|
|
A Quick Answer Key follows the Self Test questions. For complete questions, answers, and epxlanations to the Self Test questions in this chapter as well as the other chapters in this book, see the Self Test Appendix.
1. | Andrea is responsible for keeping 550 Windows 2000 computers up to date. She would like to determine what, if any, required updates her computers need on a weekly basis. What is the best way for her to go about performing this task with the least administrative effort?
|
|
2. | Austin is trying to run the MBSA tool on one of his member servers when he is prompted to download and install a strange file claiming to be from Microsoft. What will happen if he rejects the download request for the file MSSecureXML file?
|
|
3. | Christopher is looking for a tool that can scan all 458 of his network computers from a central location and provide a detailed report of all updates and patches that he needs to apply. He would like to perform this scan with the least amount of administrative effort. What options are available to him? (Choose all correct answers.)
|
|
4. | José is creating a script to run the HFNetChk tool on his network to scan for missing updates. What command does he need to use to allow the application to read a text file containing the IP addresses of the computers that he wants to scan?
|
|
5. | Austin has performed several scans of his network using the MBSA tool. Hannah now wants to examine the results of the scans, but she cannot do so. What is the most likely reason for this problem?
|
|
6. | Bruno is responsible for the security of the Windows 2000 computers in his organization. He has several junior administrators who work for him and apply patches and updates to computers as required. What can Bruno do to allow his junior administrators to be able to easily read the MBSA scan results that he generates on a daily basis with the least effort?
|
|
Answers
1. | þ Answer B is correct. Creating a script to run HFNetChk against her computers is the best option for Andrea in this situation. Using a command similar to hfnetchk –v –d domain_name –o tab –f hfnetchk_scan.txt, she can configure a scan of the entire network that creates a text tab-delimited output file that can be easily analyzed in Microsoft Excel or Access to determine the current update status of all her computers. She can then determine the updates that must be applied and the proper order. ý Running HFNetChk locally from each computer is most definitely not the way to accomplish this task using the least amount of administrative effort, thus Answer A is incorrect. Windows Update cannot be configured to run and produce a text file output in the way that Andrea requires, thus Answer C is incorrect. Keeping a log book of installed updates for each computer, although a good practice, is not an effective solution in this situation, thus Answer D is incorrect. |
2. | þ Answer C is correct. Without the XML file containing the list of all updates and fixes, the MBSA tool cannot run. The same holds true when you're attempting to use the HFNetChk tool. ý The MSSecureXML file is required in order for MBSA to function, thus Answers A, B, and D are all incorrect. |
3. | þ A, D. Christopher has a choice of using either (or both) the HFNetChk tool and the MBSA tool. Both will provide him with a report of the update situation on his network. The MBSA tool, however, will also provide Christopher with all sorts of other computer security-related information that he might not be looking for or be responsible for maintaining. ý Software Update Services, used with the Automatic Updates client, will install the required updates to computers and do not meet the requirements of the question, thus Answer B is incorrect. The URLScan tool is used to secure IIS servers, not for scanning computers for missing updates, thus Answer C is incorrect. |
4. | þ D. The –fip switch instructs the HFNetChk tool to read a list of IP addresses from a text file. The IP addresses in the file are those of the computers to be scanned by HFNetChk. ý The –h switch instructs HFNetChk to scan the specified NetBIOS hostname, thus Answer A is incorrect. The –i switch instructs HFNetChk to scan the specified IP address, thus Answer B is incorrect. The –fh switch instructs HFNetChk to scan the list of NetBIOS host names specified in the text file, thus Answer C is incorrect. |
5. | þ B. MBSA, by default, saves all scans in the Documents and Settings\user_name\SecurityScans folder. This is most likely the reason that Hannah cannot access the files, since they are located in Austin's private folders. Austin can allow Hannah to access the files by modifying the NTFS permissions or, alternatively, he can opt to save the scans to a more accessible location in the future. ý Membership in the Domain Admins group is not required to run the MBSA tool or view the scan results, thus Answer A is incorrect. Hannah not having an active connection to the network would certainly have an impact on her ability to access network files, but that is not as likely a scenario as a permissions problem, thus Answer C is incorrect. The use of the Kerberos protocol has nothing at all to do with using the MBSA tool or viewing the scan results, therefore Answer D is also incorrect. |
6. | þ B. The easiest thing to do, and the only thing that makes sense from a time and effort perspective, is for Bruno to simply change the location where the MBSA scan results are saved from the default location within his Documents and Settings folder. This location should be a network share that is accessible to all junior administrators. ý Having each junior administrator perform his or her own scan is a waste of time and network resources, thus Answer A is incorrect. Giving each junior administrator the required NTFS permissions for Bruno's Documents and Settings folder is not required and is dangerous, thus Answer C is incorrect. E-mailing the MBSA scan results to each junior administrator daily is again time and resource intensive, thus Answer D is also incorrect. |
7. | Lily is responsible for 20 Windows 2000 computers in her organization. All the computers are on one campus, but they are scattered among four different buildings. Lily is the only network administrator in her company. Her network is a Windows 2000 Active Directory network. What is the easiest way for Lily to keep all her clients updated with the patches and updates they need but not to allow any updates or patches to be issued until she is satisfied that they are stable?
|
|
8. | Hannah needs to locate and download applicable security updates for her network for testing in a lab environment. What are the best ways for her to get these updates as quickly as possible without downloading anything she doesn't want or installing any additional network services? (Choose all that apply.)
|
|
9. | Rick is preparing to install eight hotfixes to his file and print servers. What method should Rick use to ensure that all eight hotfixes get applied correctly and the servers have no stability or compatibility issues after he is done, using the least amount of administrative effort?
|
|
10. | Cindy is trying to install the Software Update Service on her server computer, but the installation keeps failing. What is the most likely reason for this problem?
|
|
11. | Tom has installed and configured the Automatic Updates client on his computer to download updates from an internal server named GREEN42. Automatic Updates was configured to download and install, automatically, any available updates from GREEN42 on a daily basis. After several weeks, Tom noticed that no updates have been applied to his client computer. Given what you know so far, what is the most likely reason that no updates have been received on Tom's computer?
|
|
12. | Catherine is preparing to deploy Windows 2000 Professional to 75 new workstations in her company. She knows that a new service pack has been made available for Windows 2000, but her Windows 2000 Professional Setup CD-ROM only has Service Pack 1. What is the easiest and fastest way for Catherine to get these 75 new clients installed with Windows 2000 Service Pack 3 without placing an undue strain on the network?
|
|
13. | Jon is responsible for three client computers that are not part of the corporate network. These computers have Internet connectivity through a broadband DSL connection at their remote site. What is the best way for Jon to keep these three computers up to date without having to travel to this remote location or spend unnecessary money? No users at the remote location are technically competent to perform this task for Jon.
|
|
Answers
7. | þ C. Using the Software Update Service to download updates to the local computer, Lily can examine each one for applicability (not all updates that are downloaded will be applicable to her network) and test them for stability and compatibility. When she is satisfied with an update, she can add it to the list of approved updates in SUS. Automatic Updates clients, when configured properly in Group Policy to look toward an internal Windows Update server, make available only those updates that have been placed on the approved list within SUS. ý Visiting each computer and using Windows Update would be a waste of time and network resources for Lily—especially considering that her 20 computers are spread over four different buildings, thus Answer A is incorrect. Using the Windows Update Catalog would enable Lily to selectively download the updates she wants. However, this solution provides no automatic means of update deployment and installation like that offered by the combination of SUS and Automatic Updates, thus Answer B is incorrect. Creating an integrated installation CD-ROM is a fantastic solution for deploying new clients—but not a realistic one in this case, since the computers are already in place, thus Answer D is incorrect. |
8. | þ A, C. The best way for Hannah to get the files she needs, and nothing else, without installing or configuring any additional software or services is to either visit the TechNET security page and download specific updates or to browse the Windows Update Catalog and download specific updates. ý Using Software Update Services does not satisfy the requirements of this question in that it requires a new service to be installed and configured on the network, thus Answer B is incorrect. Likewise, using Automatic Updates from the Windows Update Web servers does not satisfy the requirements of the question in that unnecessary updates are likely to be downloaded to her computers, therefore Answer D is incorrect. |
9. | þ A. Rick would be wise to use the Qchain.exe tool during the process of deploying his eight hotfixes. Only by using the Qchain.exe tool can he be assured that version conflicts and system stability issues will be avoided in most cases. ý Although manually installing each hotfix one at a time is a viable solution, it does not meet the specified criteria in that it takes far from the least amount of effort to make it happen, thus Answer B is incorrect. Installing all eight hotfixes at one time and then restarting the server is a sure recipe for disaster because version conflicts are likely to occur, therefore Answer C is incorrect. Extracting the files and copying them to the server is not a valid solution and should never be done, thus Answer D is also incorrect. |
10. | þ B. SUS cannot be installed onto a domain controller. This is the most likely reason that the installation is failing for Cindy. ý Active Directory is not required for SUS to function, although it does make configuring the Automatic Updates client behavior much easier, thus Answer A is incorrect. The type of network client does not affect the installation of the SUS service, thus Answer C is incorrect. SUS does not require Enterprise Admin credentials to install, so Answer D is not a valid answer for the problem. |
11. | þ B. The most likely cause of Tom's problem is that he either does not have or does not have correctly configured an SUS server named GREEN42 on his network. If the server GREEN42 does actually exist and has been configured with SUS, it is likely that GREEN42 has not yet been configured for synchronization with the Windows Update servers—thus no updates are available for download and installation onto Tom's client computer. ý Tom turning his off during the update period is possible, but nothing was mentioned about this in the question, thus Answer A is not correct. There is no supplemental End User License Agreement to accept for Automatic Updates on the client computer, thus Answer C is incorrect. The licensing status of Tom's copy of Windows 2000 is not an issue in regard to Automatic Updates (although the Business Software Alliance might be paying him a visit if it's unlicensed), thus Answer D is not correct. |
12. | þ B. Creating a slipstreamed installation source and then turning that into a CD-based RIS image for deployment using the Remote Installation Service is by far the best option of any presented. ý Although she can manually install Windows 2000 and then install Service Pack 3 after that, this process is too time consuming and does not satisfy the criterion for fastest method, thus Answer A is incorrect. Deploying Windows 2000 Professional Service Pack 1 via RIS and then following up with a Group Policy-based update to Service Pack 3 is a waste of both time and network resources, thus Answer C is incorrect. Creating a slipstreamed Service Pack 3 CD-ROM and manually installing Windows 2000 Professional Service Pack 3 on her 75 computers is also too time consuming and thus does not meet the specified criteria for the question, thus Answer D is incorrect. |
13. | þ B. By allowing Automatic Updates to download and install updates from the Windows Update Web servers, Jon can be assured that his remote clients are getting the updates they require. ý Traveling to this location is a solution, but an unacceptable one, thus Answer A is incorrect. Making an FTP connection to the computers is not a viable solution; HFNetChk cannot be run via FTP, thus Answer C is incorrect. Leasing a WAN link for these three computers is not economically feasible, thus Answer D is incorrect. |
14. | You are the network administrator of a medium-sized regional organization that has one central office and six field offices spread out over several states. A user in each field office is performing most of the local administrative functions for you, although these users are not as knowledgeable as you would like them to be and sometimes cause problems that you must correct yourself. Yesterday, one of your "assistant administrators" applied several hotfixes to a Windows 2000 server computer in his office. Today you received a phone call from this "assistant administrator" informing you that the power failed in that location overnight and now the Windows 2000 server will not start properly. What do you suspect is the cause of this problem?
|
|
15. | Dom, your assistant administrator, has been in the office all night applying hotfixes to your production servers. Now when he restarts them, they all fail to start properly. You quickly determine that the cause of the problem was his lack of using the Qchain utility. Now you have a problem to deal with. Which of the following documents should you consider using at this point?
|
|
Answers
14. | þ B. The most likely scenario here is that the user who applied the hotfixes applied them all, one after another, without a restart following each one. It's also safe to assume that Qchain was not used. ý Although the server itself could have sustained damage when the power failed, it's not nearly as likely as the issue of hotfixes being applied incorrectly and causing file version conflicts problems, thus Answer A is incorrect. The server might very well have been attacked overnight, but we won't know that until a detailed analysis of it can be made. Again, the most likely reason for this problem is that the hotfixes were not applied correctly, thus Answer C is incorrect. Use of the HFNetChk tool to determine which hotfixes were required would probably not have prevented this issue, thus Answer D is also incorrect. |
15. | þ C. You are now in a disaster recovery situation. Your production servers are down and cannot be successfully restarted—you have no choice but to perform a restoration off the most recent set of backup media. ý The AUP is a document that details what users are and are not allowed to do on the network, such as not downloading MP3s or not running file-sharing programs such as LimeWire, thus Answer A is incorrect. The server update plan is the document that could have helped Dom prevent this situation had he been using it properly, thus Answer B is incorrect. The Windows 2000 Resource Kit is an invaluable asset to any Windows 2000 network administrator and you might very well end up using it, but what you really need right now is your disaster recovery plan, thus Answer D is also incorrect. |
|
|