A

All critical hot fixes and patches to the Cisco IP Telephony Operating System are posted on Cisco.com for download within 24 hours of the announcement from Microsoft. All noncritical hot fixes and patches are bundled for a consolidated, monthly release from Cisco.com.

B

Heuristic scanning should not be allowed because this feature can prevent CallManager Administration web pages from operating correctly.

C

A headless (standalone) version of the Cisco Security Agent (CSA) is provided by Cisco, free of charge, to protect Cisco CallManager against malicious applications.

C

Password expiration policies should be disabled on all service accounts. If the service account password were to expire, it could prevent a variety of CallManager services from operating correctly.

C

The IIS service comprises 80 percent of all attacks on Windows servers. Because of this, it is a best practice to stop the IIS service on all Cisco CallManager Subscribers.

C

The Cisco CallManager server is not designed to handle nonapproved third-party utilities.

A

The most automated process for installing security updates and hot fixes to the CallManager server is e-mail subscription to the Cisco CallManager Notification Tool. The updates must then be manually downloaded and installed.

A and C

The first of these scripts focuses on securing the foundation Windows 2000 operating system with security settings recommended for Cisco CallManager servers only. The second of these scripts focuses on securing the SQL communication on the server.

D

There is not even a product called WebX SecureServer.

A and B

Only virus protection software can prevent a server against virus infection. In addition, only the managed CSA version provides firewall functionality. The standalone CSA version allows all inbound network connections.