Questions and Answers

 < Day Day Up > 



Lesson 1 Review

Page
3-16

1. 

Which predefined security template can be used to improve the ability of Users to run applications without being logged on as an administrator?

  1. Setup Security.inf

  2. Compatws.inf

  3. Securews.inf

  4. Hisecws.inf

b. the compatws.inf security template makes the default permissions for the users group less restrictive so that older applications are more likely to run correctly.

2. 

Which predefined security template can be used to return a system to its original security settings?

  1. Setup Security.inf

  2. Compatws.inf

  3. Securews.inf

  4. Hisecws.inf

a. the setup security.inf security template contains the security settings that windows server 2003 uses by default.

3. 

Which of the following tools can be used to copy a security template? (Choose all that apply.)

  1. Active Directory Users And Computers

  2. Group Policy Object Editor

  3. Security Templates snap-in

  4. Security Configuration And Analysis

  5. Secedit

  6. Windows Explorer

c, f. the security templates snap-in and windows explorer can both be used to copy security templates.

Answers

1. 

b. The Compatws.inf security template makes the default permissions for the Users group less restrictive so that older applications are more likely to run correctly.

2. 

a. The Setup Security.inf security template contains the security settings that Windows Server 2003 uses by default.

3. 

c, f. The Security Templates snap-in and Windows Explorer can both be used to copy security templates.

Lesson 2 Review

Page
3-29

1. 

Which is the correct tool to use to most efficiently deploy a security template to a single domain member?

  1. Group Policy Object Editor snap-in

  2. Security Configuration And Analysis snap-in

  3. Security Templates snap-in

  4. Local Security Policy console snap-in

  5. Secedit command-line tool

d. the local security policy console snap-in is the most efficient way to apply a security template to a single system because it is graphical and allows the administrator to apply security settings with a few clicks.

2. 

Which is the correct tool to use to most efficiently deploy a security template to hundreds of computers in a domain?

  1. Group Policy Object Editor snap-in

  2. Security Configuration And Analysis snap-in

  3. Security Templates snap-in

  4. Local Security Policy console snap-in

  5. Secedit command-line tool

a. group policy objects, configured by using the group policy object editor snap-in, are the most efficient way to apply a security template to multiple systems in a domain.

3. 

Which is the correct tool to use to most efficiently deploy a security template to dozens of standalone computers?

  1. Group Policy Object Editor snap-in

  2. Security Configuration And Analysis snap-in

  3. Security Templates snap-in

  4. Local Security Policy console snap-in

  5. Secedit command-line tool

e. the secedit command-line tool is the most efficient way to deploy a security template to multiple computers that are not in a domain, because the security policy can be applied to a system by using scripts.

Answers

1. 

d. The Local Security Policy console snap-in is the most efficient way to apply a security template to a single system because it is graphical and allows the administrator to apply security settings with a few clicks.

2. 

a. Group Policy objects, configured by using the Group Policy Object Editor snap-in, are the most efficient way to apply a security template to multiple systems in a domain.

3. 

e. The Secedit command-line tool is the most efficient way to deploy a security template to multiple computers that are not in a domain, because the security policy can be applied to a system by using scripts.

Lesson 3 Review

Page
3-44

1. 

Which of the following tools can be used to identify which GPOs were applied to a computer? (Choose all that apply.)

  1. Resultant Set Of Policy

  2. Help And Support Center

  3. Gpresult

  4. Gpupdate

  5. Active Directory Users And Computers

  6. Group Policy Object Editor

  7. Registry Editor

a, b, c, g. rsop, help and support center, gpresult, and the registry editor can all be used to determine which gpos were applied to a computer.

2. 

Which of the following tools can be used to identify the current Minimum Password Length setting and the responsible GPO? (Choose all that apply.)

  1. Resultant Set Of Policy

  2. Help And Support Center

  3. Gpresult

  4. Gpupdate

  5. Active Directory Users And Computers

  6. Group Policy Object Editor

  7. Registry Editor

a, c. rsop and gpresult will show current policy settings and the gpo that defined them.

3. 

Which of the following tools can be used to force a computer to refresh all Group Policy objects?

  1. Resultant Set Of Policy

  2. Help And Support Center

  3. Gpresult

  4. Gpupdate

  5. Active Directory Users And Computers

  6. Group Policy Object Editor

  7. Registry Editor

d. gpupdate is used to force the computer to immediately download and apply gpos.

Answers

1. 

a, b, c, g. RSoP, Help And Support Center, Gpresult, and the Registry Editor can all be used to determine which GPOs were applied to a computer.

2. 

a, c. RSoP and Gpresult will show current policy settings and the GPO that defined them.

3. 

d. Gpupdate is used to force the computer to immediately download and apply GPOs.

Design Activity: Case Scenario Exercise

Page
3-46

1. 

How many different security templates will you create, and what will each one be used for?

your answer will vary, but you should at a minimum create nine security templates for the following roles: * file server * domain controller * mail server * external web server * internal web server * proxy server * database server * portable computer * desktop computer

2. 

Which of the following is the right choice for deploying security templates in your environment?

  1. Importing the security templates into Local Group Policy.

  2. Importing the security templates by using Secedit.

  3. Importing the security templates by using the Security Configuration And Analysis tool.

  4. Importing the security templates by using GPOs linked to Active Directory.

d. the only efficient way to manage the security of such a large number of computers is to use gpos linked to active directory. applying security templates to individual computers would be time consuming and difficult to maintain.

3. 

Which of the portable and desktop computers will not be able to use Group Policy?

  1. The computers running Windows XP Professional

  2. The computers running Windows NT Workstation 4.0

  3. The computers running Windows XP Home Edition

  4. The computers running Windows 2000 Professional

  5. The computers running Windows Millennium Edition

  6. The computers running Windows 95

b, c, e, f. of the desktop platforms you have deployed, only the computers running windows xp professional and windows 2000 professional will be able to use group policy. fortunately, these make up the majority of your computers.

4. 

How will you apply security settings to those systems that do not support Group Policy?

ideally, you can convince management to upgrade these computers to windows xp professional, which supports group policy. that is the only way to ensure that end users do not change the security settings on their computers. if this is not possible, you can use system policy or manually configure the security settings on each computer. however, that solution does not meet management s original requirements.

Answers

1. 

Your answer will vary, but you should at a minimum create nine security templates for the following roles:

  • File server

  • Domain controller

  • Mail server

  • External Web server

  • Internal Web server

  • Proxy server

  • Database server

  • Portable computer

  • Desktop computer

2. 

d. The only efficient way to manage the security of such a large number of computers is to use GPOs linked to Active Directory. Applying security templates to individual computers would be time consuming and difficult to maintain.

3. 

b, c, e, f. Of the desktop platforms you have deployed, only the computers running Windows XP Professional and Windows 2000 Professional will be able to use Group Policy. Fortunately, these make up the majority of your computers.

4. 

Ideally, you can convince management to upgrade these computers to Windows XP Professional, which supports Group Policy. That is the only way to ensure that end users do not change the security settings on their computers. If this is not possible, you can use System Policy or manually configure the security settings on each computer. However, that solution does not meet management’s original requirements.

Design Activity: Troubleshooting Exercise

Page
3-48

1. 

Why was the Portable Computers Policy not applied?

gpresult identified the problem as security, which indicates that the client computer did not have sufficient permissions to apply the group policy.

2. 

How will you resolve the problem?

view the properties for the gpo, and examine the security settings. either the computer account, or one of the security groups the computer is a member of, was denied access to the group policy object. you must identify the group membership that is denied access and allow that group access to the group policy object. it is also possible that the computer was not denied access, but was also not granted access. if this is the case, modify the permissions for the group policy object to allow the apply group policy permission to one of the groups the computer is a member of.

3. 

Why was the Local Group Policy not applied?

the local group policy was not applied because it is empty. since there are no settings to apply, this is the expected behavior and is not indicative of a problem.

4. 

Which other tools could you have used to identify the source of the problem?

there are no other tools that would reveal filtered gpos.

Answers

1. 

Gpresult identified the problem as Security, which indicates that the client computer did not have sufficient permissions to apply the Group Policy.

2. 

View the properties for the GPO, and examine the security settings. Either the computer account, or one of the security groups the computer is a member of, was denied access to the Group Policy object. You must identify the group membership that is denied access and allow that group access to the Group Policy object. It is also possible that the computer was not denied access, but was also not granted access. If this is the case, modify the permissions for the Group Policy object to allow the Apply Group Policy permission to one of the groups the computer is a member of.

3. 

The Local Group Policy was not applied because it is empty. Since there are no settings to apply, this is the expected behavior and is not indicative of a problem.

4. 

There are no other tools that would reveal filtered GPOs.



 < Day Day Up > 



MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net