Self Test


A Quick Answer Key follows the Self Test questions. For complete questions, answers, and explanations to the Self Test questions in this chapter as well as the other chapters in this book, see the Self Test Appendix.

Designing an Access Control Strategy for Files and Folders

1.  

You have been asked to design an access control strategy for your firm and it must be done as soon as possible. The company currently has about 85 employees, each of whom has a desktop or laptop computer. There are four servers functioning in various roles. The departments are Finance, Administration, Customer Service, Trucking, Warehouse Operations, Purchasing, and IT. Your company plans to expand operations in the next one to two years , adding about 28 new employees in that period of time. There is fairly high turnover in the Trucking and Purchasing departments. Seasonal help comes in during the holidays to assist with warehouse operations, and some seasonal staff have computer access. There are a number of staff that change from one department to another based on external business drivers and internal staffing skills. There have never been any attacks on the network and most users have fairly basic computer skills. All systems are Windows Server 2003, Windows 2000 native mode, and Windows XP. Most users have the ability to use e-mail, word processing, and spreadsheet programs. About 10 employees , including those in the IT department, have advanced skills, and the IT department is comprised of five people, three of whom have advanced programming skills. Based on this information, which access control model is best suited to your organization?

  1. Role-based

  2. Access group/ resource group

  3. Access group/ACL

  4. User /ACL

 c

2.  

You ve been looking at users and groups on your network and have decided there are a lot of groups that are probably no longer used. Several key projects have wrapped up and there were several groups created just for those projects. After examining these groups, you decide they re no longer in use and you delete them. During the next hour , you receive phone calls complaining that users can no longer access network resources. What is your best course of action in this situation?

  1. Use the Undo command to undo the action and restore the deleted groups.

  2. Use the Restore command to undo the action and restore the deleted groups.

  3. Recreate the deleted groups using the same names . The groups will inherit the same permissions as the deleted groups if Active Directory has not been replicated in between deleting the groups and recreating the groups.

  4. Recreate the deleted groups and assign users and permissions to restore access to users.

 d

3.  

Your company is upgrading to Windows Server 2003 and Windows XP across the board. You re using Active Directory in all domains. Your current structure consists of three domains: somecompany.com, admin.somecompany.com, and sales.somecompany.com. In the sales.somecompany.com domain, there are four domain local groups called Managers, Sales, Service, and Tech. Members of the Managers group should have the same permissions as the Executive global group in the admin.somecompany.com domain. What is the best way to give Managers the same privileges as Executives?

  1. Add the Managers group to the Executive group.

  2. Add the Executive group to the Managers group.

  3. Create a universal group named ExecMgr and add both the Executive and Manager groups.

  4. Create a nested group under Executives called ExecMgr and add members of the Managers group to this new group.

 c

4.  

You look in Event Viewer and notice an odd series of events that were logged last night beginning at 11:36 p.m. The events are as listed. Your company runs Monday through Friday, 7 a.m. to 7 p.m. , but there are a number of managers who sometimes work late to monitor Web orders and other end-commerce functions. These managers sometimes log in from home and have no restrictions on time-of-day access. Other users have time-of-day restrictions and can only log on between 6:30 a.m. and 7:30 p.m . Four employees are currently on vacation, and two other employees were recently terminated . Based on these events, what is the most likely explanation for what s happening?

 11:36pm   531:  Logon failure. A logon attempt was made using a disabled account. 11:37pm   540: A user successfully logged on. 11:37pm   531:  Logon failure. A logon attempt was made using a disabled account.  11:37pm   531:  Logon failure. A logon attempt was made using a disabled account. 11:39pm   529:  Logon failure. A logon attempt was made with an unknown user name                 or a known user name with a bad password. 11:43pm  540: A user successfully logged on. 11:43pm  529:  Logon failure. A logon attempt was made with an unknown user name                 or a known user name with a bad password. 11:44pm  551: A user initiated the log off process. 11:44pm  529:  Logon failure. A logon attempt was made with an unknown user name                or a known user name with a bad password. 11:47pm  551: A user initiated the log off process. 11:47pm  539:  Logon failure. The account was locked out at the time the logon                 attempt was made. 
  1. It appears that one of the managers was attempting to log in and mistyped his or her password or username.

  2. Someone is attempting a brute force attack.

  3. One of the former employees gained unauthorized access to the system.

  4. Two attacks might be in progress: one by a former employee and one by an outsider.

 d

Answers

1.  

C

2.  

D

3.  

C

4.  

D

Designing an Encrypted File System Strategy

5.  

Your company recently sent out an e-mail to an employee distribution list that consisted of all managers and all members of the Research department. The e-mail requested that all employees receiving the e-mail immediately begin encrypting all files related to a particular high-profile client. The e-mail suggested that there had been recent attempts to compromise the network and gain access to these sensitive files. The e-mail outlined steps for using EFS to encrypt these sensitive files. Lisa is a corporate executive who works with this high-profile client. She was on a business trip visiting this client when she received the e-mail. While she was waiting for her flight at the airport, she followed the instructions in the e-mail to encrypt sensitive files. Based on this information, what type of encryption certificate does Lisa have?

  1. An EFS self-signed certificate.

  2. An EFS certificate based on cached login credentials.

  3. A certificate issued by the corporate CA.

  4. A temporary EFS certificate to be used until a more reliable certificate is obtained.

 a

6.  

You use execute the following command in a command prompt window: cipher /r:financedra and then you open the MMC, add the Group Policy Editor snap-in, and add to the FinanceOU policy. You expand the nodes until you locate the Encrypting File System node. You click Add Data Recovery Agent and specify financedra.cer . What have you just accomplished?

  1. You have imported a recovery agent that can be used for all computers and users in the FinanceOU.

  2. You have imported a recovery agent for the local computer that is part of the FinanceOU.

  3. You cannot import this file via the Group Policy Editor snap-in into the Encrypting File System policy. Instead, use the Certificates snap-in and import the financedra.cer file.

  4. Although you used the cipher command, the /r switch will only create the recovery agent. You must create the private keys and certificate using additional parameters in the cipher command.

 a

Answers

5.  

A

6.  

A

Design Security for a Backup and Recovery Strategy

7.  

Your company has four critical servers located in one server room. The first server holds various data files, including all users files stored on the network. The second server is a proxy server. The third and fourth servers provide critical network functions, including DC and DNS server. You have standard (default) installations of Windows Server 2003 on all servers. You perform incremental backups each night and a full backup on Sundays at 11:30 p.m. for each server. On Monday morning around 9:40 a.m., a brand new virus attacks the proxy server and disables the computer. You re able to download a just-released update for your virus signature file and install it on the proxy server to remove the virus. However, the system is not operational and it appears much of the data has been corrupted. Users cannot reach the Internet and the help desk is suddenly flooded with calls and e- mails . You send out a global e-mail in response and let people know that you expect to have the system up by 11 a.m . What recovery method will best restore the system to a functional state?

  1. Reformat the hard drive on the proxy server, reinstall the operating system, and restore the data files.

  2. Use the Automated System Recovery set generated with the backups to restore both system state and data files.

  3. Use the Emergency Management Services to redirect the console to a remote machine, view the kernel log, and then restore the parts of the system affected by the virus.

  4. Use the Recovery Console option to restore the system to its original state, and then use the backups to restore data files.

 b

8.  

You have previously installed Windows Server 2003 on seven servers. On four of these servers you ve enabled Emergency Management Services. One of these servers experiences a Stop message. You are not sure what s causing the problem, but you notice that the prompt is shown as !SAC. You assumed that you would be able to use the Special Administration Console (SAC) for monitoring, reviewing, and repairing a wide range of problems, but it is not available. The system won t boot in safe mode and you are unable to determine the nature of the problem. What is the most likely cause of the SAC not being available?

  1. !SAC is always available before SAC. Once you ve determined the nature of the problem via !SAC commands, you can resolve the problem and use SAC to restore the system to its functional state.

  2. Stop messages typically invoke SAC. In this case, however, because the system cannot start in Safe mode, !SAC was called by the Recovery Console.

  3. SAC is not available because some system component failed causing the Stop message.

  4. If the server is stopped and restarted via Emergency Management Services using console redirection on an out-of- band connection, it will restart in the !SAC mode by default.

 c

Answers

7.  

B

8.  

C




MCSE Designing Security for a Windows Server 2003 Network. Exam 70-298
MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
ISBN: 1932266550
EAN: 2147483647
Year: 2003
Pages: 122

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net