Objective 2.2 Questions

 < Day Day Up > 



1. 

You are in charge of application and server support at a large multinational company named Contoso, Ltd., which is made up of two divisions. Within those divisions are two distinct network environments that you need to deal with. Division one is made up of a Windows 2000 Server native mode domain. Clients in division two all use Windows 2000 Professional and Microsoft Office 2000. Division two is made up of a Windows 2000 mixed-mode domain, with workstations running Windows NT 4.0 and Office 97. The workstations running Windows NT 4.0 have Internet Explorer 5.01 installed. Division two also hosts a server running Exchange 5.5 and computer running SQL Server 6.5. Each division has its own Systems Management Server (SMS). The SMS 2.0 servers have the MBSA-enabled Software Update Services Feature Pack installed. The feature pack is used to automatically scan each division’s workstations and servers to generate a report from which you can deploy appropriate updates to each division’s systems. Which of the following Microsoft products on your network is not supported by the MBSA-enabled SMS 2.0 Software Update Services Feature Pack? (Select all that apply.)

  1. Exchange 5.5

  2. Office 2000

  3. Windows NT 4.0 Workstation

  4. Office 97

  5. Internet Explorer 5.01

  6. SQL Server 6.5

 correct answers: d and f a. incorrect exchange server 5.5 is supported by the mbsa technology in the software update services feature pack. appropriate updates can be deployed by using sms. b. incorrect office 2000 is supported by the mbsa technology in the software update services feature pack. appropriate updates can be deployed by using sms. c. incorrect windows nt 4.0 is supported by the mbsa technology in the software update services feature pack. appropriate updates can be deployed by using sms. d. correct office 97 is not supported by the mbsa tool and in turn is not supported by the software update services feature pack for sms 2.0. the best option in this case would to be to upgrade office 97 to office 2000, which can still be run on a workstation running windows nt 4.0. e. incorrect internet explorer 5.01 is supported by the mbsa technology in the software update services feature pack. appropriate updates can be deployed by using sms. f. correct sql server 6.5 is not supported by the mbsa tool and in turn is not supported by the software update services feature pack for sms 2.0. although it would perhaps be somewhat arduous, migrating to sql server 7.0, or even sql server 2000, should be open to consideration for security reasons.

2. 

Leo is preparing to run the MBSA 1.1.1 command-line tool against six computers running Windows Server 2003 on his network. The network can be seen in the figure below.

click to expand

Leo’s workstation, which runs Windows XP, is a member of the contoso.com domain. Servers One, Two, and Four are members of the contoso.com domain. Servers Three, Five, and Six are standalone servers. Leo’s account is a member of the Domain Administrators group for the contoso.com domain. Ports 80, 139, and 445 are open between the internal LAN and the perimeter network (also known as DMZ) LAN. Port 80 is open between the perimeter network LAN and the Internet. HTTP traffic can traverse both firewalls without passing through a proxy from Leo’s workstation. Which of the computers running Windows Server 2003 will Leo be able to successfully check with the MBSA command-line tool? (Select all that apply.)

  1. Server One

  2. Server Two

  3. Server Three

  4. Server Four

  5. Server Five

  6. Server Six

 correct answers: a, b, and d a. correct server one is a member of the domain, which means that leo s account has local administrator access. local administrator access is required for the mbsa tool to work. http access to the internet means that the windows update servers can be contacted by the tool. b. correct server two is a member of the domain, which means that leo s account has local administrator access. local administrator access is required for the mbsa tool to work. http access to the internet means that the windows update servers can be contacted by the tool. c. incorrect server three is a standalone system. the mbsa command-line tool has no provision to authenticate against a remotely scanned system that is not a member of the domain. because no remote authentication against a standalone system can occur, this system cannot be scanned. the mbsa tool must be run locally on this system by an account that has local administrator rights. d. correct server four is a member of the domain, which means that leo s account has local administrator access. local administrator access is required for the mbsa tool to work. the correct ports are open on the internal firewall for this check to occur. http access to the internet means that the windows update servers can be contacted by the tool. e. incorrect server five is a standalone system. the mbsa command-line tool has no provision to authenticate against a remotely scanned system that is not a member of the domain. because no remote authentication against a standalone system can occur, this system cannot be scanned. the mbsa tool must be run locally on this system by an account that has local administrator rights. f. incorrect server six is a standalone system. the mbsa command-line tool has no provision to authenticate against a remotely scanned system that is not a member of the domain. because no remote authentication against a standalone system can occur, this system cannot be scanned. the mbsa tool must be run locally on this system by an account that has local administrator rights.

3. 

Rooslan is the systems administrator of the Tailspintoys.com network. Tailspin Toys has a single network with two firewalls and a perimeter network LAN. Located on the perimeter network LAN is a proxy server that users authenticate against with their domain accounts to gain access to the World Wide Web. Located on the internal LAN is a Windows Server 2003 member server running Software Update Services (SUS). The figure below provides a view of the network.

click to expand

Rooslan wants to scan all of the computers running Windows Server 2003, including server two and server three on his network. Both server two and server three are members of the domain, but they are not currently configured to use the SUS server also located on the internal network. Rooslan’s user account is a member of the domain administrators group. Which of the following statements about this situation is true? (Select all that apply.)

  1. Rooslan will be able to run the MBSA tool, using the Windows Update servers to provide him with the hotfix checklist, against both server two and server three without any extra configuration.

  2. Rooslan will be able to run the MBSA tool and have it use the list of approved hotfixes stored on the SUS server against both server two and server three.

  3. Rooslan can run the MBSA tool locally on server two and server three using the Windows Update servers to provide the hotfix checklist.

  4. Rooslan can run the MBSA tool locally on server two and server three using the SUS server to provide the hotfix checklist.

  5. Rooslan can configure both server two and server three to be clients of the SUS server. He can then run the MBSA tool against these two servers from his workstation.

 correct answers: b, d, and e a. incorrect the mbsa tool cannot authenticate against a proxy server. the mbsa tool either requires direct http access to the internet or for the administrator to download and install the mssecure.cab file from the microsoft web site. b. correct even though server two and server three are not currently configured as clients of the sus server, the mbsa tool can be configured to run against the sus server. it is beneficial that a proxy server is in use in this situation because sus can be configured to communicate by a proxy, whereas the mbsa tool cannot authenticate against a proxy and hence cannot contact the windows update servers. c. incorrect the mbsa tool cannot authenticate against a proxy server. the mbsa tool either requires direct http access to the internet or for the administrator to download and install the mssecure.cab file from the microsoft web site. d. correct even though server two and server three are not currently configured as clients of the sus server, the mbsa tool can be configured to run against the sus server. it is beneficial that a proxy server is in use in this situation because sus can be configured to communicate by a proxy, whereas the mbsa tool cannot authenticate against a proxy and hence cannot contact the windows update servers. e. correct when the mbsa tool is run against a remote server, and that remote server is an sus client, the mbsa tool retrieves the location of the sus server and uses the checklist located there rather than downloading it from the windows update servers.

4. 

You have a single Windows Server 2003 domain running in native mode. You are responsible for making sure that 500 computers running Windows XP Professional and 20 computers running Windows Server 2003 are kept up to date with the latest security hotfixes from Microsoft. All of these systems are members of the domain. Currently all HTTP traffic at your company must go through a proxy server. All non-proxy HTTP traffic is blocked at the firewall. Your user account is a member of the Domain Administrators group. You want to use the MBSA tool to check which systems on the network require that hotfixes be installed. Which of the following actions could you take to allow this to happen? (Select all that apply.)

  1. No extra action needs to be taken to get the MBSA tool to work.

  2. Download and install the mssecure.cab file from the Microsoft Web site on the workstation in which you have installed MBSA.

  3. Download the mssecure.cab file from the Microsoft Web site. Use Group Policy to deploy this file to each of the systems that you will be scanning remotely.

  4. Configure a Windows Server 2003 member system on the network as an SUS server. Approve a list of hotfixes and then run the MBSA tool on your workstation, pointing it at the new SUS server to get its hotfix checklist.

 correct answers: b and d a. incorrect in the current network s configuration, there is no way for the mbsa tool to get access to a hotfix checklist. to get access to such a checklist, either http access needs to be granted through the firewall to your workstation, an sus server that can generate its own hotfix file needs to be set up, or the mssecure.cab file needs to be downloaded from the microsoft web site and installed manually. b. correct the mssecure.cab file can be downloaded manually and used as a hotfix checklist. the hotfix checklist is necessary for the mbsa to run and to generate a list of patches that need to be installed. c. incorrect although access to the mssecure.cab file is necessary, because it contains the hotfix checklist, it needs to only be installed on the scanning computer. installing it on the remotely scanned computer will not help in any way. d. correct although the mbsa tool cannot authenticate against a proxy, at least as of version 1.1.1, which is the version in use when the 70-299 exam was written, sus can. this means that sus can be used to build a hotfix checklist that the mbsa tool can then use to check other systems on the network.

5. 

You are configuring a security template for a group of computers running Windows Server 2003 that are located in the MemberServer OU on your network. You will be regularly using the MBSA tool to remotely check which hotfixes, if any, are to be installed on these servers. Which of the following services must you not disable in the security template on the computers running Windows Server 2003 if they are to be remotely checked by using the MBSA? (Select all that apply.)

  1. Server service

  2. Workstation service

  3. Remote Registry service

  4. File and Print Sharing

  5. Client for Microsoft Networks

 correct answers: a, c, and d a. correct the server service must be enabled on the target system for the mbsa tool to be able to check which hotfixes need to be installed. b. incorrect the workstation service does not need to be installed on the target system, though it does need to be installed on the system running the mbsa scan. c. correct the remote registry service must be enabled on the target system for the mbsa tool to be able to check which hotfixes need to be installed. d. correct the file and print sharing service must be enabled on the target system for the mbsa tool to be able to check which hotfixes need to be installed. e. incorrect client for microsoft networks is only required on the scanning computer. this service is not required on the target computer.

6. 

You have a computer running Windows XP Professional on which you have installed the MBSA tool. You want to run the MBSA tool against a four-node active/passive cluster of computers running Windows Server 2003 and IIS on your company’s perimeter network LAN. Which of the following conditions need to be met before you will be able to check which hotfixes need to be installed on the servers making up the cluster? (Select all that apply.)

  1. You must install the cluster service on the computer running Windows XP Professional.

  2. You must install the IIS common files on the computer running Windows XP Professional.

  3. That the Windows Server 2003 cluster running IIS be a member of the domain in which your user account can be assigned local administrator privileges, or a domain that is trusted by that domain.

  4. That your workstation have direct HTTP access to an SUS server, that your workstation have direct HTTP access to the Windows Update servers, or that the mssecure.cab file be downloaded and installed on your workstation.

  5. That your user account be a member of the power users group on the Active nodes of the Windows Server 2003 IIS cluster.

 correct answers: b, c, and d a. incorrect the cluster service cannot be installed on a computer running windows xp professional, nor is the cluster service required to successfully run the mbsa tool against a remote windows server 2003 iis cluster. b. correct if you are going to be using the mbsa tool to analyze a system running iis, the scanning system must have the iis common files installed so that it can work with the remote system s metabase. c. correct the mbsa tool has no ability to authenticate against systems that are not members of the domain or trusted domains. your user account must have local administrator privileges on both the scanning and the scanned systems. d. correct your workstation must be able to locate the hotfix checklist. this can be done in one of three ways: downloading the checklist manually from microsoft, using a generated checklist on a local sus server, or by a direct http connection from your workstation to the windows update servers. e. incorrect to run mbsa correctly, your user account will need to be a member of the local administrators group on the windows server 2003 iis cluster. being a member of the power users group is irrelevant as to whether or not the mbsa tool will be able to scan a remote system.

7. 

You are scanning a computer running Windows XP Professional that is connected to the Internet by a cable modem. The system is currently configured with two network cards. This allows you to implement Internet Connection Sharing so that other computers on your home network are able to access the Internet through the computer running Windows XP Professional. You have configured the Internet Connection Firewall on the network card connected to the firewall. You have downloaded and installed the MBSA tool. You are logged on with an account with local administrator access. You run a scan against your local computer with the default options. Which of the following checks will be made against your system? (Select all that apply.)

  1. Local Account Password Test

  2. Restrict Anonymous

  3. Internet Connection Firewall

  4. Remote Desktop

  5. ICS Authentication

 correct answers: a and b a. correct local account password test will check if any accounts on the local system have simple or blank passwords. b. correct restrict anonymous checks that the workstation is correctly locked down against anonymous access. c. incorrect this check is not performed by the mbsa tool. d. incorrect there is no test to ascertain whether the remote desktop will accept connections. e. incorrect ics doesn t authenticate. there is also no ics authentication test in the mbsa tool.

8. 

Parsons is responsible for performing a security audit on four computers running Windows Server. Parsons’ account is a member of the Domain Administrators group. The first system is a Windows Server 2003 domain controller. The second is a Windows Server 2003 member server running SQL Server 2000. The third system is a standalone computer running Windows Server 2003 Web Server Edition. This server is located on the company perimeter network. The fourth system is a standalone server running Windows 2000, Host Integration Server, and Services for Unix 3.0, and is located on the internal LAN. All traffic to the Internet must go through a proxy server on the perimeter network that requires authentication. Parsons also has access to an SUS server running on a standalone computer that runs Windows Server 2003.

Parsons has the following goals:

Primary Goal: Develop a customized list of approved and tested patches that can be rolled out to all four computers running Windows Server 2003.

Secondary Goal 1: Ensure that a list is generated for patches that need to be applied to each specific computer that runs Windows Server 2003.

Secondary Goal 2: Patch all computers running Windows Server 2003 so that they are up to date.

Parsons does the following:

He generates a list of approved patches and updates on the SUS server. From a computer running Windows XP Professional, he runs a remote scan with the default options on the first and second Windows Server 2003–based computers. He uses the SUS server to provide mssecure.cab. Using the Remote Desktop client, he logs in to the third server with an Administrator account, downloads the MBSA tool, and runs it from the command line with the default options on the local server. Which of the goals has Parsons met? (Select one.)

  1. Parsons has met his primary and all of his secondary goals.

  2. Parsons has met his primary goal and one of his secondary goals.

  3. Parsons has met his primary goal but none of his secondary goals.

  4. Parsons has not met his primary goal but has achieved both of his secondary goals.

  5. Parsons has not achieved any of his goals.

 correct answers: b a. incorrect parsons has met his primary goal by generating a list of approved patches on the sus server. creating this list will generate a custom mssecure.cab file that will be used to check against the other servers that parsons is responsible for. parsons has met his first secondary goal: the scan will generate the requisite reports. he can remote scan the member servers, but he must locally scan the standalone system. parsons does not meet his second secondary goal. at no point are the computers running windows server 2003 patched. this can be done by forcing them to use the sus server or by deploying patches by the sus server. b. correct parsons has met his primary goal by generating a list of approved patches on the sus server. creating this list will generate a custom mssecure.cab file which will be used to check against the other servers that parsons is responsible for. parsons has met his first secondary goal: the scan will generate the requisite reports. he can remote scan the member servers, but he must locally scan the standalone system. parsons does not meet his second secondary goal. at no point are the windows server 2003 systems patched. this can be done by forcing them to use the sus server or by deploying patches by the sus server. c. incorrect parsons has met his primary goal by generating a list of approved patches on the sus server. creating this list will generate a custom mssecure.cab file that will be used to check against the other servers that parsons is responsible for. the fourth server runs windows 2000 and hence is not included in any goal listed in the question. parsons has met his first secondary goal: the scan will generate the requisite reports. he can remote scan the member servers, but he must locally scan the standalone system. parsons does not meet his second secondary goal. at no point are the computers running windows server 2003 patched. this can be done by forcing them to use the sus server or by deploying patches by the sus server. d. incorrect parsons has met his primary goal by generating a list of approved patches on the sus server. creating this list will generate a custom mssecure.cab file that will be used to check against the other servers that parsons is responsible for. the fourth server runs windows 2000 and hence is not included in any goal listed in the question. parsons has met his first secondary goal: the scan will generate the requisite reports. he can remote scan the member servers, but he must locally scan the standalone system. parsons does not meet his second secondary goal. at no point are the computers running windows server 2003 patched. this can be done by forcing them to use the sus server or by deploying patches by the sus server. e. incorrect parsons has met his primary goal by generating a list of approved patches on the sus server. creating this list will generate a custom mssecure.cab file that will be used to check against the other servers that parsons is responsible for. the fourth server runs windows 2000 and hence is not included in any goal listed in the question. parsons has met his first secondary goal: the scan will generate the requisite reports. he can remote scan the member servers, but he must locally scan the standalone system. parsons does not meet his second secondary goal. at no point are the computers running windows server 2003 patched. this can be done by forcing them to use the sus server or by deploying patches by the sus server.

Answers

1. 

Correct Answers: D and F

  1. Incorrect Exchange Server 5.5 is supported by the MBSA technology in the Software Update Services Feature pack. Appropriate updates can be deployed by using SMS.

  2. Incorrect Office 2000 is supported by the MBSA technology in the Software Update Services Feature pack. Appropriate updates can be deployed by using SMS.

  3. Incorrect Windows NT 4.0 is supported by the MBSA technology in the Software Update Services Feature pack. Appropriate updates can be deployed by using SMS.

  4. Correct Office 97 is not supported by the MBSA tool and in turn is not supported by the Software Update Services Feature Pack for SMS 2.0. The best option in this case would to be to upgrade Office 97 to Office 2000, which can still be run on a workstation running Windows NT 4.0.

  5. Incorrect Internet Explorer 5.01 is supported by the MBSA technology in the Software Update Services Feature pack. Appropriate updates can be deployed by using SMS.

  6. Correct SQL Server 6.5 is not supported by the MBSA tool and in turn is not supported by the Software Update Services Feature Pack for SMS 2.0. Although it would perhaps be somewhat arduous, migrating to SQL Server 7.0, or even SQL Server 2000, should be open to consideration for security reasons.

2. 

Correct Answers: A, B, and D

  1. Correct Server One is a member of the domain, which means that Leo’s account has local administrator access. Local administrator access is required for the MBSA tool to work. HTTP access to the Internet means that the Windows Update servers can be contacted by the tool.

  2. Correct Server Two is a member of the domain, which means that Leo’s account has local administrator access. Local administrator access is required for the MBSA tool to work. HTTP access to the Internet means that the Windows Update servers can be contacted by the tool.

  3. Incorrect Server Three is a standalone system. The MBSA command-line tool has no provision to authenticate against a remotely scanned system that is not a member of the domain. Because no remote authentication against a standalone system can occur, this system cannot be scanned. The MBSA tool must be run locally on this system by an account that has local administrator rights.

  4. Correct Server Four is a member of the domain, which means that Leo’s account has local administrator access. Local administrator access is required for the MBSA tool to work. The correct ports are open on the internal firewall for this check to occur. HTTP access to the Internet means that the Windows Update servers can be contacted by the tool.

  5. Incorrect Server Five is a standalone system. The MBSA command-line tool has no provision to authenticate against a remotely scanned system that is not a member of the domain. Because no remote authentication against a standalone system can occur, this system cannot be scanned. The MBSA tool must be run locally on this system by an account that has local administrator rights.

  6. Incorrect Server Six is a standalone system. The MBSA command-line tool has no provision to authenticate against a remotely scanned system that is not a member of the domain. Because no remote authentication against a standalone system can occur, this system cannot be scanned. The MBSA tool must be run locally on this system by an account that has local administrator rights.

3. 

Correct Answers: B, D, and E

  1. Incorrect The MBSA tool cannot authenticate against a proxy server. The MBSA tool either requires direct HTTP access to the Internet or for the administrator to download and install the mssecure.cab file from the Microsoft Web site.

  2. Correct Even though server two and server three are not currently configured as clients of the SUS server, the MBSA tool can be configured to run against the SUS server. It is beneficial that a proxy server is in use in this situation because SUS can be configured to communicate by a proxy, whereas the MBSA tool cannot authenticate against a proxy and hence cannot contact the Windows Update servers.

  3. Incorrect The MBSA tool cannot authenticate against a proxy server. The MBSA tool either requires direct HTTP access to the Internet or for the administrator to download and install the mssecure.cab file from the Microsoft Web site.

  4. Correct Even though server two and server three are not currently configured as clients of the SUS server, the MBSA tool can be configured to run against the SUS server. It is beneficial that a proxy server is in use in this situation because SUS can be configured to communicate by a proxy, whereas the MBSA tool cannot authenticate against a proxy and hence cannot contact the Windows Update servers.

  5. Correct When the MBSA tool is run against a remote server, and that remote server is an SUS client, the MBSA tool retrieves the location of the SUS server and uses the checklist located there rather than downloading it from the Windows Update servers.

4. 

Correct Answers: B and D

  1. Incorrect In the current network’s configuration, there is no way for the MBSA tool to get access to a hotfix checklist. To get access to such a checklist, either HTTP access needs to be granted through the firewall to your workstation, an SUS server that can generate its own hotfix file needs to be set up, or the mssecure.cab file needs to be downloaded from the Microsoft Web site and installed manually.

  2. Correct The mssecure.cab file can be downloaded manually and used as a hotfix checklist. The hotfix checklist is necessary for the MBSA to run and to generate a list of patches that need to be installed.

  3. Incorrect Although access to the mssecure.cab file is necessary, because it contains the hotfix checklist, it needs to only be installed on the scanning computer. Installing it on the remotely scanned computer will not help in any way.

  4. Correct Although the MBSA tool cannot authenticate against a proxy, at least as of version 1.1.1, which is the version in use when the 70-299 exam was written, SUS can. This means that SUS can be used to build a hotfix checklist that the MBSA tool can then use to check other systems on the network.

5. 

Correct Answers: A, C, and D

  1. Correct The Server service must be enabled on the target system for the MBSA tool to be able to check which hotfixes need to be installed.

  2. Incorrect The Workstation service does not need to be installed on the target system, though it does need to be installed on the system running the MBSA scan.

  3. Correct The Remote Registry service must be enabled on the target system for the MBSA tool to be able to check which hotfixes need to be installed.

  4. Correct The File and Print Sharing service must be enabled on the target system for the MBSA tool to be able to check which hotfixes need to be installed.

  5. Incorrect Client for Microsoft Networks is only required on the scanning computer. This service is not required on the target computer.

6. 

Correct Answers: B, C, and D

  1. Incorrect The cluster service cannot be installed on a computer running Windows XP Professional, nor is the cluster service required to successfully run the MBSA tool against a remote Windows Server 2003 IIS Cluster.

  2. Correct If you are going to be using the MBSA tool to analyze a system running IIS, the scanning system must have the IIS common files installed so that it can work with the remote system’s metabase.

  3. Correct The MBSA tool has no ability to authenticate against systems that are not members of the domain or trusted domains. Your user account must have local administrator privileges on both the scanning and the scanned systems.

  4. Correct Your workstation must be able to locate the hotfix checklist. This can be done in one of three ways: downloading the checklist manually from Microsoft, using a generated checklist on a local SUS server, or by a direct HTTP connection from your workstation to the Windows Update servers.

  5. Incorrect To run MBSA correctly, your user account will need to be a member of the local administrators group on the Windows Server 2003 IIS cluster. Being a member of the power users group is irrelevant as to whether or not the MBSA tool will be able to scan a remote system.

7. 

Correct Answers: A and B

  1. Correct Local Account Password Test will check if any accounts on the local system have simple or blank passwords.

  2. Correct Restrict Anonymous checks that the workstation is correctly locked down against anonymous access.

  3. Incorrect This check is not performed by the MBSA tool.

  4. Incorrect There is no test to ascertain whether the remote desktop will accept connections.

  5. Incorrect ICS doesn’t authenticate. There is also no ICS Authentication test in the MBSA tool.

8. 

Correct Answers: B

  1. Incorrect Parsons has met his primary goal by generating a list of approved patches on the SUS server. Creating this list will generate a custom mssecure.cab file that will be used to check against the other servers that Parsons is responsible for. Parsons has met his first secondary goal: the scan will generate the requisite reports. He can remote scan the member servers, but he must locally scan the standalone system. Parsons does not meet his second secondary goal. At no point are the computers running Windows Server 2003 patched. This can be done by forcing them to use the SUS server or by deploying patches by the SUS server.

  2. Correct Parsons has met his primary goal by generating a list of approved patches on the SUS server. Creating this list will generate a custom mssecure.cab file which will be used to check against the other servers that Parsons is responsible for. Parsons has met his first secondary goal: the scan will generate the requisite reports. He can remote scan the member servers, but he must locally scan the standalone system. Parsons does not meet his second secondary goal. At no point are the Windows Server 2003 systems patched. This can be done by forcing them to use the SUS server or by deploying patches by the SUS server.

  3. Incorrect Parsons has met his primary goal by generating a list of approved patches on the SUS server. Creating this list will generate a custom mssecure.cab file that will be used to check against the other servers that Parsons is responsible for. The fourth server runs Windows 2000 and hence is not included in any goal listed in the question. Parsons has met his first secondary goal: the scan will generate the requisite reports. He can remote scan the member servers, but he must locally scan the standalone system. Parsons does not meet his second secondary goal. At no point are the computers running Windows Server 2003 patched. This can be done by forcing them to use the SUS server or by deploying patches by the SUS server.

  4. Incorrect Parsons has met his primary goal by generating a list of approved patches on the SUS server. Creating this list will generate a custom mssecure.cab file that will be used to check against the other servers that Parsons is responsible for. The fourth server runs Windows 2000 and hence is not included in any goal listed in the question. Parsons has met his first secondary goal: the scan will generate the requisite reports. He can remote scan the member servers, but he must locally scan the standalone system. Parsons does not meet his second secondary goal. At no point are the computers running Windows Server 2003 patched. This can be done by forcing them to use the SUS server or by deploying patches by the SUS server.

  5. Incorrect Parsons has met his primary goal by generating a list of approved patches on the SUS server. Creating this list will generate a custom mssecure.cab file that will be used to check against the other servers that Parsons is responsible for. The fourth server runs Windows 2000 and hence is not included in any goal listed in the question. Parsons has met his first secondary goal: the scan will generate the requisite reports. He can remote scan the member servers, but he must locally scan the standalone system. Parsons does not meet his second secondary goal. At no point are the computers running Windows Server 2003 patched. This can be done by forcing them to use the SUS server or by deploying patches by the SUS server.



 < Day Day Up > 



MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net