| < Day Day Up > |
|
1. | You are the security administrator for a medium-sized financial consulting firm, and you are investigating ways to keep the company documents secure. Currently, all documents stored on the server are encrypted by means of Encrypting File System (EFS). These documents contain extremely sensitive financial information about clients of your firm. These documents are also copied from the servers to portable computers so that they can be worked on after business hours. Sometimes documents are copied between portable computers. All of the servers at your company are running Windows Server 2003. All of the portable computers at your company are running Windows XP Professional. Documents stored on portable computers are also encrypted. You want to ensure that all documents transmitted across the network are also encrypted, so that if somehow the building’s internal wirings were tapped, no useful information could be retrieved. Which IPSec policy should you deploy to all computers at your organization to meet this goal? (Select all that apply.)
|
|
2. | Rooslan is the security administrator for A. Datum Corporation. He is responsible for five computers running Windows Server 2003 that host file shares and printers and a mix of 200 workstations running Windows XP Professional and Windows 2000 Professional. Some of the workstations running Windows 2000 Professional share color inkjet printers on the network. Within A. Datum, there is a group of 50 users who encrypt all of the documents that they use by using EFS. These documents contain confidential information and are located in a shared folder on the third computer running Windows Server 2003. Twenty of these users have workstations running Windows 2000 Professional. Fifteen of these users share inkjet printers that the others in this group use from time to time. Of these 15 users, five are running Windows 2000 Professional. Rooslan’s manager Alex has come to him and asked that he develop a plan so that whenever any of these 50 users copy an encrypted document to one of their workstations, or send one of them to a shared printer, the document remain in an encrypted state during its transmission across the network. All other users on the network should remain unaffected, and their network transmissions should remain unsecured. The 50 users also occasionally access files on the first and second computers running Windows Server 2003, and they must be able to do so in the future. Similarly, 20 users who are not members of this group of 50 also access files on the third computer running Windows Server 2003 and must be able to do so in the future. Which of the following plans could Rooslan implement to meet Alex’s goal?
|
|
3. | Oksana is the security administrator at Tailspin Toys. At the head office, there are three computers running Windows Server 2003, each of which hosts files for different departments within the company. The first computer running Windows Server 2003 hosts plans for future toys. All of the files on this server are confidential and are encrypted by EFS. Only the Managers and Architects groups have permission to access the files on this server. The second computer running Windows Server 2003 hosts the company financial records. All of these files are also confidential, though they are not encrypted by EFS. They are locked down with NTFS permissions and are only accessible to the Accountants and Managers groups. The third computer running Windows Server 2003 hosts the human resources department files, which include some confidential documents that are encrypted by EFS, but it also hosts company policy documents that should be accessible to all users within the Tailspin Toys organization. Oksana has the following goals: Primary goal: Ensure that all data transmitted to and received from the first computer running Windows Server 2003 is encrypted. First secondary goal: Ensure that data transmitted from the third Windows Server 2003– based computer to the human resources department computers is encrypted. Second secondary goal: Ensure that all data transmitted to and received from the second computer running Windows Server 2003 is encrypted. Oksana takes the following steps:
|
|
Answers
1. | Correct Answers: C and D
|
2. | Correct Answers: D
|
3. | Correct Answers: A
|
How many of her goals did Oksana achieve?
Oksana has achieved her primary goal and both secondary goals.
Oksana has achieved her primary goal and one secondary goal.
Oksana has achieved only her primary goal.
Oksana did not achieve her primary goal; she did, however, achieve one of her secondary goals. Oksana achieved none of her goals.
1. | Your organization has a single standalone server running Windows Server 2003 that is located on a screened subnet. Files are regularly uploaded and downloaded to and from this server from your internal local area network (LAN) and from hosts around the world connected through the Internet by means of the FTP protocol. The only ports open on the internal and external firewalls to this host are those used by the FTP protocol. You only want hosts that have a particular digital certificate installed from a certification authority (CA) to be able to establish secured IPSec connections to the FTP server on the screened subnet. All data transmissions to the FTP server must be secured using IPSec. How can you configure the local GPO on the standalone server running Windows Server 2003 to meet these objectives?
|
|
2. | You are the network administrator for A. Datum Corporation. Your network environment consists of a single domain with 20 computers running Windows Server 2003, 400 workstations running Windows XP Professional, and 200 workstations running Windows 2000 Professional. You want to ensure that all communication between the workstations running Windows XP Professional and 10 of the computers running Windows Server 2003 is encrypted by IPSec. Furthermore, you do not want the workstations running Windows 2000 Professional making encrypted transmissions. The workstations running Windows 2000 Professional must be able to communicate with each other, the workstations running Windows XP, and the computers running Windows Server 2003 without using IPSec transmissions. Which of the following actions do you need to perform to achieve these goals? (Select two. Each forms a part of the solution.)
|
|
3. | Rooslan is the administrator of Litware, Inc. Litware, Inc., has a single Windows Server 2003 domain that contains three separate sites. The computers at each site are as follows: Site A: 500 computers running Windows XP Professional, 10 computers running Windows 2000 Server, 5 computers running Windows Server 2003 Site B: 300 computers running Windows 2000 Professional, 10 computers running Windows Server 2003 Site C: 200 computers running Windows XP Professional, 5 computers running Windows NT Server 4.0, 5 computers running Windows Server 2003 Rooslan has been asked by his manager to develop a plan by which all transmissions between computers on the Litware, Inc., network are encrypted by using IPSec. Rooslan’s manager has formalized his request by providing Rooslan with a list of goals. This list is as follows: Primary goal: All transmissions between computers on the network are encrypted. 1st secondary goal: All transmissions between computers at Site A and Site B are encrypted. 2nd secondary goal: All transmissions between computers at Site A and Site C are encrypted. Rooslan performs the following steps: He creates a new security template that sets the IPSec policy to Server (Request Security). He creates a new GPO and imports the security template. He applies the GPO to Site A, Site B, and Site C. Which of the manager’s goals has Rooslan accomplished?
|
|
4. | You have a domain running at the Windows Server 2003 Interim level. This domain has 10 computers running Windows Server 2003, 150 computers running Windows XP Professional, and 60 computers running Windows NT Workstation 4.0. There are three sites. Site A hosts 8 computers running Windows Server 2003 and 100 computers running Windows XP Professional. Site B hosts one computer running Windows Server 2003 that acts as a domain controller, a global catalog server, and a file and print server, in addition to 50 computers running Windows XP Professional. Site C hosts one computer running Windows Server 2003 that acts as a domain controller, a global catalog server, and a file and print server, in addition to 60 computers running Windows NT Workstation 4.0. Network transmissions between computers in the domain are unencrypted and insecure. Transmissions in the domain only occur between workstations and servers—there is no workstation to workstation communication. You have been asked to rectify this situation and to ensure that all transmissions that occur between computers in your domain are encrypted by IPSec. Which of the following plans will meet this objective with the least administrative effort?
|
|
Answers
1. | Correct Answers: E
|
2. | Correct Answers: A and C
|
3. | Correct Answers: D
|
4. | Correct Answers: E
|
| < Day Day Up > |
|