Objective 3.1: Questions

 < Day Day Up > 



1. 

You are the security administrator for a medium-sized financial consulting firm, and you are investigating ways to keep the company documents secure. Currently, all documents stored on the server are encrypted by means of Encrypting File System (EFS). These documents contain extremely sensitive financial information about clients of your firm. These documents are also copied from the servers to portable computers so that they can be worked on after business hours. Sometimes documents are copied between portable computers. All of the servers at your company are running Windows Server 2003. All of the portable computers at your company are running Windows XP Professional. Documents stored on portable computers are also encrypted. You want to ensure that all documents transmitted across the network are also encrypted, so that if somehow the building’s internal wirings were tapped, no useful information could be retrieved. Which IPSec policy should you deploy to all computers at your organization to meet this goal? (Select all that apply.)

  1. No policy is required.

  2. Client (Respond Only)

  3. Server (Request Security)

  4. Secure Server (Require Security)

 correct answers: c and d a. incorrect although the documents are encrypted by means of efs, when transmitted over the network they are decrypted by the sender. if the document is copied to an ntfs drive, it will be re-encrypted by the receiver. if it is copied to a file allocation table (fat) drive it will not be re-encrypted. the important thing to note is that the document is unencrypted and vulnerable to interception while it is in transit. b. incorrect this policy only encrypts traffic if the partner that the system is communicating with requests it. if no request is made, the documents will pass across the network unencrypted. if all computers are configured with this policy, none will request encrypted transmission. c. correct under this scheme, when transmission begins, a computer will request that ipsec be used. if the partner supports ipsec, encrypted transmission will commence; otherwise unsecured ip communication will occur. because all computers in the organization will be configured with this policy, all will be able to service a request for ipsec communication. portable computers running windows xp can be assigned a server ipsec policy. d. correct this policy is the best option because transmission will not occur until security is negotiated.

2. 

Rooslan is the security administrator for A. Datum Corporation. He is responsible for five computers running Windows Server 2003 that host file shares and printers and a mix of 200 workstations running Windows XP Professional and Windows 2000 Professional. Some of the workstations running Windows 2000 Professional share color inkjet printers on the network. Within A. Datum, there is a group of 50 users who encrypt all of the documents that they use by using EFS. These documents contain confidential information and are located in a shared folder on the third computer running Windows Server 2003. Twenty of these users have workstations running Windows 2000 Professional. Fifteen of these users share inkjet printers that the others in this group use from time to time. Of these 15 users, five are running Windows 2000 Professional. Rooslan’s manager Alex has come to him and asked that he develop a plan so that whenever any of these 50 users copy an encrypted document to one of their workstations, or send one of them to a shared printer, the document remain in an encrypted state during its transmission across the network. All other users on the network should remain unaffected, and their network transmissions should remain unsecured. The 50 users also occasionally access files on the first and second computers running Windows Server 2003, and they must be able to do so in the future. Similarly, 20 users who are not members of this group of 50 also access files on the third computer running Windows Server 2003 and must be able to do so in the future. Which of the following plans could Rooslan implement to meet Alex’s goal?

  1. Rooslan does not need to make any modifications. When a document is encrypted by EFS, it remains encrypted when transmitted across the network.

  2. Rooslan should configure the default domain GPO with the Client (Respond Only) IPSec policy.

  3. Rooslan should configure the local IPSec policy on the third computer running Windows Server 2003 to Secure Server (Require Security). He should place the workstations running Windows 2000 Professional and Windows XP Professional in a new OU and apply a Group Policy object to the OU that has the Client (Respond Only) IPSec policy set.

  4. Rooslan should create a new OU. He should then move the computer accounts for the third computer running Windows Server 2003, and the computer accounts for the 50 workstations used by the users who require encryption, into this OU. He should then create a GPO with the IPSec policy Server (Request Security) and apply it to this OU.

  5. Rooslan cannot meet Alex’s goals without upgrading all of the computers running Windows 2000 Professional to Windows XP.

 correct answers: d a. incorrect documents encrypted by efs do not remain encrypted as they pass across the network, unless ipsec is used. b. incorrect when all clients are configured with the client (respond only) ipsec policy, there will be no encrypted transmissions across the network. this is because encrypted transmissions will only occur if they are specifically requested, and the client (respond only) ipsec policy does not do this. c. incorrect although this will ensure that the communication between the 50 users and the server is encrypted by ipsec, when documents are sent between their workstations they will be unencrypted because no security will be negotiated. furthermore, the 20 users who are connecting to the third computer running windows server 2003, but who are not members of the group of 50, will be unable to communicate with that server because their systems are not configured to negotiate ipsec communications. d. correct if rooslan implements this plan, it will meet the goals outlined by alex. the server (request security) policy requests ipsec communication. if the partner supports ipsec, communication occurs by means of ipsec; if the partner does not support ipsec, communication occurs by means of an unsecured method. if all of the computers in question have this policy applied, communication between them will be encrypted. communication with computers outside this group of 51 (one server, 50 workstations) will be insecure-which is what was stated in alex s plan. e. incorrect windows 2000 professional supports ipsec, as do windows 2000 server, windows xp professional, and windows server 2003.

3. 

Oksana is the security administrator at Tailspin Toys. At the head office, there are three computers running Windows Server 2003, each of which hosts files for different departments within the company. The first computer running Windows Server 2003 hosts plans for future toys. All of the files on this server are confidential and are encrypted by EFS. Only the Managers and Architects groups have permission to access the files on this server. The second computer running Windows Server 2003 hosts the company financial records. All of these files are also confidential, though they are not encrypted by EFS. They are locked down with NTFS permissions and are only accessible to the Accountants and Managers groups. The third computer running Windows Server 2003 hosts the human resources department files, which include some confidential documents that are encrypted by EFS, but it also hosts company policy documents that should be accessible to all users within the Tailspin Toys organization. Oksana has the following goals:

Primary goal: Ensure that all data transmitted to and received from the first computer running Windows Server 2003 is encrypted.

First secondary goal: Ensure that data transmitted from the third Windows Server 2003– based computer to the human resources department computers is encrypted.

Second secondary goal: Ensure that all data transmitted to and received from the second computer running Windows Server 2003 is encrypted.

Oksana takes the following steps:

  • Creates an organizational unit (OU) named SecureServer

  • Moves the computer accounts of the first, second, and third computers running Windows Server 2003 into this OU

  • Creates a GPO with the IPSec policy Secure Server (Require Security) set and applies it to the SecureServer OU

  • Edits the Default Domain GPO and sets the IPSec policy to Client (Respond Only)

 correct answers: a a. correct policies applied at the ou level override those applied at the domain level; hence, the three servers in the secureserver ou will retain the secure server (require security) ipsec policy. all other computers in the domain will have the client (respond only) policy. the impact of this will be that all communication between the three computers running windows server 2003 and the computers in the rest of the domain will be encrypted. this meets the conditions of the primary goal and both secondary goals. b. incorrect policies applied at the ou level override those applied at the domain level; hence, the three servers in the secureserver ou will retain the secure server (require security) ipsec policy. all other computers in the domain will have the client (respond only) policy. the impact of this will be that all communication between the three computers running windows server 2003 and the computers in the rest of the domain will be encrypted. this meets the conditions of the primary goal and both secondary goals. c. incorrect policies applied at the ou level override those applied at the domain level; hence, the three servers in the secureserver ou will retain the secure server (require security) ipsec policy. all other computers in the domain will have the client (respond only) policy. the impact of this will be that all communication between the three computers running windows server 2003 and the computers in the rest of the domain will be encrypted. this meets the conditions of the primary goal and both secondary goals. d. incorrect policies applied at the ou level override those applied at the domain level; hence, the three servers in the secureserver ou will retain the secure server (require security) ipsec policy. all other computers in the domain will have the client (respond only) policy. the impact of this will be that all communication between the three computers running windows server 2003 and the computers in the rest of the domain will be encrypted. this meets the conditions of the primary goal and both secondary goals. e. incorrect policies applied at the ou level override those applied at the domain level; hence, the three servers in the secureserver ou will retain the secure server (require security) ipsec policy. all other computers in the domain will have the client (respond only) policy. the impact of this will be that all communication between the three computers running windows server 2003 and the computers in the rest of the domain will be encrypted. this meets the conditions of the primary goal and both secondary goals.

Answers

1. 

Correct Answers: C and D

  1. Incorrect Although the documents are encrypted by means of EFS, when transmitted over the network they are decrypted by the sender. If the document is copied to an NTFS drive, it will be re-encrypted by the receiver. If it is copied to a file allocation table (FAT) drive it will not be re-encrypted. The important thing to note is that the document is unencrypted and vulnerable to interception while it is in transit.

  2. Incorrect This policy only encrypts traffic if the partner that the system is communicating with requests it. If no request is made, the documents will pass across the network unencrypted. If all computers are configured with this policy, none will request encrypted transmission.

  3. Correct Under this scheme, when transmission begins, a computer will request that IPSec be used. If the partner supports IPSec, encrypted transmission will commence; otherwise unsecured IP communication will occur. Because all computers in the organization will be configured with this policy, all will be able to service a request for IPSec communication. Portable computers running Windows XP can be assigned a server IPSec policy.

  4. Correct This policy is the best option because transmission will not occur until security is negotiated.

2. 

Correct Answers: D

  1. Incorrect Documents encrypted by EFS do not remain encrypted as they pass across the network, unless IPSec is used.

  2. Incorrect When all clients are configured with the Client (Respond Only) IPSec policy, there will be no encrypted transmissions across the network. This is because encrypted transmissions will only occur if they are specifically requested, and the Client (Respond Only) IPSec policy does not do this.

  3. Incorrect Although this will ensure that the communication between the 50 users and the server is encrypted by IPSec, when documents are sent between their workstations they will be unencrypted because no security will be negotiated. Furthermore, the 20 users who are connecting to the third computer running Windows Server 2003, but who are not members of the group of 50, will be unable to communicate with that server because their systems are not configured to negotiate IPSec communications.

  4. Correct If Rooslan implements this plan, it will meet the goals outlined by Alex. The Server (Request Security) policy requests IPSec communication. If the partner supports IPSec, communication occurs by means of IPSec; if the partner does not support IPsec, communication occurs by means of an unsecured method. If all of the computers in question have this policy applied, communication between them will be encrypted. Communication with computers outside this group of 51 (one server, 50 workstations) will be insecure—which is what was stated in Alex’s plan.

  5. Incorrect Windows 2000 Professional supports IPSec, as do Windows 2000 Server, Windows XP Professional, and Windows Server 2003.

3. 

Correct Answers: A

  1. Correct Policies applied at the OU level override those applied at the domain level; hence, the three servers in the SecureServer OU will retain the Secure Server (Require Security) IPSec policy. All other computers in the domain will have the Client (Respond Only) policy. The impact of this will be that all communication between the three computers running Windows Server 2003 and the computers in the rest of the domain will be encrypted. This meets the conditions of the primary goal and both secondary goals.

  2. Incorrect Policies applied at the OU level override those applied at the domain level; hence, the three servers in the SecureServer OU will retain the Secure Server (Require Security) IPSec policy. All other computers in the domain will have the Client (Respond Only) policy. The impact of this will be that all communication between the three computers running Windows Server 2003 and the computers in the rest of the domain will be encrypted. This meets the conditions of the primary goal and both secondary goals.

  3. Incorrect Policies applied at the OU level override those applied at the domain level; hence, the three servers in the SecureServer OU will retain the Secure Server (Require Security) IPSec policy. All other computers in the domain will have the Client (Respond Only) policy. The impact of this will be that all communication between the three computers running Windows Server 2003 and the computers in the rest of the domain will be encrypted. This meets the conditions of the primary goal and both secondary goals.

  4. Incorrect Policies applied at the OU level override those applied at the domain level; hence, the three servers in the SecureServer OU will retain the Secure Server (Require Security) IPSec policy. All other computers in the domain will have the Client (Respond Only) policy. The impact of this will be that all communication between the three computers running Windows Server 2003 and the computers in the rest of the domain will be encrypted. This meets the conditions of the primary goal and both secondary goals.

  5. Incorrect Policies applied at the OU level override those applied at the domain level; hence, the three servers in the SecureServer OU will retain the Secure Server (Require Security) IPSec policy. All other computers in the domain will have the Client (Respond Only) policy. The impact of this will be that all communication between the three computers running Windows Server 2003 and the computers in the rest of the domain will be encrypted. This meets the conditions of the primary goal and both secondary goals.

How many of her goals did Oksana achieve?

Oksana has achieved her primary goal and both secondary goals.

Oksana has achieved her primary goal and one secondary goal.

Oksana has achieved only her primary goal.

Oksana did not achieve her primary goal; she did, however, achieve one of her secondary goals. Oksana achieved none of her goals.

1. 

Your organization has a single standalone server running Windows Server 2003 that is located on a screened subnet. Files are regularly uploaded and downloaded to and from this server from your internal local area network (LAN) and from hosts around the world connected through the Internet by means of the FTP protocol. The only ports open on the internal and external firewalls to this host are those used by the FTP protocol. You only want hosts that have a particular digital certificate installed from a certification authority (CA) to be able to establish secured IPSec connections to the FTP server on the screened subnet. All data transmissions to the FTP server must be secured using IPSec. How can you configure the local GPO on the standalone server running Windows Server 2003 to meet these objectives?

  1. Edit the local GPO on the standalone server running Windows Server 2003, and set the IPSec policy to Client (Respond Only).

  2. Edit the local GPO on the standalone server running Windows Server 2003, and set the IPSec policy to Server (Request Security).

  3. Edit the local GPO on the standalone server running Windows Server 2003, and set the IPSec policy to Secure Server (Require Security).

  4. Create a new custom IPSec policy on the standalone server running Windows Server 2003. Set the default response rule to require Kerberos as an authentication method. Ensure that all TCP traffic on the FTP data and control ports requires security using Kerberos as an authentication method.

  5. Create a new custom IPSec policy on the standalone server running Windows Server 2003. Set the default response rule to require the certificate as an authentication method. Ensure that all IP traffic requires security using the certificate as an authentication method.

 correct answers: e a. incorrect this will not meet the objectives outlined in the question. this will not force ipsec communication, nor will that communication be authenticated by digital certificate. b. incorrect this will not meet the objectives outlined in the question. this will not force ipsec communication, nor will that communication be authenticated by digital certificate. c. incorrect this will not meet the objective in the question that communication must be authenticated by digital certificate. d. incorrect this particular custom ipsec policy uses kerberos, rather than a specific digital certificate, as an authentication method. e. correct although a more specific custom ipsec policy can be created using the actual ports used by the ftp protocol, this particular policy will meet the goals outlined in the question statement.

2. 

You are the network administrator for A. Datum Corporation. Your network environment consists of a single domain with 20 computers running Windows Server 2003, 400 workstations running Windows XP Professional, and 200 workstations running Windows 2000 Professional. You want to ensure that all communication between the workstations running Windows XP Professional and 10 of the computers running Windows Server 2003 is encrypted by IPSec. Furthermore, you do not want the workstations running Windows 2000 Professional making encrypted transmissions. The workstations running Windows 2000 Professional must be able to communicate with each other, the workstations running Windows XP, and the computers running Windows Server 2003 without using IPSec transmissions. Which of the following actions do you need to perform to achieve these goals? (Select two. Each forms a part of the solution.)

  1. Create an OU and place the computer accounts of all workstations running Windows XP Professional in it. Create a GPO with the Server (Request Security) IPSec policy.

  2. Create an OU and place the computer accounts of all workstations running Windows XP Professional in it. Create a GPO with the Secure Server (Require Security) IPSec policy.

  3. Create an OU and place the computer accounts of the 10 computers running Windows Server 2003 in it. Create a GPO with the Server (Request Security) IPSec policy.

  4. Create an OU and place the computer accounts of the 10 computers running Windows Server 2003 in it. Create a GPO with the Secure Server (Require Security) IPSec policy.

  5. Edit the default domain GPO and set the IPSec policy to Server (Request Security).

 correct answers: a and c a. correct if you use this policy, when transmissions are made to other hosts that use this policy, they will be encrypted. when transmissions are made to other hosts that do not use this policy, they will be unencrypted. b. incorrect if you perform this action, the workstations running windows xp professional will not be able to communicate with the workstations running windows 2000 professional in an insecure manner, which is one of your stated goals. c. correct with this policy applied, communication between the set of 10 computers running windows server 2003 and the computers running windows xp professional (assuming they have the policy applied as described in answer a) will be encrypted. communication with the computers running windows 2000 professional will remain unencrypted. d. incorrect if this action were taken, the computers running windows 2000 professional would not be able to communicate with the windows server 2003 computers unless ipsec was used. e. incorrect performing this action would force all computers within the organization to send encrypted transmissions. while this is fine for the computers running windows xp, the question specified that the computers running windows 2000 professional should not be using encrypted transmissions.

3. 

Rooslan is the administrator of Litware, Inc. Litware, Inc., has a single Windows Server 2003 domain that contains three separate sites. The computers at each site are as follows:

Site A: 500 computers running Windows XP Professional, 10 computers running Windows 2000 Server, 5 computers running Windows Server 2003

Site B: 300 computers running Windows 2000 Professional, 10 computers running Windows Server 2003

Site C: 200 computers running Windows XP Professional, 5 computers running Windows NT Server 4.0, 5 computers running Windows Server 2003

Rooslan has been asked by his manager to develop a plan by which all transmissions between computers on the Litware, Inc., network are encrypted by using IPSec. Rooslan’s manager has formalized his request by providing Rooslan with a list of goals. This list is as follows:

Primary goal: All transmissions between computers on the network are encrypted.

1st secondary goal: All transmissions between computers at Site A and Site B are encrypted.

2nd secondary goal: All transmissions between computers at Site A and Site C are encrypted.

Rooslan performs the following steps: He creates a new security template that sets the IPSec policy to Server (Request Security). He creates a new GPO and imports the security template. He applies the GPO to Site A, Site B, and Site C.

Which of the manager’s goals has Rooslan accomplished?

  1. Rooslan has accomplished the primary goal and both secondary goals.

  2. Rooslan has accomplished the primary goal and one secondary goal.

  3. Rooslan has accomplished both secondary goals.

  4. Rooslan has accomplished one secondary goal only.

  5. Rooslan has accomplished none of his manager’s goals.

 correct answers: d a. incorrect computers running windows nt server 4.0 and windows nt workstation 4.0 cannot communicate with the version of ipsec that ships with windows 2000, windows xp, and windows server 2003. this means that any transmissions from computers running windows nt server 4.0 at site c to any other computer on the litware, inc., network will be insecure. this means that the primary goal will not be accomplished, and neither will the second secondary goal. the first secondary goal does not involve any computers running windows nt 4.0, and hence can be achieved. b. incorrect computers running windows nt server 4.0 and windows nt workstation 4.0 cannot communicate with the version of ipsec that ships with windows 2000, windows xp, and windows server 2003. this means that any transmissions from computers running windows nt server 4.0 at site c to any other computer on the litware, inc., network will be insecure. this means that the primary goal will not be accomplished, and neither will the second secondary goal. the first secondary goal does not involve any computers running windows nt 4.0, and hence can be achieved. c. incorrect computers running windows nt server 4.0 and windows nt workstation 4.0 cannot communicate with the version of ipsec that ships with windows 2000, windows xp, and windows server 2003. this means that any transmissions from computers running windows nt server 4.0 at site c to any other computer on the litware, inc., network will be insecure. this means that the primary goal will not be accomplished, and neither will the second secondary goal. the first secondary goal does not involve any computers running windows nt 4.0, and hence can be achieved. d. correct computers running windows nt server 4.0 and windows nt workstation 4.0 cannot communicate with the version of ipsec that ships with windows 2000, windows xp, and windows server 2003. this means that any transmissions from computers running windows nt server 4.0 at site c to any other computer on the litware, inc., network will be insecure. this means that the primary goal will not be accomplished, and neither will the second secondary goal. the first secondary goal does not involve any computers running windows nt 4.0, and hence can be achieved. e. incorrect computers running windows nt server 4.0 and windows nt workstation 4.0 cannot communicate with the version of ipsec that ships with windows 2000, windows xp, and windows server 2003. this means that any transmissions from computers running windows nt server 4.0 at site c to any other computer on the litware, inc., network will be insecure. this means that the primary goal will not be accomplished, and neither will the second secondary goal. the first secondary goal does not involve any computers running windows nt 4.0, and hence can be achieved.

4. 

You have a domain running at the Windows Server 2003 Interim level. This domain has 10 computers running Windows Server 2003, 150 computers running Windows XP Professional, and 60 computers running Windows NT Workstation 4.0. There are three sites. Site A hosts 8 computers running Windows Server 2003 and 100 computers running Windows XP Professional. Site B hosts one computer running Windows Server 2003 that acts as a domain controller, a global catalog server, and a file and print server, in addition to 50 computers running Windows XP Professional. Site C hosts one computer running Windows Server 2003 that acts as a domain controller, a global catalog server, and a file and print server, in addition to 60 computers running Windows NT Workstation 4.0. Network transmissions between computers in the domain are unencrypted and insecure. Transmissions in the domain only occur between workstations and servers—there is no workstation to workstation communication. You have been asked to rectify this situation and to ensure that all transmissions that occur between computers in your domain are encrypted by IPSec. Which of the following plans will meet this objective with the least administrative effort?

  1. Create a single GPO with the IPSec policy set to Client (Respond Only). Apply this GPO to Site A, Site B, and Site C.

  2. Create a single GPO with the IPSec policy set to Server (Request Security). Apply this GPO to Site A, Site B, and Site C.

  3. Create a single GPO with the IPSec policy set to Secure Server (Require Security). Apply this GPO to Site A, Site B, and Site C.

  4. Upgrade all computers in the domain running Windows NT Workstation 4.0 to Windows XP Professional. Create a security template that sets the IPSec policy to Secure Server (Require Security), and apply this template to the local GPO on each computer running Windows Server 2003. Create a new GPO with the IPSec policy set to Client (Respond Only). Apply this GPO to Site A, Site B, and Site C.

  5. Upgrade all computers in the domain running Windows NT Workstation 4.0 to Windows XP Professional. Create a security template that sets the IPSec policy to Secure Server (Require Security). Create a new GPO, and import this template. Apply this GPO to Site A, Site B, and Site C.

 correct answers: e a. incorrect this will not work for two reasons. the first reason is that this policy only encrypts ipsec transmissions when a request is made. if all computers have this policy applied, no request will be made. the second reason this will not work is that computers running windows nt workstation 4.0 cannot use ipsec without resorting to a non-microsoft ipsec solution. b. incorrect computers running windows nt workstation 4.0 cannot use ipsec without resorting to a non-microsoft ipsec solution. although the computers running windows xp and windows server 2003 will use ipsec, all transmissions to and from the computers running windows nt workstation 4.0 will be insecure. c. incorrect computers running windows nt workstation 4.0 cannot use ipsec without resorting to a non-microsoft ipsec solution. although the computers running windows xp and windows server 2003 will use ipsec, no transmission will be able to be made from these computers to the computers running windows nt workstation 4.0. d. incorrect the local policy will be overridden by the site policy, so the policy on all computers throughout the domain will be client (respond only). the client (respond only) will only encrypt traffic if requested. if all computers have this policy, none will request ipsec transmissions. e. correct only windows 2000, windows xp, and windows server 2003 natively support ipsec. windows nt workstation 4.0 and windows nt server 4.0 do not support ipsec. the secure server (require security) policy will ensure that all transmissions that occur within the domain will be encrypted.

Answers

1. 

Correct Answers: E

  1. Incorrect This will not meet the objectives outlined in the question. This will not force IPSec communication, nor will that communication be authenticated by digital certificate.

  2. Incorrect This will not meet the objectives outlined in the question. This will not force IPSec communication, nor will that communication be authenticated by digital certificate.

  3. Incorrect This will not meet the objective in the question that communication must be authenticated by digital certificate.

  4. Incorrect This particular custom IPSec policy uses Kerberos, rather than a specific digital certificate, as an authentication method.

  5. Correct Although a more specific custom IPSec policy can be created using the actual ports used by the FTP protocol, this particular policy will meet the goals outlined in the question statement.

2. 

Correct Answers: A and C

  1. Correct If you use this policy, when transmissions are made to other hosts that use this policy, they will be encrypted. When transmissions are made to other hosts that do not use this policy, they will be unencrypted.

  2. Incorrect If you perform this action, the workstations running Windows XP Professional will not be able to communicate with the workstations running Windows 2000 Professional in an insecure manner, which is one of your stated goals.

  3. Correct With this policy applied, communication between the set of 10 computers running Windows Server 2003 and the computers running Windows XP Professional (assuming they have the policy applied as described in answer A) will be encrypted. Communication with the computers running Windows 2000 Professional will remain unencrypted.

  4. Incorrect If this action were taken, the computers running Windows 2000 Professional would not be able to communicate with the Windows Server 2003 computers unless IPSec was used.

  5. Incorrect Performing this action would force all computers within the organization to send encrypted transmissions. While this is fine for the computers running Windows XP, the question specified that the computers running Windows 2000 Professional should not be using encrypted transmissions.

3. 

Correct Answers: D

  1. Incorrect Computers running Windows NT Server 4.0 and Windows NT Workstation 4.0 cannot communicate with the version of IPSec that ships with Windows 2000, Windows XP, and Windows Server 2003. This means that any transmissions from computers running Windows NT Server 4.0 at Site C to any other computer on the Litware, Inc., network will be insecure. This means that the primary goal will not be accomplished, and neither will the second secondary goal. The first secondary goal does not involve any computers running Windows NT 4.0, and hence can be achieved.

  2. Incorrect Computers running Windows NT Server 4.0 and Windows NT Workstation 4.0 cannot communicate with the version of IPSec that ships with Windows 2000, Windows XP, and Windows Server 2003. This means that any transmissions from computers running Windows NT Server 4.0 at Site C to any other computer on the Litware, Inc., network will be insecure. This means that the primary goal will not be accomplished, and neither will the second secondary goal. The first secondary goal does not involve any computers running Windows NT 4.0, and hence can be achieved.

  3. Incorrect Computers running Windows NT Server 4.0 and Windows NT Workstation 4.0 cannot communicate with the version of IPSec that ships with Windows 2000, Windows XP, and Windows Server 2003. This means that any transmissions from computers running Windows NT Server 4.0 at Site C to any other computer on the Litware, Inc., network will be insecure. This means that the primary goal will not be accomplished, and neither will the second secondary goal. The first secondary goal does not involve any computers running Windows NT 4.0, and hence can be achieved.

  4. Correct Computers running Windows NT Server 4.0 and Windows NT Workstation 4.0 cannot communicate with the version of IPSec that ships with Windows 2000, Windows XP, and Windows Server 2003. This means that any transmissions from computers running Windows NT Server 4.0 at Site C to any other computer on the Litware, Inc., network will be insecure. This means that the primary goal will not be accomplished, and neither will the second secondary goal. The first secondary goal does not involve any computers running Windows NT 4.0, and hence can be achieved.

  5. Incorrect Computers running Windows NT Server 4.0 and Windows NT Workstation 4.0 cannot communicate with the version of IPSec that ships with Windows 2000, Windows XP, and Windows Server 2003. This means that any transmissions from computers running Windows NT Server 4.0 at Site C to any other computer on the Litware, Inc., network will be insecure. This means that the primary goal will not be accomplished, and neither will the second secondary goal. The first secondary goal does not involve any computers running Windows NT 4.0, and hence can be achieved.

4. 

Correct Answers: E

  1. Incorrect This will not work for two reasons. The first reason is that this policy only encrypts IPSec transmissions when a request is made. If all computers have this policy applied, no request will be made. The second reason this will not work is that computers running Windows NT Workstation 4.0 cannot use IPSec without resorting to a non-Microsoft IPSec solution.

  2. Incorrect Computers running Windows NT Workstation 4.0 cannot use IPSec without resorting to a non-Microsoft IPSec solution. Although the computers running Windows XP and Windows Server 2003 will use IPSec, all transmissions to and from the computers running Windows NT Workstation 4.0 will be insecure.

  3. Incorrect Computers running Windows NT Workstation 4.0 cannot use IPSec without resorting to a non-Microsoft IPSec solution. Although the computers running Windows XP and Windows Server 2003 will use IPSec, no transmission will be able to be made from these computers to the computers running Windows NT Workstation 4.0.

  4. Incorrect The local policy will be overridden by the site policy, so the policy on all computers throughout the domain will be Client (Respond Only). The Client (Respond Only) will only encrypt traffic if requested. If all computers have this policy, none will request IPSec transmissions.

  5. Correct Only Windows 2000, Windows XP, and Windows Server 2003 natively support IPSec. Windows NT Workstation 4.0 and Windows NT Server 4.0 do not support IPSec. The Secure Server (Require Security) policy will ensure that all transmissions that occur within the domain will be encrypted.



 < Day Day Up > 



MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net