|
A Quick Answer Key follows the Self Test questions. For complete questions, answers, and explanations to the Self Test questions in this chapter as well as the other chapters in this book, see the Self Test Appendix.
1. | You have instituted new security policies for the IT department. One important rule is to never log on as Administrator unless it is absolutely necessary. To enhance security, you want everyone to use their regular user accounts for everyday tasks so you can maintain security as much as possible. A junior administrator comes to you and says he does not wish to log on to the server with an administrative account, but he needs to use a program that requires administrative privileges. What can he do?
|
|
2. | You have been hired as the network administrator for a small law firm. The first thing you want to do when you take over the job is increase the security on the network. You evaluate the current security level and find it lacking. You decide that you need to secure account passwords using strong encryption on domain controllers. Which utility should you use?
|
|
3. | You have recently hired a new junior administrator to assist you in running the network for a medium-sized manufacturing company. You are explaining to your new assistant that AD objects are assigned security descriptors to allow you to implement access control. You tell your assistant that the security descriptor contains several different components. Which of the following are contained in the security descriptor for an object? (Select all that apply.)
|
|
4. | You are attempting to troubleshoot some problems with access that you think can be traced back to membership in multiple groups. You want to ensure that all administrative accounts are able to perform the tasks they need to accomplish, but you want to remove the built-in accounts from all groups to which they’ve been added by another administrator, and give them only the access they had by default. You are a little confused because you know that the built-in accounts already belong to some groups at installation, and you don’t want to remove them from groups they are supposed to belong to. To which groups does the Domain Administrator account belong in Windows Server 2003 by default? (Select all that apply.)
|
|
Answers
1. | D |
2. | A |
3. | A, B, D |
4. | A, B, C |
5. | You want to allow wireless clients the ability to change their passwords after they authenticate on the network. Which method of authentication should you implement for these clients?
|
|
6. | You are implementing a new wireless network and need to change the default settings for the equipment on the WLAN. What information should you change? (Select all that apply.)
|
|
7. | You have a number of users who need to be able to roam through the building with their laptop computers and still stay connected to the network. Because of the nature of their work, it is important that they have relatively fast access for transferring a lot of very large data files over the network. You need to implement a wireless network that can connect devices up to 54 Mbps and a minimum of 24 Mbps. Which IEEE standard should you choose?
|
|
8. | You have hired a consultant to help set up wireless access points on your network. He tells you that you should turn on WEP for the wireless network to help protect it from intruders. You tell him that you have heard that WEP has many flaws and you think additional security measures should be implemented. He assures you that WEP works fine. What do you tell him are some of the problems with WEP?
|
|
Answers
5. | D |
6. | A, B |
7. | B |
8. | B |
9. | Your junior administrator wants to change the name of a user account, but he is worried that if he does so, the user will have problems accessing resources that she had previously been given permissions for. The administrator doesn’t want to need to re-create all the group memberships for the newly named account. You tell him there is no need to worry; he can go ahead and change the name, and all the account properties will remain intact. What enables an account to retain its password, profile, group membership, user rights, and membership information?
|
|
10. | You suspect that one of your users has been trying to access data in a folder to which he is not supposed to have permission. You are trying to set auditing on this folder so you can see if there are any failed events in the log indicating that the user did try to open the folder. You enable object auditing in the domain’s Group Policy Object. However, when you go to add this user to be audited for access to the folder, you find that the folder’s property pages do not contain a Security tab. What could be the problem?
|
|
Answers
9. | D |
10. | C |
11. | You need to configure Kerberos policies because you want to force user logon restrictions. You go to the computer of the user on whom you want to enforce these policies and access the Local Security Policy. However, in the GPO Editor, you cannot find Kerberos policies in the Security Settings node under Computer Configuration, under Windows Settings. What is the problem?
|
|
12. | You have been analyzing all of your security configuration information as part of a new project that requires you to provide a detailed report on your network’s security to management. Toward that end, you need to evaluate the security database test.sdb at the command prompt. What command can you use to do this?
|
|
13. | You want to set up auditing on several folders that contain important and sensitive information. There are other folders within the specified folders that contain less sensitive information, so you don’t want to audit them, because you want to put as little overhead burden on the network as you can. What happens to subfolders and files within a parent folder if auditing has been enabled?
|
|
14. | A parent folder has auditing enabled. Two folders, Applications and Phone Listings, are listed under this parent folder. You need to have the Phone Listings folder audited but not the Applications folder. How can this be accomplished?
|
|
Answers
11. | B |
12. | B |
13. | C |
14. | B |
15. | You need to install the Microsoft Software Update Services (SUS) within your domain to update security information on client computers. What are the minimum requirements that you should use for hardware for the server?
|
|
Answers
15. | B |
|