| < Day Day Up > |
|
1. | You are configuring a workstation running Windows XP Professional to work as an information kiosk at the local shopping mall. You want to limit the functionality so that teenagers who regularly visit the mall cannot hijack the system and use it for purposes other than for providing information to mall patrons about the services available. The information is provided by means of a custom Web application that runs off a computer running Windows Server 2003 and IIS that is located in the shopping mall’s administrative section. Which of the following lockdown options cannot be applied by means of the Windows XP Professional local GPO?
|
|
2. | You want to lock down Microsoft Internet Explorer as much as possible for computers located in a student laboratory at the local college. You have the following goals: Primary Goal: The students are allowed to run only specific applications, such as Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. This is to stop the students from running unauthorized programs such as network games. First Secondary Goal: The students are prevented from accessing the command prompt. Students should also be prevented locking the computer by using Ctrl+Alt+Del. This is so that students do not lock the screen when they leave the laboratory, denying access to other students. Second Secondary Goal: The students are prevented from accessing the registry editing tools. The students are also restricted from running the programs chat.exe and strategy.exe from Windows Help. This is because some enterprising students found a way to create Help files to launch these particular applications. You perform the following tasks: Create an organizational unit called LAB MACHINES and move all of the computer accounts into this organizational unit. Create another organizational unit called LAB STUDENTS and move all of the user accounts of students that use the lab into this organizational unit. Create a Group Policy object with the following settings: User Configuration\Administrative Templates\System \Ctrl+Alt+Del Options\Remove Change Password: Configured \Ctrl+Alt+Del Options\Remove Task Manager: Configured \Run only allowed Windows applications \Prevent access to the command prompt: Configured \Restrict these programs from being launched from help: Configured \Prevent access to the command prompt: Configured \Prevent access to registry editing tools: Configured You edit the “Restrict these programs from being launched from help” policy and add chat.exe and strategy.exe. After you have performed all of the listed tasks, which of your goals have you achieved?
|
|
3. | You are configuring an IIS system that runs on Windows Server 2003. For the purposes of security, you want to limit the installed components to only those that are critical for the operation of the system. The system only serves up static Web pages in HTML format. It provides no dynamic Web pages, nor does it provide any type of Web application or Web service. The server will be patched manually and will not use the Windows Update or Software Update Service. Given this information, which of the following components in the Application Server dialog box or the Internet Information Services dialog box, located in the Add/Remove Windows Components section of Add/Remove Programs, do not need to be installed on this server for it to be able to complete its function? (Select all that apply.)
|
|
4. | Recently, your security audits have shown repeated brute force dictionary attacks occurring against the local administrator accounts on computers running Windows XP Professional, Windows NT 4.0 Workstation, and Windows Server 2003 on your network. Your network is made up of a forest of three domains. The root domain, tailspintoys.com, is made up entirely of computers running Windows Server 2003. The child domain, structured.tailspintoys.com, is made up of computers running Windows Server 2003 and Windows XP Professional. The child domain, legacy.tailspintoys.com, is made up of computers running Windows Server 2003 and Windows NT 4.0 Workstation. The attack appears unsophisticated in that it only targets the Administrator account and does not try to gain access to other accounts. With this in mind, you decide to change the name of the Administrator account on all computers in your forest to Sysmanager. Because the attack is singling out the Administrator account specifically, it will not have any chance of success after the name is changed to Sysmanager. Which of the following represents a method of changing the name of the Administrator account to Sysmanager on all computers in the forest?
|
|
Answers
1. | Correct Answers: C
|
2. | Correct Answers: E
|
3. | Correct Answers: B, C, and D
|
4. | Correct Answers: C
|
| < Day Day Up > |
|