| < Day Day Up > |
|
1. | You need to design a resource access solution for the marketing department that meets business and technical requirements. A one-way trust has been created where the IntelliAgent forest trusts the JC Enterprises forest. Which actions should you perform? (Each answer presents part of the solution. Choose two options.)
|
|
2. | You need to design a method to grant permissions to the office manager in each of the South American satellite offices so that they can reset passwords for other employees at each site. What should you do?
|
|
3. | You need to design a method to track changes that users make to the North America servers’ data. What should you do?
|
|
4. | You need to design a method to track access to customer data. Your solution must comply with the written security policy. What should you do?
|
|
5. | You need to design an access control strategy that meets business and security requirements. Your solution must minimize forestwide replication. What should you do?
|
|
Answers
1. | D, E. Following best practices, options D and E are correct. Option A is incorrect because the Universal group is created in the JC Enterprises forest and not the forest that holds the resource to be shared. Option B is incorrect because it doesn’t minimize administration overhead. Option C is incorrect because accounts should not be members of a Universal group when the AG(G)UDLP best practice is followed. |
2. | C. To minimize administrative overhead, you should use delegation to allow the office managers in the remote locations to reset the passwords for the employees in their respective offices. Granting the office managers administrator privileges gives them more than the required permissions, so it is not a secure solution. Granting the office managers’ accounts the permissions to create new objects in an OU does not allow them to reset the password for other employees at the site, so option D is incorrect. |
3. | E. To track the changes made remotely to the data on the servers in North America, you should enable auditing on the shares on the server in Miami. Privilege use is too broad, therefore option A is incorrect. You need to track access to the file system, not access to the directory, therefore option B is incorrect. NTConfig.pol was used in Windows NT 4 for policies, which won’t play a role in Windows Server 2003. Creating a GPO restricting access to the Registry has no effect on the tracking of remote access to files, so option D is incorrect. |
4. | C. You will need to audit successful and failed attempts to access the data rather than just the failed attempts as stated in option D. Option A has no impact on the tracking requirements in the written security policy. The MBSA will not do anything automatically as a result of it being run periodically. |
5. | E. Using a Universal group with Global groups as its members means that, changes in membership in the Global groups will not cause forestwide replication to be required, only domainwide replication. |
| < Day Day Up > |
|