Questions and Answers

1. 

Which of the following software restriction rules can be used to allow any application on an intranet to be run on a computer?

1. Hash rules

2. Certificate rules

3. Path rules

4. Internet zone rules

2. 

Which of the following software restriction rules should be used to ensure that a particular executable file cannot be run?

1. Hash rules

2. Certificate rules

3. Path rules

4. Internet zone rules

3. 

Which of the following rules would you not enforce on a computer to be used as a kiosk?

1. Remove the Run menu item from the Start menu.

2. Deny the Everyone group the right to log on locally.

3. Require a user to log on automatically.

4. Deny the interactive user the right to change his or her own password.

1. 

d. Internet zone rules restrict or allow applications to run based on the zone configurations in Internet Explorer, which can be used to specify networks that are part of the intranet.

2. 

a. Hash rules can prevent an application from running, regardless of where the executable file is located or what it is named. However, if a new version of the executable file is released, the hash rule must be updated to remain effective.

3. 

b. A user should be configured to log on automatically; however, denying the Everyone group the right to log on interactively would not allow any user to log on, whether manually or automatically.

1. 

Which of the following types of servers should have traffic allowed on UDP port 53?

1. DHCP servers

2. DNS servers

3. Domain controllers

4. Web servers

5. RADIUS servers

6. Database servers

7. Messaging servers

2. 

Which of the following types of servers should have traffic allowed on TCP port 1433?

1. DHCP servers

2. DNS servers

3. Domain controllers

4. Web servers

5. RADIUS servers

6. Database servers

7. Messaging servers

3. 

Which of the following types of servers creates a dedicated event log that can be viewed by using Event Viewer?

1. DHCP servers

2. DNS servers

3. Domain controllers

4. Web servers

5. RADIUS servers

6. Database servers

7. Messaging servers

4. 

Which of the following protocols can be used to encrypt traffic between a Web browser and an IIS computer?

1. TLS

2. EFS

3. Challenge Handshake Authentication Protocol (CHAP)

4. SSL

5. RADIUS

1. 

b and c. UDP port 53 is used for DNS requests. DNS servers must be able to receive DNS requests. Domain controllers often, but not always, act as DNS servers.

2. 

f. SQL Server uses TCP port 1433 to accept database queries.

3. 

b and c. The DNS server role creates the DNS Server event log, and the domain controller role creates the Directory Service and File Replication Service event logs.

4. 

d. SSL is a standard method for encrypting traffic between Web browsers and servers.

1. 

Which command would cause Mbsacli to analyze all computers on the network 10.236.122.0/24 subnet?

1. mbsacli /r 10.236.122.1-10.236.122.254

2. mbsacli /i 10.236.122.0/24

3. mbsacli /r 10.236.122.0

4. mbsacli /i 10.236.122.0 255.255.255.0

2. 

Which of the following functions can be performed with the Security Configuration And Analysis console? (Choose all that apply.)

1. Create an XML file containing a summary of a computer’s security settings.

2. Compare the current configuration settings against a security template.

3. Identify which GPO is responsible for a specific policy setting.

4. Apply a security template to the local computer.

1. 

a. The /r option causes Mbsacli to scan a range of IP addresses.

2. 

b and d. The Security Configuration And Analysis console can be used to apply security templates and to compare existing settings against a security template.

1. 

How would you design the network?

2. 

To which of the following ports will you have to configure the firewall to forward to the perimeter network?

1. 53/udp

2. 53/tcp

3. 80/udp

4. 80/tcp

5. 25/udp

6. 25/tcp

7. 110/udp

8. 110/tcp

9. 1433/udp

10. 1433/tcp

3. 

How many security templates would you use to configure and analyze the security settings on this network?

4. 

Besides configuring the initial security settings on the Web, messaging, and DNS servers, what security-related tasks should be performed on an ongoing basis?

1. 

Given that you only have a single firewall to work with, you would probably design the network as shown in Figure 4.14. This design creates separate networks for the intranet and for the servers providing services to the public Internet, and it ensures that all traffic is protected by a firewall. Using a single firewall represents an acceptable security risk for your organization—if an attacker manages to compromise the firewall, the attacker will be able to access both the perimeter network and your internal network. Given your budget limitations, this is the best you can do.

Figure 4.14: Suggested perimeter network architecture

2. 

a, b, d, and f. 53/udp and 53/tcp are used for DNS requests, which you must accept from the public Internet. 80/tcp is used for Web requests, but 80/udp is not. 25/tcp is used for SMTP, which mail servers use to communicate with each other. 110/tcp is used for clients downloading e-mail and would have to be allowed between the internal network and the perimeter network. However, there was no mention of clients retrieving e-mail from the public network, so there is no reason to allow that traffic from the Internet connection. 1433/tcp is used for SQL Server requests, but there is no SQL Server on this network.

3. 

You would definitely create separate security templates for the Web, messaging, and DNS server roles. If the firewall is based on a computer running Windows, you should create a security template for that as well. However, the scenario doesn’t mention the platform used for the firewall, and most firewalls are dedicated devices that are not compatible with security templates. You would also have at least one security template for the computers on the internal network. If you have multiple computer types on the internal network, such as desktop and mobile computers, each type requires a separate security template.

4. 

On a regular basis, you should analyze the security settings on the servers by using MBSA. MBSA will also reveal whether any security updates have been released but not applied. Additionally, you should configure logging for each of the systems and review the logs on a regular basis for signs of attacks and security compromises.

1. 

Which of the following tools can you use to identify the source of the problem? (Choose all that apply.)

1. Event Viewer

2. Gpresult

3. Resultant Set Of Policy

4. Security Templates

2. 

After identifying the source of the problem, list three ways to resolve or work around the problem by allowing yourself to run Msconfig.

1. 

a, b, and c. The System log in Event Viewer will show events with a source of Software Restriction Policy that indicate that a software restriction policy prevented an application from running. In this case, the event has an Event ID of 866, which indicates that the restriction was placed on a specific path. The Gpresult /Z command lists all the computer and user GPOs that were applied, including details about software restriction policies. Finally, Resultant Set Of Policy is the most efficient way to identify the source of the problem.

2. 

Valid answers include:

Copy the Msconfig.exe folder to a folder that is not included in a software restriction policy.

Restart the computer in safe mode.

Unlink the GPO from Active Directory, and then refresh Group Policy.

Modify the GPO so that the software restriction policy does not apply to administrators, and then refresh Group Policy.

Link a second GPO that overrides the software restriction policies of the existing GPO, and then refresh Group Policy.'