| < Day Day Up > |
|
1. | You need to design a patch management solution that distributes and applies security patches. Your solution must meet business and security requirements. What should you do?
|
| ||||||||||||||
2. | You need to design the configuration of IIS and SQL Server machines to meet the requirements in the written security policy. What should you do?
|
| ||||||||||||||
3. | You need to make sure that the executives’ laptops are secured and that the configuration that secures them is different than the configuration used to secure the desktops that they use. All client computer accounts are in the ClientComputers OU. What should you do to ease the application of the configuration information in a GPO to the laptops without causing the same settings to be applied to the desktops?
|
| ||||||||||||||
4. | You need to deploy patches to the computers in each department, and you need to make sure that your solution meets with the approval of the system administrator. What should you do?
|
| ||||||||||||||
5. | Due to an acquisition, a new office has been added to your infrastructure in Phoenix. The Phoenix site has a high-speed link directly to the Los Angeles office. You need to redesign the Software Update Services (SUS) infrastructure for the company. You will need to decide whether or not each of the new SUS servers will be receiving new updates directly from Microsoft servers on the Internet or from another SUS server within the company. Your solution must use the fewest number of SUS servers that retrieve their updates from the Internet while still preserving Internet bandwidth. What should you do? To answer place the appropriate SUS server with the appropriate site. Some options may be used more than once, others may not be used at all.
|
|
Answers
1. | C. To minimize Internet traffic, each site should connect to the Microsoft Windows Update site and download the patches that they require independently of one another. Because the Wilmington office has a high-speed connection to the Philadelphia office, there is no need for it to get the updates from the Internet, nor does it need to maintain its own SUS server. Option A is incorrect because Wilmington doesn’t need to access the Internet or be running a SUS server. Options B and D are incorrect because the link between Los Angeles and Minneapolis is over the Internet and there would be a significant increase in Internet traffic if all patches were deployed across the site link. | ||||||||||||
2. | C. Option C allows each of the required servers to be scanned on a regular basis, which is why it is correct. Option A is incorrect because all of the servers are scanned, not just the SQL Server and IIS servers, as stated in the security requirements. Option B evaluates the servers only when they start up, which should not happen very frequently, and therefore it is incorrect. Option D puts too much of a burden on the administrator to manually run the MBSA utility. | ||||||||||||
3. | A. Moving the laptop computers into their own container, or OU, is the best solution for applying the GPO only to them. Software restriction policies will not affect the security configuration on the computers. The Security Configuration And Analysis tool can be used to analyze only one computer at a time, whereas a template can be used to analyze multiple computers. The MBSA utility is used only for auditing and reporting and will not make configuration changes to any of the computers. | ||||||||||||
4. | B. According to the system administrator, each department needs the ability to approve different security patches; therefore, each department needs its own SUS server. Only option B allows a set of patches to be approved for each department. Option A is incorrect because it only allows one set of updates to be approved for all computers in the enterprise. Options C and D are also incorrect because they don’t allow different patches per department. | ||||||||||||
5. |
Wilmington and Phoenix, because of their high-speed link to a main site, do not require a SUS server that retrieves the updates from the Internet. The Wilmington SUS server will retrieve its updates from the Philadelphia SUS server, and the Phoenix SUS server will retrieve its updates from the Los Angeles SUS server. Each site requires its own SUS server for patch approval. Philadelphia, Minneapolis, and Los Angeles will retrieve their downloads from the Microsoft Internet site. |
| < Day Day Up > |
|