Objective 1.3 Questions

 < Day Day Up > 



1. 

You have received a security template from your organization’s security administrator. It defines a password policy and an account lockout policy for all users in the domain. The password policy enforces a maximum password age of 21 days and a minimum password age of 7 days, and the password complexity requirements are enforced. The account lockout duration is set to 60 minutes, and the account lockout threshold is set to 5 invalid logon attempts. Which of the following methods describes the best way to deploy this security template?

  1. Edit the Default Domain Controller Policy and import the new security template.

  2. Create a new GPO. Import the new security template. Apply the GPO to the Users container in Active Directory Users and Computers.

  3. Create a new GPO. Import the new security template. Apply the GPO to the EVERYONE group in Active Directory Users and Computers.

  4. Create a new GPO. Import the new security template. Apply the GPO to the Computers container in Active Directory Users and Computers.

 correct answers: a a. correct account lockout and password policies must be applied at the domain level. this is best done by importing the security template into the default domain gpo. importing this template into the default domain controller policy will have no influence on the password and account lockout policies for users in the domain. b. incorrect group policy objects cannot be applied to the users container in active directory users and computers. account lockout and password policies must be applied at the domain level. this is best done by importing the security template into the default domain gpo. c. incorrect group policy objects cannot be applied to security groups. d. incorrect group policy objects cannot be applied to the computers container in active directory users and computers. account lockout and password policies must be applied at the domain level. this is best done by importing the security template into the default domain gpo.

2. 

Tailspin Toys has a forest made up of the following six domains:

tailspintoys.com

tonga.tailspintoys.com

djibouti.tailspintoys.com

suriname.tailspintoys.com

botswana.tailspintoys.com

bhutan.tailspintoys.com

Tailspintoys.com is the root domain. Each of the other five domains is a child domain of the root domain. The administrative team that oversees security for Tailspin Toys has created a security template for the organization’s 30 computers that run Exchange Server 2003. There are five computers that run Exchange Server 2003 in each domain. Which of the following represents a method of deploying these security templates to each computer running Exchange Server 2003 in the forest while not assigning the security template to computers that do not run Exchange?

  1. Import the security template into the default domain GPO in the forest root domain.

  2. Create a universal group named EXCH2K3 and add the computer accounts of all 30 computers running Exchange Server 2003 to this group. Import the security template into the default domain GPO in the forest root domain, and edit the security options of the GPO so that only the EXCH2K3 group is within the GPO’s scope.

  3. In the forest root domain, create an organizational unit called EXSRV2003. Create a copy of each of the computer accounts for the 30 computers running Exchange Server 2003, and place them in this OU. Create a GPO and link it to the EXSRV2003 OU. Import the security template for the computers running Exchange Server 2003 into this GPO.

  4. In each domain, create an organizational unit called EXSRV2003. Place the computer accounts of each domain’s computers that run Exchange Server 2003 in the EXCHSRV2003 OU for that domain. Create a GPO in the forest root domain and import the settings from the security template. Apply the GPO in the forest root domain to the EXSRV2003 organizational units in each of the domains.

 correct answers: d a. incorrect this will apply the security template settings to all computers in the forest root domain. it will not discriminate between computers running exchange server 2003 and other computers. the exchange servers in the child domains will not receive the security settings. b. incorrect this will apply the security settings only to the computers running exchange server 2003 that are located in the forest root domain. c. incorrect this will not achieve the goal of ensuring that all computers running exchange server 2003 in the domain have the requisite security settings. d. correct although it might be simpler to create a gpo in each domain, import the settings from the security template, and then apply that gpo to an ou containing the computers in that domain that run exchange server 2003, gpos that are located in one domain in a windows server 2003 functional level forest can be applied to organizational units in another domain.

3. 

Site A has a GPO applied that has had a security template with the following settings imported:

Maximum system log size: 16,384 kilobytes

Retain system log: 7 days

Retention method for system log: Overwrite events as needed

Site B has a GPO applied that has had a security template with the following settings imported:

Maximum system log size: 32,768 kilobytes

Retain system log: 14 days

Retention method for system log: Overwrite events by days

Site A includes computers on the following subnet: 10.10.10.64 /26

Site B includes computers on the following subnet: 10.10.10.0 /26

Which of the following statements are true, assuming that no other Group Policy objects have been applied throughout the organization? (Select all that apply.)

  1. A computer that has the IP address 10.10.10.31 will retain its system log for 7 days.

  2. A computer that has the IP address 10.10.10.70 will retain its system log for 7 days.

  3. A computer that has the IP address 10.10.10.24 will have a maximum system log size of 16,384 kilobytes.

  4. A computer that has the IP address 10.10.10.93 will have a maximum system log size of 32,768 kilobytes.

  5. A computer that has the IP address 10.10.10.11 will have the retention method for system log set as “Overwrite events by days.”

 correct answers: b and e a. incorrect computers at site b will retain their system logs for 14 days. b. correct computers at site a will retain their system logs for 7 days. c. incorrect computers at site b will have a maximum system log size of 32,768 kilobytes. d. incorrect computers at site a will have a maximum system log size of 16,384 kilobytes. e. correct computers at site b will have the retention method for system log set to overwrite events by days.

4. 

You are the systems administrator for Tailspin Toys. Your company has five branch locations and a main office location. You have three separate security templates that need to be applied. The first template needs to be applied to half of the computers at the main office and all of the computers at the first branch office. The second template needs to be applied to the second, third, and fourth branch offices. The third template needs to be applied to computers at the fifth branch office and to the other half of the computers at the main office (the ones that do not have the first template applied). Tailspin Toys has a single domain running at the Windows Server 2003 functional level. At present, there are no Group Policy objects applied in the domain other than the Default Domain Group Policy, which has default settings. Which of the following methods will allow you to deploy these security templates throughout the Tailspin Toys organization? (Select two answers. Each forms a part of the solution.)

  1. Create two organizational units, and put the computers that require the first template to be applied into the first main office OU and the computers that require the third template to be applied into the second main office OU. Edit the properties of each OU and create a new GPO. Edit each of these GPOs, import the first security template into the GPO applied to the first main office OU, and import the third security template into the GPO applied to the second main office OU.

  2. Create two organizational units, and put the computers that require the first template to be applied into the first main office OU and the computers that require the third template to be applied into the second main office OU. Edit the properties of each OU and create a new GPO. Edit each of these GPOs, import the first security template into the GPO applied to the first main office OU, and import the second security template into the GPO applied to the second main office OU.

  3. Create a GPO, import the third security template, and apply it to the site that represents the first branch office. Create a second GPO, import the second security template, and apply it to the sites that represent the second, third, and fourth branch offices. Create a third GPO, import the first security template, and apply it to the site that represents the fifth branch office.

  4. Create a GPO, import the second security template, and apply it to the site that represents the first branch office. Create a second GPO, import the first security template, and apply it to the sites that represent the second, third, and fourth branch offices. Create a third GPO, import the third security template, and apply it to the site that represents the fifth branch office.

  5. Create a GPO, import the first security template, and apply it to the site that represents the first branch office. Create a second GPO, import the second security template, and apply it to the sites that represent the second, third, and fourth branch offices. Create a third GPO, import the third security template, and apply it to the site that represents the fifth branch office.

 correct answers: a and e a. correct this forms the first part of the solution. if you perform these steps, all of the computers located at the main office will have the correct security settings applied. b. incorrect this answer is incorrect because the second main office ou has the security settings from the second security template rather those of than the third security template, as specified in the question statement. c. incorrect this answer applies the wrong security template to the first and fifth branch offices. d. incorrect this answer applies the wrong security templates to the wrong site. the second, third, and fourth branch offices need the second security template and the first branch office needs the first security template. e. correct this forms the second part of the answer and takes care of all of the branch office sites. it would also be possible to apply the gpo already applied to the first main office ou to computers in the first branch site rather than creating a new gpo. the same applies for the gpo already applied to the second main office ou and the fifth branch office.

5. 

You have three security templates with the following settings:

Template One:

Audit process tracking: Success

Audit system events: Success

Audit policy change: Success

Template Two:

Audit account logon events: Success

Audit account management: Success

Audit directory service access: Success

Template Three:

Audit privilege use: Success

Audit logon events: Success

Audit object access: Success

In your Windows Server 2003 domain, you have an organizational unit named DEVELOPERS. There are also three sites: Headquarters, Waverley, and Volgograd. You have the following goals:

Primary Goal: Audit account logon events for all computers in the domain.

First Secondary Goal: Audit object access and account management at the Waverley site.

Second Secondary Goal: Audit privilege use and directory service access at the Volgograd site.

You perform the following actions:

Create a GPO, import the Template Two security template, and apply this GPO to the domain. Create a second GPO, import the Template One security template, and apply this GPO to the Waverley site. Finally, create a third GPO, import the Template Three security template, and apply this GPO to the Volgograd site. No other GPOs influence the computers on the network. Which of your goals have you achieved?

  1. The primary and both secondary goals have been achieved.

  2. The primary goal and one secondary goal have been achieved.

  3. The primary goal has been achieved. No secondary goals have been achieved.

  4. The primary goal has not been achieved. Both secondary goals have been achieved.

  5. None of the goals have been achieved.

 correct answers: b a. incorrect the first secondary goal has not been achieved. b. correct the primary goal is achieved by importing the template two security template and applying this template to the domain. part of the second secondary goal is achieved by importing the template three security template and applying this gpo to the volgograd site. because directory service access is already being audited across the domain (because of template two) the second part of the second secondary goal is also achieved. the first secondary goal has not been achieved. c. incorrect the primary goal is achieved by importing the template two security template and applying this template to the domain. part of the second secondary goal is achieved by importing the template three security template and applying this gpo to the volgograd site. because directory service access is already being audited across the domain (because of template two) the second part of the second secondary goal is also achieved. the first secondary goal has not been achieved. d. incorrect the primary goal is achieved by importing the template two security template and applying this template to the domain. part of the second secondary goal is achieved by importing the template three security template and applying this gpo to the volgograd site. because directory service access is already being audited across the domain (because of template two) the second part of the second secondary goal is also achieved. the first secondary goal has not been achieved. e. incorrect the primary goal is achieved by importing the template two security template and applying this template to the domain. part of the second secondary goal is achieved by importing the template three security template and applying this gpo to the volgograd site. because directory service access is being audited already across the domain (because of template two) the second part of the second secondary goal is also achieved. the first secondary goal has not been achieved.

Answers

1. 

Correct Answers: A

  1. Correct Account lockout and password policies must be applied at the domain level. This is best done by importing the security template into the Default Domain GPO. Importing this template into the Default Domain Controller policy will have no influence on the password and account lockout policies for users in the domain.

  2. Incorrect Group Policy objects cannot be applied to the Users container in Active Directory Users and Computers. Account lockout and password policies must be applied at the domain level. This is best done by importing the security template into the Default Domain GPO.

  3. Incorrect Group Policy objects cannot be applied to security groups.

  4. Incorrect Group Policy objects cannot be applied to the Computers container in Active Directory Users and Computers. Account lockout and password policies must be applied at the domain level. This is best done by importing the security template into the Default Domain GPO.

2. 

Correct Answers: D

  1. Incorrect This will apply the security template settings to all computers in the forest root domain. It will not discriminate between computers running Exchange Server 2003 and other computers. The Exchange Servers in the child domains will not receive the security settings.

  2. Incorrect This will apply the security settings only to the computers running Exchange Server 2003 that are located in the forest root domain.

  3. Incorrect This will not achieve the goal of ensuring that all computers running Exchange Server 2003 in the domain have the requisite security settings.

  4. Correct Although it might be simpler to create a GPO in each domain, import the settings from the security template, and then apply that GPO to an OU containing the computers in that domain that run Exchange Server 2003, GPOs that are located in one domain in a Windows Server 2003 functional level forest can be applied to organizational units in another domain.

3. 

Correct Answers: B and E

  1. Incorrect Computers at site B will retain their system logs for 14 days.

  2. Correct Computers at site A will retain their system logs for 7 days.

  3. Incorrect Computers at site B will have a maximum system log size of 32,768 kilobytes.

  4. Incorrect Computers at site A will have a maximum system log size of 16,384 kilobytes.

  5. Correct Computers at site B will have the retention method for system log set to “Overwrite events by days.”

4. 

Correct Answers: A and E

  1. Correct This forms the first part of the solution. If you perform these steps, all of the computers located at the main office will have the correct security settings applied.

  2. Incorrect This answer is incorrect because the second main office OU has the security settings from the second security template rather those of than the third security template, as specified in the question statement.

  3. Incorrect This answer applies the wrong security template to the first and fifth branch offices.

  4. Incorrect This answer applies the wrong security templates to the wrong site. The second, third, and fourth branch offices need the second security template and the first branch office needs the first security template.

  5. Correct This forms the second part of the answer and takes care of all of the branch office sites. It would also be possible to apply the GPO already applied to the first main office OU to computers in the first branch site rather than creating a new GPO. The same applies for the GPO already applied to the second main office OU and the fifth branch office.

5. 

Correct Answers: B

  1. Incorrect The first secondary goal has not been achieved.

  2. Correct The primary goal is achieved by importing the Template Two security template and applying this template to the domain. Part of the second secondary goal is achieved by importing the Template Three security template and applying this GPO to the Volgograd site. Because directory service access is already being audited across the domain (because of Template Two) the second part of the second secondary goal is also achieved. The first secondary goal has not been achieved.

  3. Incorrect The primary goal is achieved by importing the Template Two security template and applying this template to the domain. Part of the second secondary goal is achieved by importing the Template Three security template and applying this GPO to the Volgograd site. Because directory service access is already being audited across the domain (because of Template Two) the second part of the second secondary goal is also achieved. The first secondary goal has not been achieved.

  4. Incorrect The primary goal is achieved by importing the Template Two security template and applying this template to the domain. Part of the second secondary goal is achieved by importing the Template Three security template and applying this GPO to the Volgograd site. Because directory service access is already being audited across the domain (because of Template Two) the second part of the second secondary goal is also achieved. The first secondary goal has not been achieved.

  5. Incorrect The primary goal is achieved by importing the Template Two security template and applying this template to the domain. Part of the second secondary goal is achieved by importing the Template Three security template and applying this GPO to the Volgograd site. Because directory service access is being audited already across the domain (because of Template Two) the second part of the second secondary goal is also achieved. The first secondary goal has not been achieved.



 < Day Day Up > 



MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net