Exam Objectives Frequently Asked Questions

Previous page
Table of content
Next page

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts.

Q.

 

Being the administrator of a large Windows 2000 Server-based network, I always wonder if my systems are safe. I have a firewall implemented, so I know I am safe from the outside world, but am I safe on the inside of my network? How do I know?
A.  Exactly-you don't know if you are safe or not, so you must do some analysis. First, because you have a firewall implemented means only that your Internet or WAN connection is somewhat safe from exploitation, but because this is the only security you have implemented, you are not using defense in depth, which allows you to have multiple layers of security. Furthermore, you need to set up auditing on your systems. Doing so will clue you in to some of the activities, good and bad, that are occuring on your systems.

Q.

 

I need to parse my Event Logs. I would like to parse my default Event Viewer logs (Security, Application, and System) as well as my DNS Logs. I have the Dumpel.exe command-line tool, but I can't seem to get it to work right. What am I doing wrong?
A.  The only thing you are doing wrong is trying to get the DNS Log with a tool that will only parse the Security, Application, and System Logs. You might want to use the EventCombMT tool instead. It will do all the logs you need to parse.

Q.

 

When performing an audit, I would like to log when someone on a server uses the command prompt program successfully. This is known as cmd.exe. How would I audit this event and get it to show up in the Event Viewer Security Log?

A.  You need to audit process tracking. Process-tracking events provide you with detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. If you turn on success-based auditing for process tracking, when someone uses the command prompt you will get an event in the Event Viewer Security Log.

Q.

 

I would like to audit IIS. I have set up logging, but I am not sure where I need to get the information to log to. I would like to have it saved on the local machine as a text-based log file. Which logging activity should I select?

A.  Make sure you select W3C Extended logging so that you can look in the %WinDir%\System32\Logfiles folder and find your logs to analyze.


Previous page
Table of content
Next page
MCSE. MCSA Implementing & Administering Security in a Windows 2000 Network Study Guide Exam 70-214
MCSE/MCSA Implementing and Administering Security in a Windows 2000 Network: Study Guide and DVD Training System (Exam 70-214)
ISBN: 1931836841
EAN: 2147483647
Year: 2003
Pages: 162
Authors: Will Schmied, Thomas W. Shinder
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Agile Project Management: Creating Innovative Products (2nd Edition)
SQL Tips & Techniques (Miscellaneous)
Java for RPG Programmers, 2nd Edition
Twisted Network Programming Essentials
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy