A Quick Answer Key follows the Self Test questions. For complete questions, answers, and explanations to the Self Test questions in this chapter as well as the other chapters in this book, see the Self Test Appendix.
1. | You are the network administrator for the Blue Sky, LTD, airplane manufacturer. The vice president of the Finance department has reported that some technically savvy users within the department have been attempting to access confidential information by browsing the available network shares from the Network Connections desktop icon. He has requested that users within subdepartments of the Finance area not be able to map network drives or browse network shares that they have not been explicitly granted access to. However, you have assigned a word processing application to the entire organization using a default GPO, and you do not want to reconfigure this portion of the Active Directory structure. In response to the VP s request, you have configured your Active Directory environment as shown in Figure 10.13. (Please note that, in the illustration, Enforce means that the Enforce settings property has been applied to the GPO in question.) Which setting(s) will be applied to a workstation in the Collections OU? (Choose all that apply.) Figure 10.13: Question 1 Illustration
|
|
2. | You are the administrator for a Windows Server 2003 domain. Your network consists of five locations connected by high-speed Internet connections. Your network servers are running solely Windows Server 2003, but you are supporting network clients that are a mixture of Windows XP Professional, Windows 2000, and Windows NT 4.0 Workstation. Because of the recent spate of critical security updates that have been released by Microsoft, you need to design a strategy to apply security updates to all of your workstations in a quick and efficient manner. Given the current environment, what option can you use to roll out updates for all of your network clients ?
|
|
3. | You are the network administrator for a Windows Server 2003 network with Windows XP Professional desktops. Your help desk has been inundated with support calls from users who have intentionally or accidentally altered their system settings in such a way that they have lost network connectivity or some other form of functionality. You create a new Group Policy Object (GPO) that restricts access to the Control Panel for all of your network users and link it to the domain level. You notice after several weeks that support calls have greatly diminished except for the Communications department. Upon further investigation, you discover that this department is contained within its own OU, and the OU has another GPO applied to it that explicitly grants access to the Control Panel, along with several other settings that the department manager insists are critical for his employees to perform their job functions. How can you enforce the Control Panel lockout without otherwise adversely affecting the Communications department?
|
|
Answers
1. | A , B , D |
2. | D |
3. | B |
4. | You are the network administrator for a medical research facility running Windows Server 2003. Your firm is beginning a joint research operation with a major university, and many of your users will need to access files and folders on the university s network. The university that you are collaborating with is operating using a UNIX Kerberos environment with UNIX clients at each desktop. Your company s resources should also be accessible by the university staff. How can you accomplish this with the least administrative effort?
|
|
5. | You are the network administrator for a large e-commerce site. Your Web developers have created a Web application to share information on the company intranet; this application relies on Digest Authentication to allow users to log on. For some reason, employees seem to be unable to access the new application. You check the account properties of one of the user accounts and see the screen shown in Figure 10.14. What is the most likely reason why your users cannot authenticate? Figure 10.14: Administrator Properties Sheet
|
|
Answers
4. | A |
5. | D |
6. | You are a local administrator within a large, multinational corporation. You would like to offer remote access capabilities for the users on your Windows Server 2003 domain. However, your corporation s security policies dictate that all remote access authentication needs to be processed by several UNIX-based RADIUS servers located at various points within the company s global infrastructure. How can you establish remote access authentication for your users that adheres to the corporation s security policies?
|
|
7. | You are the network administrator for Blue Collar, Inc. clothing manufacturers. You have just installed a high-speed Internet connection at the corporate office, and you are designing a remote access scheme that will allow your branch offices and remote users to connect to the corporate LAN to access file shares and other resources. You create a single remote access policy that allows incoming VPN connections between 9 a.m. and 9 p.m., Monday through Friday. You have left all other policy settings at their default values. Most users are connecting to the VPN without issue, but your graphics designer who works from her home office is unable to connect to the VPN using her Macintosh desktop. What is the most likely reason why this is occurring?
|
|
8. | You are the network administrator for a multisite Active Directory-based network. Your current network infrastructure consists of the following server machines:
Your network contains over 1,000 users on Windows 2000 and XP Professional workstations belonging to a single Windows Server 2003 domain. The load on the DCs is fairly high, with processor utilization spiking to over 90 percent at several points during the day, especially first thing in the morning and close to 5 p.m . MAX-APP1 is a dedicated application development server that receives similar processor-heavy requests from your department of application developers. With the recent spate of software vulnerabilities, you would like to implement a patch management solution for the clients and servers on your network. Because of some sensitive development environments and documents on your network, you want to be able to test any updates before you apply them to your network servers and clients. You do not have any available budget for new hardware upgrades or purchases. What would be your best course of action in this scenario? (Choose all that apply.)
|
|
Answers
6. | A |
7. | A |
8. | A , D |