired level of security the remote port
You need to design an authentication method for the portable computer used on the network. The solution you are designing should be employed to provide for the desired level of security the remote portable computer?
Which two actions should you perform?
You are designing a security strategy for the infrastructure servers at the resorts. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
How should you configure security on this printer?
You and Stephen are the desktop administrators for your company. You install a printer on your Windows XP Professional computer. You share this printer on the company network. You want to ensure that only members of the DTAdmins local group can use this printer, and that only you and Stephen can manage the printer and all print jobs. You also want to ensure that members of the DTAdmins local group can manage only their own print jobs. How should you configure security on this printer?
What should you do?
You are the network administrator for your company. The network consists of a single Active Directory domain that contains two domain controllers. Both domain controllers run Windows Server 2003. All client computers run Windows XP Professional. The only account in the Domain Admins security group is the Administrator account in the domain. Each night, a full backup is made of the hard disks in each domain controller. You disable the local Administrator account in the Default Domain Policy Group Policy object (GPO). You discover that you are no longer able to log on to either domain controller as the Administrator from the domain. You need to ensure that you can log on to both domain controllers as the Administrator from the domain. What should you do?
What should you do in the custom security template?
Your company has an Active Directory directory service domain. The network environment includes servers that run Windows Server 2003 and servers that run Windows 2000 Server. You plan to create a custom security template that configures the NTLM protocol setting that is used by the domain controllers to the most secure setting possible. You need to ensure that all servers continue to communicate with the domain controllers.
What should you do in the custom security template?
Which predefined security template should you use?
Your company has an Active Directory directory service domain. All servers run Windows Server 2003. Your security baseline requires you to control local group membership on all member servers. You need to automatically remove users from the Power Users group on member servers. You must ensure that only the Domain Admins security group and the local Administrator account are members of the local Administrators group. Which predefined security template should you use?
What should you do?
You are the network administrator for your company. The network contains 20 Windows Server 2003 database servers.The written security policy for your company requires that the following services must be disabled on all database server computers. Computer Browser File Replication Indexing Service Remote Registry Server Task SchedulerThe written security policy also requires that the database servers must be prohibited from having access to the Internet. You use a Windows XP Professional client
computer named Admin1 that has access to the Internet.You need to perform a weekly analysis of the hotfix level of the database servers compared with the latest available updates.
You need to minimize the amount of administrative effort.What should you do?
What should you do?
You are the network administrator for your company.The network consists of a single Active Directory domain.
The domain contains an organizational unit (OU) named Webservers.The Webservers OU contains the computer accounts of 12 Windows Server 2003 computers that function as intranet Web servers.A Group Policy object (GPO) named WebserversPolicy is linked to the Webservers OU.The GPO is used to configure various settings on the computers in the OU. A global group named WebserverAdmins is a member of the Administrators local group on each intranet Web server.
You plan to install a security scanning application on each intranet Web server.The documentation for the application states that it uses a service account, which must be able to modify the HKEY_LOCAL_MACHINESYSTEM key in the registry of every computer on which the application is installed.
You create the service account in the domain.The company’s written security policy states that service accounts must be assigned only the minimum rights and permissions that they require to function.
You need to configure the intranet Web servers so that they comply with the installation requirements of the security scanning application.You also need to comply with the company’s security policy.You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?