| < Day Day Up > |
|
1. | You are in the process of planning the development of a security template that will be applied to the 35 domain controllers that are used to support your organization’s nationwide domain. All domain controllers run Windows Server 2003, Standard Edition. Your company has 15 branch sites, each with two domain controllers for the purpose of redundancy. Your headquarters site hosts five domain controllers to cope with the increased load in addition to roles such as schema master and global catalog server. Out of the 15 branch sites, the largest eight also have one of their domain controllers serving the global catalog server role. Each of the domain controllers is also able to respond to host name lookup requests in addition to processing host name updates. Which of the following system services can be disabled in the security template to be applied to the organization’s 35 domain controllers?
|
|
2. | You are planning a security template that is to be applied to an organizational unit that hosts a group of computers running Windows Server 2003 on which Exchange Server 2003 is to be installed. Your domain is running at the Windows Server 2003 functional level. You need to ensure that Exchange Server 2003 can be installed when the security template is imported to a GPO that is applied to the OU that holds the member systems running Windows Server 2003. Which of the following services do you need to enable in the security template? (Select all that apply.)
|
|
3. | Rooslan is planning a security template for several domain controllers in his organization, Tailspin Toys. Rooslan has a set of goals that the security template he is planning must meet. These goals are divided into primary and secondary goals, and are as follows: Primary Goal: Allow members of the Backup Operators group to log on by means of Terminal Services to restore files and directories on the domain controllers. Secondary Goal 1: Allow only members of the Administrators and Server Operators groups to shut down the domain controller. Secondary Goal 2: Ensure that the next time a user changes his or her password, the domain controller does not store the LAN Manager hash value for the new password. Using the Security Templates add-in on a custom MMC, Rooslan configures the following policies in a new security template called RooslanDC: Allow log on through Terminal Services: Administrators, Backup Operators Enable computer and user accounts to be trusted for delegation: Administrators Restore files and directories: Administrators, Server Operators Shut down the system: Administrators, Server Operators, Backup Operators Network security: Do not store LAN Manager hash value on next password change When the RooslanDC template is imported into the default domain controllers GPO, which of Rooslan’s primary and secondary goals will be met?
|
|
4. | You are planning a security template for an Internet Authentication Service (IAS) server that is to be located on your company’s perimeter network (also known as DMZ, demilitarized zone, and screened subnet) LAN. Users will authenticate against the server with their domain accounts. The internal firewall has been configured to allow necessary traffic between the IAS server and the organization’s domain controllers. At present, you are considering which services the template should start automatically. The template will be configured so that all services that are not critical to the function of the IAS server will be disabled. Which of the following services is critical for the function of an IAS server? (Select all that apply.)
|
|
5. | You are configuring a baseline security policy for two computers running Windows Server 2003 that run Internet Information Services (IIS). The servers are used to display sensitive information to authenticated users via a secure HTTP connection. You are deciding which services should be disabled on the server in the security template that will eventually be imported into the Group Policy that is applied to the OU in which the servers reside. Which of the following services should not be disabled on these two particular servers? (Select all that apply.)
|
|
Answers
1. | Correct Answers: D
|
2. | Correct Answers: A, B, and E
|
3. | Correct Answers: E
|
4. | Correct Answers: D and E
|
5. | Correct Answers: A, B, and E
|
| < Day Day Up > |
|