PrepAway - Latest Free Exam Questions & Answers

What should you recommend?

Your network consists of a single Active Directory forest that contains a root domain and two child domains.
All servers run Windows Server 2008 R2. A corporatepolicy has the following requirements:
All local guest accounts must be renamed and disabled.
All local administrator accounts must be renamed.
You need to recommend a solution that meets the requirements of the corporate policy.
What should you recommend?

PrepAway - Latest Free Exam Questions & Answers

A.
Implement a Group Policy object (GPO) for each domain.

B.
Implement a Group Policy object (GPO) for the root domain.

C.
Deploy Network Policy and Access Services (NPAS) on all domain controllers in each domain.

D.
Deploy Active Directory Rights Management Services (AD RMS) on the root domain controllers.

Explanation:
This security policy reference describes the best practices, location, values, and security considerations for this
policy setting.
** The built-in Administrator account exists on allcomputers that run the Windows Server 2008 R2, Windows
Server 2008, Windows Server 2003, Windows 2000 Server, or Windows XP Professional operating systems. If
you rename this account, it is slightly more difficult for unauthorized persons to guess this privileged user name
and password combination. Beginning with Windows Vista, the person who installs the operating system
specifies an account that is the first member of the Administrator group and has full rights to configure the
computer. The account cannot have the name Administrator, so this countermeasure is applied by defaulton
new Windows Vista and Windows 7 installations. If acomputer is upgraded from a previous version of
Windows to Windows Vista or Windows 7, the account with the name Administrator is retained with all the
rights and privileges that were defined for the account in the previous installation.
The built-in Administrator account cannot be lockedout, regardless of how many times an attacker might use a
bad password. This capability makes the Administrator account a popular target for brute-force attacksthat
attempt to guess passwords. The value of this countermeasure is lessened because this account has a well-known SID, and there are non-Microsoft tools that allow authentication by using the SID rather than the account
name. Therefore, even if you rename the Administrator account, an attacker could launch a brute-force attack
by using the SID to log on.
http://technet.microsoft.com/en-us/library/jj852273(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/jj852265(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/jj852219(v=ws.10).aspx


Leave a Reply