| < Day Day Up > |
|
1. | How should you configure the connectivity from the internal network to the Internet?
|
|
2. | Which of the following actions should you take immediately after an intrusion has been detected?
|
|
3. | You need to make sure that the appropriate patches are applied to all workstations in a timely fashion, even if they are not in the office. Which of the following methods would guarantee this requirement is met? (Choose all that apply.)
|
|
4. | You are going to upgrade a Windows 2000 Server to Windows Server 2003, Enterprise Edition and promote it to a domain controller. You need to make sure that it meets the business requirements. Which of the following would you do? (Choose all that apply.)
|
|
5. | A security breach occurs and you need to make sure that the appropriate authorities get notified and are provided with all the necessary evidence. Which of the following steps should you take while still maintaining the business requirements? (Choose two.)
|
|
6. | You are creating a response procedure to react to the inventory web service server becoming compromised. Which one of the following tasks should you complete in order to maintain your organization’s service level agreement with the company’s resellers?
|
|
Answers
1. | C. One of the business requirements states that there must be more than one layer that an attacker must breach in order to penetrate the internal network. Only the back-to-back configuration provides two firewalls, with the DMZ sitting between the public network and the private or internal network. |
2. | D. The first thing that should be done once an attacker is detected is to disconnect the network cable from the system that has been compromised. Once the network cable is unplugged, you should next create an image copy of the server to be evaluated later or used as evidence. In a lab environment, you could load the image onto a computer and check the logs to trace the exploit. Once the server is deemed unaffected by the breach, you should make sure that the latest patches and service packs are applied. |
3. | A, B. All of the options could be used to meet this requirement. However, training users to do it manually is a good idea, although it won’t guarantee that the updates are applied in a timely fashion. Automating Windows Update will allow for the automatic download and installation of patches and hotfixes on a fairly regular basis. Group Policy can also be used to push the updates to the workstations; this is useful when the patches need to be tested before they are rolled out to the users. |
4. | B, C, E. You should make sure that an antivirus package is installed on the server and that it is updated regularly. Automating Windows Update services allows for the latest security-related patches to be automatically deployed when available. Disabling the nonessential services will make the attack surface smaller and more difficult to penetrate. By default, when you upgrade from Windows 2000 to Windows Server 2003, Enterprise Edition, Internet Information Services is disabled; therefore it is not necessary to manually uninstall it prior to the upgrade. The SVCHOST service runs many essential services and should not be shut down; you can monitor what services are running through it using the tasklist /svc command. |
5. | A, D. The first thing that you should do in this situation is to isolate the compromised system; this is easily achieved by unplugging the Ethernet cable from the switch. Once the system has been isolated, you should create an image backup of it to preserve the evidence. Shutting down the public network connection would affect more than the minimal number of services and violates the business requirements. Closing the office is even worse than shutting off the public network connection. |
6. | A. Because the business requirements state that you must have the inventory service back up within an hour, you must move it to another server or site while the team responds to the incident. |
| < Day Day Up > |
|