| < Day Day Up > |
|
You should give yourself 20 minutes to review this testlet and complete the questions.
Get Results Marketing is a global advertising and market research company based out of New York.
The company has locations in Hong Kong, London, and New York. There are approximately 1,200 employees in New York, 400 in London, and 150 in Hong Kong. The IT staff is based out of the New York location.
The company plans to upgrade all clients to Windows XP. It also plans to implement a wireless network and add smart card security to the network.
Get Results Marketing has Active Directory installed and uses Exchange 2003 for e-mail. The company has upgraded its domain servers to Windows Server 2003.
CIO We plan to implement wireless networking at all three locations. We also suspect that some information about our accounts has been leaking to our competitors, so we want to install a two-factor authentication system.
We also need to come up with an audit plan for the servers.
Network Administrator I am concerned about the security breaches. The network is not well organized and policies are not applied consistently across servers on the network, so I am unable to effectively track the problem.
CSO We need to implement a PKI to issue digital certificates for two-factor and wireless authentication. The root CA must be secured. Additionally, we need dedicated servers to issue the required digital certificates. These certificates must be deployed by using the minimum amount of administrative effort. We are worried about legal requirements for certificates in some of the countries we operating in.
The company's security policy contains the following requirements:
Accounts data must be accessed through the SQL Server 2000 database and shared folders on a file server. All access to account data should use certificate-based authentication.
E-mail sent to partner companies must be signed.
E-mail that is sent to partner companies and contains information that has been flagged as sensitive must be encrypted.
Employees will not be allowed to use the wireless infrastructure until there is an appropriate infrastructure to validate them. This infrastructure should support certificate-based authentication.
| < Day Day Up > |
|