A Quick Answer Key follows the Self Test questions. For complete questions, answers, and explanations to the Self Test questions in this chapter as well as the other chapters in this book, see the Self Test Appendix.
1. | You have been asked to design an access control strategy for your firm and it must be done as soon as possible. The company currently has about 85 employees, each of whom has a desktop or laptop computer. There are four servers functioning in various roles. The departments are Finance, Administration, Customer Service, Trucking, Warehouse Operations, Purchasing, and IT. Your company plans to expand operations in the next one to two years , adding about 28 new employees in that period of time. There is fairly high turnover in the Trucking and Purchasing departments. Seasonal help comes in during the holidays to assist with warehouse operations, and some seasonal staff have computer access. There are a number of staff that change from one department to another based on external business drivers and internal staffing skills. There have never been any attacks on the network and most users have fairly basic computer skills. All systems are Windows Server 2003, Windows 2000 native mode, and Windows XP. Most users have the ability to use e-mail, word processing, and spreadsheet programs. About 10 employees , including those in the IT department, have advanced skills, and the IT department is comprised of five people, three of whom have advanced programming skills. Based on this information, which access control model is best suited to your organization?
|
|
2. | You ve been looking at users and groups on your network and have decided there are a lot of groups that are probably no longer used. Several key projects have wrapped up and there were several groups created just for those projects. After examining these groups, you decide they re no longer in use and you delete them. During the next hour , you receive phone calls complaining that users can no longer access network resources. What is your best course of action in this situation?
|
|
3. | Your company is upgrading to Windows Server 2003 and Windows XP across the board. You re using Active Directory in all domains. Your current structure consists of three domains: somecompany.com, admin.somecompany.com, and sales.somecompany.com. In the sales.somecompany.com domain, there are four domain local groups called Managers, Sales, Service, and Tech. Members of the Managers group should have the same permissions as the Executive global group in the admin.somecompany.com domain. What is the best way to give Managers the same privileges as Executives?
|
|
4. | You look in Event Viewer and notice an odd series of events that were logged last night beginning at 11:36 p.m. The events are as listed. Your company runs Monday through Friday, 7 a.m. to 7 p.m. , but there are a number of managers who sometimes work late to monitor Web orders and other end-commerce functions. These managers sometimes log in from home and have no restrictions on time-of-day access. Other users have time-of-day restrictions and can only log on between 6:30 a.m. and 7:30 p.m . Four employees are currently on vacation, and two other employees were recently terminated . Based on these events, what is the most likely explanation for what s happening? 11:36pm 531: Logon failure. A logon attempt was made using a disabled account. 11:37pm 540: A user successfully logged on. 11:37pm 531: Logon failure. A logon attempt was made using a disabled account. 11:37pm 531: Logon failure. A logon attempt was made using a disabled account. 11:39pm 529: Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password. 11:43pm 540: A user successfully logged on. 11:43pm 529: Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password. 11:44pm 551: A user initiated the log off process. 11:44pm 529: Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password. 11:47pm 551: A user initiated the log off process. 11:47pm 539: Logon failure. The account was locked out at the time the logon attempt was made.
|
|
Answers
1. | C |
2. | D |
3. | C |
4. | D |
5. | Your company recently sent out an e-mail to an employee distribution list that consisted of all managers and all members of the Research department. The e-mail requested that all employees receiving the e-mail immediately begin encrypting all files related to a particular high-profile client. The e-mail suggested that there had been recent attempts to compromise the network and gain access to these sensitive files. The e-mail outlined steps for using EFS to encrypt these sensitive files. Lisa is a corporate executive who works with this high-profile client. She was on a business trip visiting this client when she received the e-mail. While she was waiting for her flight at the airport, she followed the instructions in the e-mail to encrypt sensitive files. Based on this information, what type of encryption certificate does Lisa have?
|
|
6. | You use execute the following command in a command prompt window: cipher /r:financedra and then you open the MMC, add the Group Policy Editor snap-in, and add to the FinanceOU policy. You expand the nodes until you locate the Encrypting File System node. You click Add Data Recovery Agent and specify financedra.cer . What have you just accomplished?
|
|
Answers
5. | A |
6. | A |
7. | Your company has four critical servers located in one server room. The first server holds various data files, including all users files stored on the network. The second server is a proxy server. The third and fourth servers provide critical network functions, including DC and DNS server. You have standard (default) installations of Windows Server 2003 on all servers. You perform incremental backups each night and a full backup on Sundays at 11:30 p.m. for each server. On Monday morning around 9:40 a.m., a brand new virus attacks the proxy server and disables the computer. You re able to download a just-released update for your virus signature file and install it on the proxy server to remove the virus. However, the system is not operational and it appears much of the data has been corrupted. Users cannot reach the Internet and the help desk is suddenly flooded with calls and e- mails . You send out a global e-mail in response and let people know that you expect to have the system up by 11 a.m . What recovery method will best restore the system to a functional state?
|
|
8. | You have previously installed Windows Server 2003 on seven servers. On four of these servers you ve enabled Emergency Management Services. One of these servers experiences a Stop message. You are not sure what s causing the problem, but you notice that the prompt is shown as !SAC. You assumed that you would be able to use the Special Administration Console (SAC) for monitoring, reviewing, and repairing a wide range of problems, but it is not available. The system won t boot in safe mode and you are unable to determine the nature of the problem. What is the most likely cause of the SAC not being available?
|
|
Answers
7. | B |
8. | C |