Planning And Implementing Server Roles And Server Information Technology Essay

1. If you are to plan an full computing machine web from abrasion, what standard will you see to choose the appropriate operating system for your waiters and work Stationss?

A. Support Issues

B. Infrastructure Servers

C. Cost

D. Domain Controllers

Correct Answer: A and C

Feedback:

Support Issues are a consideration in choosing the appropriate operating system for the waiters and workstations. This is because, if you have staff of web support people who merely have experience, working with Microsoft Windows runing systems, taking Linux for your web computing machines creates an extra support job that might necessitate retraining or replacing forces.

On the other manus, Cost is a consideration, because Cost is ever a factor when choosing runing systems. You must see non merely the initial cost of the package, but besides the cost and handiness of future ascents, certification, and proficient support. Sometimes, free runing systems provide capablenesss equal or superior to those of commercial merchandises, but they are frequently upgraded periodically and make non include certification or support.

2. You are the web decision maker of your company. Your web consists of:

Two Windows Server 2003 DCs

Two Windows 2000 Server DCs andA

Two Windows NT server 4.0 DCsA

each. All HR section file waiters are in the HR Servers OU. All Training section file waiters are in the Training Servers OU, where the Training Servers OU is a kid of the HR Servers OU. As per your company ‘s HR security policies, all default security scenes for waiters of the HR section, must be enhanced for greater security. In add-on to this basic demand, the Training security policies further demand for scrutinizing of any omission of files or booklets. How will you be after the HR and Training security policy scenes?

A. A GPO for the Compatws.inf security templet to computing machine objects, linked to HR Servers OU, with a 2nd GPO for Audit object entree on computing machine objects, and linked to Training Servers OU.

B. A GPO for the Compatws.inf security templet to computing machine objects, linked to HR Servers OU, with a 2nd GPO for using the Hisecws.inf security templet to computing machine objects, and linked to Training Servers OU.

C. A GPO for the Securews.inf to computing machine objects, linked to HR and Training Servers OUs, with a 2nd GPO for Audit object entree on computing machine objects, linked to Training Servers OU.

D. A GPO for the Securews.inf security templet to computing machine objects, linked to HR Servers OU, with a 2nd GPO for Audit object entree on computing machine objects, and linked to Training Servers OU.

Correct Answer: D.

Feedback: The Securews.inf templet has policy scenes for greater security of computing machine objects, which are at the same time compatible with a bulk of maps and applications. Additionally, this templet offers digital sign language of communications and better ensuring of namelessness of user limitations.

3. You are the web decision maker of your company. Your web consists of Terminal Servers. These waiters host bequest applications. In order to run these bequest applications, users are required to be members of the Power Users group. However, your a new company policy mandates that all waiters have empty Power Users Group. A Now you are to enable this new security demand, while besides guaranting that you can run bequest applications on your waiters.

A. To the constitutional Remote Desktop Users group in the sphere, add the sphere users planetary group

B. To the local Remote Desktop Users group on each terminus waiter, add the sphere users planetary group

C. Both A and B

D. None of the above

Correct Answer: D.

Feedback: A Windows 2000 default security scenes are rigorous for the local Users group. On the other manus, default security scenes for local Power Users group are compatible with Windows NT 4.0 user assignments. Therefore, Windows 2000 applications that are certified, run in the criterion Windows environment for Users, while the non-certified applications run in the Power Users constellation. A The compatws.inf templet is designed for organisations who, merely assign users as members of Users group, by default and cut down the security privileges of this group for running non-certified Windows 2000 applications. This allows all members of the Power Users group to be removed.

4. You are the web decision maker of your organisation, where all the waiters run Windows Server 2003. You run the mbsacli.exe /hf bid hebdomadally, thereby guaranting the installing of all the latest critical updates. You have been on a regular basis running this bid from Server1. See another waiter, Server2. You happened to scan this waiter and received the undermentioned mistake message on the waiter screen, “ Mistake 200, System non found, Scan failed. ”

When you decide to ping Server2 nevertheless, you receive a answer. How will you guarantee that the A the mbsacli.exe /hf bid can be used to scan Server2.A

A. On Server2, you guarantee that the Server service is running

B. You decide to put in common IIS files on Server1

C. Both A and B.

D. None of the above.

Correct Answer: Angstrom

Feedback: Mistake 200 implies that the mbsacli.exe /hf bid was unable to turn up the coveted computing machine and as such could non scan the same. To enable the same, you will necessitate to do certain that the intended computing machine is so present on the web and that its host name and IP reference are right. The fact that when you ping Server2, you receive a answer, implies that the intended computing machine is so on the web. What remains to be resolved so is the Server service, which is n’t running.

5. You are the web decision maker of your company ‘s Active Directory sphere. With your company ‘s new written security policies, you are now required to hold NTLM v2 for LAN director hallmark, as a minimal demand. You must A now place the OS that fails to run into this new demand. For this, which OS demand to be upgraded?

A. Windows Waiter 2003

B. Windows XP Professional

C. Windows 95

D. Windows 2000 Professional

Correct Answer: C.

Feedback: Windows 95 does non possess built-in support for the NTLM v2 type of hallmark. In order to guarantee the same, you must put in the Directory Services Client package.

6. You are the web decision maker of your company. Your company is in the procedure of deploying a public Web waiter farm, on the Windows Server 2003 computing machines of your company web. This waiter farm will do the company information available for public screening. The Web waiters in this waiter farm are located within your company ‘s margin web, which has a public Internet reference infinite. How will you guarantee a minimum chance of external unauthorised breakage, into your company ‘s public Web waiters?

A. Configure each of your company ‘s Web waiter ‘s IP reference to a private reserved Internet reference

B. Configure your company ‘s Web waiters to let merely IPSec communications

C. Disable all arrangers on your Web waiters from TCP/IP filtrating

D. Disable all services that are non needed on your Web waiters

Correct Answer: Calciferol

Feedback: Disabling services that are non needed on your company Web waiters, will do certain that no unguarded ports are unfastened on your company waiters.

7. To make a baseline, you typically use Group Policy Objects to stipulate values for any or all of the undermentioned types of security policy parametric quantities:

A. History, Audit and Event Log Policies

B. Register and File System Permissions

C. User Rights Assignments, Security Options, System Services and Restricted Groups

D. All of the above

Correct Answer: D.

Feedback: To make a baseline, you typically use Group Policy Objects to stipulate values for any or all of the undermentioned types of security policy parametric quantities:

Account Policies: Specify watchword limitations, such as length, complexness, and age demands, and history lockout policies

Audited account Policies: Stipulate what types of system events the computing machine should scrutinize and whether it should scrutinize successes, failures, or both

User Rights Assignments: Stipulate the users and groups that are permitted to execute specific undertakings on the computing machine

Security Options: Enable or disable specific runing system security parametric quantities, such as digital signatures and unafraid channel encoding

Event Log policies: Stipulate the maximal sizes for the event logs and how long the system should retain information in the logs

System Services: Specify which services the operating system should lade when it starts

Restricted Groups: Stipulate the members of peculiar security groups

Register permissions: Stipulate the users and groups that are permitted to entree certain register keys

File System permissions: Stipulate the users and groups that are permitted to entree certain NTFS files and booklets

8. More comprehensive auditing, larger Event Logs, more restrictive assignments of user rights, and a more limited choice of services on the computing machine are a typical security constellation for:

A. Domain Controllers

B. Infrastructure Servers

C. File and Print Waiters

D. Application Servers

Correct Answer: A.

Feedback: On an Active Directory web, sphere accountants provide indispensable hallmark services whenever a user accesses a web resource, and hence they must be available at all times. Procuring a sphere accountant might name for increased physical security, such as a locked waiter cupboard, and fault-tolerant hardware, such as disc arrays and excess power supplies, in add-on to alterations to the security constellation parametric quantities. A typical security constellation for the sphere accountant function might include more comprehensive auditing, larger Event Logs, more restrictive assignments of user rights, and a more limited choice of services on the computing machine.

9. You are the forest decision maker of your company, who is responsible for choosing the group that must administrate each sphere. Because you know that the persons you select for administrating each sphere, will hold a high-ranking entree for each sphere, these decision makers selected by you should be extremely sure people. Your selected group of sphere decision makers will now command the spheres through the Domain Administrators group and other constitutional groups. This is a authoritative illustration of:

A. Groups of decision makers who manage DNS

B. Groups of decision makers who manage substructure waiters

C. Groups of decision makers who manage directory services

D. Groups of decision makers who manage OUs

Correct Answer: C.

Feedback: The forest decision maker chooses the group to administrate each sphere. Because of the high-ranking entree that is granted to the decision maker for each sphere, these decision makers should be extremely sure persons. The sphere decision makers control the spheres through the Domain Administrators group and other constitutional groups. This is an illustration of a domain disposal group that is chiefly responsible for directory services.

10. The true security boundary of your web environment is:

A. The wood

B. A sphere

C. An Organizational Unit ( OU )

D. None of the above

Correct Answer: A.

Feedback: The wood is the true security boundary of your web environment. It is a recommended best pattern to make separate woods to maintain your environment secure from possible via media by decision makers of other spheres. This attack besides helps guarantee that the via media of one wood does non automatically take to the via media of the full endeavor.

A sphere is a direction boundary of Active Directory, non a security boundary.

Within the sphere, the organisational unit ( OU ) provides another degree of direction boundary.

11. All Internet confronting waiters correspond to the server function of:

A. Member waiters

B. Web waiters

C. IAS waiters

D. Bastion host

Correct Answer: D.

Feedback: The Bastion host waiter function corresponds to all Internet-facing waiters. The corresponding security templet file name is & lt ; Env & gt ; -Bastion Host.inf

12. The OU name CA corresponds to the administrative group:

A. Web services

B. Enterprise decision makers

C. Domain technology

D. Infrastructure admins

Correct Answer: B.

Feedback: Administrators use their predefined administrative boundaries to make their several administrative groups. An illustration of the correlativity of these groups to the OUs they manage is that of the OU name CA, which corresponds to the administrative group, Enterprise Administrators.

13. Making a planetary security group called Infrastructure Admins, and adding the appropriate sphere histories to it, is a portion of of the process to:

A

A. Create, Test and Deploy Policies

B. Make the Active Directory Environment

C. Configure Time Synchronization

D. Configure the Sphere Policy

Correct Answer: B.

To make the Active Directory environment:

1. Open the MMC Active Directory Users Computers snap-in ( DSA.msc ) .

2. In the root of the sphere object, create an OU called Member Servers.

3. Navigate to this OU and make a kid OU within it called Infrastructure.

4. Travel all WINS and DHCP waiters into the Infrastructure OU.

5. Make a planetary security group called Infrastructure Admins, and add the appropriate sphere histories to it.

6. Run the Delegation of Control Wizard to supply the Infrastructure Admins group with Full Control of the OU.

14. Repeat steps 3 through 6, for the file waiter, print waiter, Web waiter, IAS waiter, and Certificate Services waiter functions. Use the information in table 2.2 for the appropriate OU and group names.

15. To forestall users from put ining pressman drivers, the device puting recommendations must be:

A. Legacy client – Enabled, Enterprise client – Enabled, Specialized Security – Limited Functionality – Enabled

B. Legacy client – Disabled, Enterprise client – Disabled, Specialized Security – Limited Functionality – Disabled

C. Legacy client – Not defined, Enterprise client – Not Defined, Specialized Security – Limited Functionality – Not defined

D. Legacy client – Administrators, Enterprise client – Administrators, Specialized Security – Limited Functionality – Administrators

Correct Answer: A.

Feedback: You will necessitate to put: Legacy client – Enabled, Enterprise client – Enabled, Specialized Security – Limited Functionality – Enabled ; in order toA prevent users from put ining pressman drivers.

16. See the undermentioned permissions:

Traverse Folder/Execute File

List Folder/Read Data

Read Properties

Read Extended Attributes

Create Files/Write Data

Create Folders/Append Data

Write Properties

Write Extended Attributes

Delete Subfolders and Files

Delete

Read Permissions

Change Permissions

Take Ownership

These are cases of:

A. Inherited Permissions

B. Molecular Permissions

C. Atomic Permissions

D. None of above

Correct Answer: C.

Feedback: Atomic permissions are the edifice blocks of the permissions that we usually speak of, like Read, Modify, and Full Control. You will likely ne’er see these permissions ; much less refer to them by themselves. These permissions include:

Traverse Folder/Execute File

List Folder/Read Data

Read Properties

Read Extended Attributes

Create Files/Write Data

Create Folders/Append Data

Write Properties

Write Extended Attributes

Delete Subfolders and Files

Delete

Read Permissions

Change Permissions

Take Ownership

17. The term ‘access control ‘ is besides known as:

A. Rights

B. Permissions

C. Privileges

D. All of the above

Correct Answer: D.

Feedback: The term ‘access control ‘ is besides known as right, permissions or privileges.

18. A machine that is running NT 3.x, 4.0, 2000, or Server 2003, but non incorporating a transcript of the file, NTDS.DIT, is called:

A. Member Server

B. Domain

C. Domain Controller

D. None of the above

Correct Answer: A.

Feedback: A machine that is running NT 3.x, 4.0, 2000, or Server 2003 but non moving as a sphere accountant will non incorporate a transcript of NTDS.DIT and hence ca n’t authenticate domain members. Such a machine is called a member waiter.

19. You are the web decision maker of your organisation. For the initial proving stage of deploying a constellation, you want to implement your security parametric quantity scenes in a lab environment. The lab web environment should closely resemble the existent environment in which you will deploy your constellations, but should be isolated from your unrecorded production environment. Which of the undermentioned qualify as proving aims?

A. Performance base finding

B. Documentation of installing and constellation processs

C. Documentation of administrative processs

D. None of the above

Correct Answers: A A, B and C.

Feedback: The specific ends for your trial program will change depending on the nature of your organisation and how it uses the web, but some of the most typical testing aims are as follows: A

Hardware compatibility proving

Application and operating system compatibility proving

Hardware and package merchandise rating

Performance baseline finding

Security proving

Documentation of installing and constellation processs

Documentation of administrative processs

20. You are the web decision maker of your company. The one component that is highly hard to double adequately in a lab environment, no affair what your budget, is web activity. A pilot deployment is an execution of your existent constellation on the production web in a limited and controlled manner. Your pilot deployment can include:

A. Untested engineerings

B. Untested constellation scenes

C. Unmodified deployment between the lab stage and the pilot stage

D. Merely A and B

Correct Answer: C.

Feedback: It is highly of import that your pilot deployment non include engineerings or constellation scenes that you have n’t antecedently tested in a lab scene. Modifying the deployment between the lab stage and the pilot stage contaminates the consequences of the pilot undertaking. If jobs occur, you might non be able to find whether they result from a mistake in your original constellation or from the alterations you made after proving.

21. You are the web decision maker of your organisation. As with the proving stage, planning and readying are important to a successful pilot deployment. The users in the pilot plan:

A. Are stiffly controlled in their activities as the lab examiners are

B. Do non necessitate specific user processs

C. Work as they usually do

D. Are selected after careful planning

Correct Answers: B, C, and D.

Feedback: As with the proving stage, planning and readying are important to a successful pilot deployment. The users in the pilot plan are non as stiffly controlled in their activities as the lab examiners are, so there is no demand to make specific user processs. After all, the object of the pilot deployment is to hold users work as they usually do. What does necessitate careful planning, nevertheless, is the choice of the pilot users and making a support system for them.

22. You are the web decision maker of your organisation. You consider the undermentioned factors while choosing the users who will take part in your pilot deployment:

A. The nature of the constellation parametric quantities you are turn overing out

B. The users ‘ functions in the organisation

C. The users ‘ ain capablenesss

D. All of the above

Correct Answer: D.

Feedback: There are three factors to see when choosing the users who will take part in your pilot deployment: the nature of the constellation parametric quantities you are turn overing out, the users ‘ functions in the organisation, and the users ‘ ain capablenesss.

23. You are the web decision maker of your organisation. Which of the undermentioned statements are true with regard to a pilot deployment?

A. A individual workgroup provides a better image of the new constellation ‘s consequence on the full web

B. A cross subdivision is easier to supervise and trouble-shoot

C. A section is easier to supervise and trouble-shoot

D. None of the above

Correct Answer: C.

Feedback: A individual workgroup or section is easier to supervise and trouble-shoot, but a cross-section provides a better image of the new constellation ‘s consequence on the full web.

24. You are the web decision maker of your organisation. The users take parting in a pilot program should:

A. Be executing critical functions

B. Be able to digest some down clip, without unduly impacting the company ‘s concern or repute

C. Have dispositions that cause them to respond to jobs with terror or hysterics, to reflect a real-life scenario

D. All of the above

Correct Answer: B.

Feedback: The users take parting in a pilot program should non be executing critical functions. The users must be able to digest some down clip, should jobs happen, without unduly impacting the company ‘s concern or repute. In add-on, the users you select should hold dispositions that enable them to cover with jobs without terror or hysterics.

25. You are the web decision maker of your organisation. Because of the limited range of the pilot deployment, any jobs that occur as a consequence of undiscovered mutual exclusivenesss or mis-configurations will non be widespread and should non hold a serious consequence on web productiveness. However, you should ever hold a push back process as portion of your pilot deployment program, so that you can return to your original web constellation if serious jobs arise that demand farther development and testing. One of the best ways to implement a push back scheme is to make a rollback security templet utilizing the

A. secedit.exe

B. security.exe

C. hostingsecurity.exe

D. sec.exe

Correct Answer: A.A

Feedback: One of the best ways to implement a push back scheme is to make a rollback security templet utilizing the Secedit.exe public-service corporation.

26. You are the web decision maker of your organisation. Security templates consist of policies and scenes that you can utilize to command a computing machine ‘s security constellation utilizing local policies or group policies. Which enables you to configure audit policies, user rights assignments, and security options policies?

A. Account policies

B. Local policies

C. Restricted groups

D. None of the above

Correct Answer: B.

Feedback: Security templets consist of policies and scenes that you can utilize to command a computing machine ‘s security constellation utilizing local policies or group policies. You can utilize security templets to configure any of the undermentioned types of policies and parametric quantities:

Account Policies: Enables you to stipulate watchword limitations, account lockout policies, and Kerberos policies

Local Policies: Enables you to configure audit policies, user rights assignments, and security options policies

Restricted Groups: Enables you to stipulate the users who are permitted to be members of specific groups

27. You can deploy security templets, utilizing:

A. The Active Directory directory service Group Policy Objects

B. The Windows Server 2003 Security Configuration And Analysis snap-in

C. The Secedit.exe command-line public-service corporation

D. None of the above

Correct Answers: A, B, and C.

Feedback: You can deploy security templets in a assortment of ways, utilizing Active Directory directory service Group Policy Objects, the Windows Server 2003 Security Configuration And Analysis snap-in, or the Secedit.exe command-line public-service corporation. When you associate a security templet with an Active Directory object, the scenes in the templet become portion of the GPO associated with the object. You can besides use a security templet straight to a computing machine, in which instance the scenes in the templet become portion of the computing machine ‘s local policies.

28. Which of the undermentioned templets are all designed to construct on the default Windows security scenes, and do non themselves contain those default scenes?

A. Securedc.inf

B. Securews.inf

C. Hisecdc.inf

D. Hisecws.inf

Correct Answers: A, B, C, and D.

Feedback: The Securedc.inf, Securews.inf, Hisecdc.inf, and Hisecws.inf templets are all designed to construct on the default Windows security scenes, and do non themselves contain those default scenes. If you have modified the security constellation of a computing machine well, you should first use the “ Setup Security.inf ” templet ( and the “ DC Security.inf ” templet as good, for sphere accountants ) before using one of the secure or extremely unafraid templets.

29. Every computing machine running a Windows operating system in an Active Directory container refreshes its group policy scenes every: A

A. 5 proceedingss

B. 45 proceedingss

C. 90 proceedingss

D. None of the above

Correct Answers: D.

Feedback: Every computing machine running a Windows operating system in an Active Directory container refreshes its group policy scenes every 90 proceedingss, except for sphere accountants, which refresh their scenes every five proceedingss.

30. Which of the undermentioned MMC snap-ins can you utilize to rapidly find whether person has changed a computing machine ‘s security scenes and whether the system conforms to your organisation ‘s security policies? A

A. Security Settings snap-in

B. IP security policy direction snap-in

C. Security constellation and analysis snap-in

D. Windows firewall and advanced Security snap-in

Correct Answer: C.

Feedback: Security Configuration And Analysis is an MMC snap-in that you can utilize to use a security templet to the local computing machine interactively. However, in add-on to configuring the security scenes for the computing machine, the snap-in besides provides the ability to analyse the current system security constellation and compare it to a baseline saved as a security templet. This enables you to rapidly find whether person has changed a computing machine ‘s security scenes and whether the system conforms to your organisation ‘s security policies.

31. Modifying a policy value in the Security Configuration And Analysis snap-in alterations:

A. The database value

B. The existent computing machine puting

C. Both A and B

D. Neither A nor B

Correct Answer: A.

Feedback: Modifying a policy value in the Security Configuration And Analysis snap-in alterations the database value merely, non the existent computing machine scene. For the alterations you make to take consequence on the computing machine, you must either use the database scenes to the computing machine utilizing the Configure Computer Now command or export the database to a new templet and use it to the computing machine utilizing any of the standard methods.

32. You can ever modify the computing machine ‘s security scenes straight by utilizing a member waiter ‘s Local Security Settings console ( open the console by choosing Local Security Policy from the Administrative Tools bill of fare ) , by:

A. Modifying the appropriate Group Policy Object

B. Manually pull stringsing file system permissions

C. Manually pull stringsing register permissions

D. None of the above

Correct Answers: A, B, and C.

Feedback: You can ever modify the computing machine ‘s security scenes straight by utilizing a member waiter ‘s Local Security Settings console ( open the console by choosing Local Security Policy from the Administrative Tools bill of fare ) , by modifying the appropriate Group Policy Object, or by manually pull stringsing file system or register permissions.

33. A public key substructure is a aggregation of package constituents and operational policies that govern the distribution and usage of:

A. Public keys

B. Private keys

C. Public keys and private keys, utilizing digital certifications

D. Public keys and private keys, without the operating expense of digital certifications

Correct Answer: C.

Feedback: A public key substructure is a aggregation of package constituents and operational policies that govern the distribution and usage of public and private keys, utilizing digital certifications.

34. In a digital certification, the topic name corresponds to the:

A. Name of the entity that issued the certification

B. Name of the entity for which the certification is issued

C. Value assigned by the CA that unambiguously identifies the certification

D. None of the above.

Correct Answer: B.

Feedback: A digital certification contains the public key for a peculiar entity, such as a user or an organisation, plus information about the entity and about the enfranchisement authorization ( CA ) that issued the certification. The Telecommunication Standardization Sector of the International Telecommunication Union ( ITU-T ) has published a criterion called X.509 ( 03/00 ) , “ The Directory: Public-key and Attribute Certificate Frameworks, ” which defines the format of the certifications used by most PKI systems, including Windows Server 2003. In add-on to the public key, every digital certification contains these properties:

Version: Identifies the version of the X.509 criterion used to arrange the certification

Consecutive figure: A value assigned by the CA that unambiguously identifies the certification

Signature algorithm identifier: Specifies the algorithm that the CA used to cipher the certification ‘s digital signature

Issuer name: Specifies the name of the entity that issued the certification

Validity period: Specifies the period during which the certification is valid

Capable name: Specifies the name of the entity for which the certification is issued

35. To utilize public cardinal encoding, you must obtain a certification from an administrative entity called a enfranchisement authorization ( CA ) . A Calcium can be:

A. A third-party company that is trusted to verify the individualities of all parties involved in a digital dealing

B. A piece of package on a computing machine running Windows Server 2003.

C. A piece of package on a computing machine running another operating system.A

D. All of the above

Correct Answer: D.

Feedback: To utilize public cardinal encoding, you must obtain a certification from an administrative entity called a enfranchisement authorization ( CA ) . A Calcium can be a third-party company that is trusted to verify the individualities of all parties involved in a digital dealing, or it can be a piece of package on a computing machine running Windows Server 2003 or another operating system. The type of CA you use for your organisation depends on who is involved in the secure minutess.

36. As with most elements of a web, implementing a public key substructure requires careful be aftering before you begin deployment. Planing a PKI typically consists of the undermentioned basic stairss:

A. Specifying a certification

B. Condescending a certification

C. Deploying a certification

D. All of the above

Correct Answer: B.

Feedback: Planing a PKI typically consists of the undermentioned basic stairss:

Specifying certification demands

Making a enfranchisement authorization substructure

Configuring certifications

37. Which of the undermentioned statements are true?

A. Everyone on your web demands to utilize Internet hallmark

B. Research and Development and Accounting sections need IPSec for all their web

communications

C. Software codification sign language is needed for clients who connect to your web over the Internet

D. All of the above

Correct Answers: B and C.

Feedback: You might make up one’s mind that you want everyone on your web to utilize secured electronic mail, while merely the Research and Development and Accounting sections need IPSec for all their web communications. Users ‘ locations can besides be important. You might desire to utilize package codification sign language and Internet hallmark for clients who connect to your web over the Internet, but omit these demands for internal users.

38. When specifying the certification security demands for your web, the best pattern is to:

A. A little set of security definitions and use them to your users and computing machines as needful

B. As many security definitions as possible, so that you can protect your users and computing machines from every possible security menace

C. Allocate an external authorization to make security definitions to remain in front of all market competition

D. B and C

Correct Answer: A.

Feedback: When specifying the certification security demands for your web, the best pattern is to make a little set of security definitions and use them to your users and computing machines as needed.

39. Secure e-mail, EFS, and IPSec can organize portion of a sample certification program to:

A. Implement Basic Security

B. Implement Medium Security

C. Implement High Security

D. Implement External Security

Correct Answer: B.

Feedback: Secure electronic mail, EFS, and IPSec can organize portion of a sample certification program to implement average security. Add smart card logon to the medium security list and you have a sample certification program to implement high security. Remove IPSec from the medium security list and you have a sample program for basic security. Software codification sign language and Internet hallmark are an illustration of an external security plan.A

40. What are the advantages of an Internal CA?

A. Direct control over certifications

B. No per-certificate fees

C. Expertise in the proficient and logical branchings of the certification usage

D. Can be integrated into Active Directory

Correct Answers: A, B and D.

Feedback: The advantages of an Internal CA are:

Direct control over certifications

No per-certificate fees

Can be integrated into Active Directory

Allows configuring and spread outing PKI for minimum cost

41. What are the disadvantages of an external CA?

A. High cost per certification

B. Longer, more complex deployment

C. Less flexibleness in configuring and pull offing certifications

D. Organization must accept liability for PKI failures

Correct Answers: A and C.

Feedback: The disadvantages of an external Calcium are:

High cost per certification

No car registration possible

Less flexibleness in configuring and pull offing certifications

Limited integrating with the organisation ‘s substructure

42. A individual CA running on Windows Server 2003 can back up every bit many as:

A. 23 million certifications, publishing two million or more a twenty-four hours

B. 55 million certifications, publishing two million or more a twenty-four hours

C. 13 million certifications, publishing two million or more a twenty-four hours

D. 35 million certifications, publishing two million or more a twenty-four hours

Correct Answer: D.

Feedback: A individual CA running on Windows Server 2003 can back up every bit many as 35 million certifications, publishing two million or more a twenty-four hours. As a consequence, most organisations use multiple CAs due to logistical factors other than the figure of certifications required.

43. A assortment of factors affect the public presentation of a CA, and can act upon your determination as to how many CAs you need. Some of these factors are as follows:

A. Number and velocity of processors

B. Key length

C. Disk public presentation

D. All of the above

Correct Answer: D.

Feedback: A assortment of factors affect the public presentation of a CA, and can act upon your determination as to how many CAs you need. Some of these factors are as follows:

Number and velocity of processors: The CPU public presentation of a waiter is the individual most influential factor in that waiter ‘s public presentation as a CA. A waiter with multiple processors or faster processors will execute better as a CA, peculiarly when publishing certifications with long encoding keys.

Cardinal length: The length of the encoding keys in your certifications is a major factor in the impact of CA service on the computing machine ‘s CPU. Longer keys necessitate more processing clip and can decelerate down the certification registration procedure.

Disk public presentation: A high-performance disc subsystem in a CA can act upon the certification registration rate.

44. A high-performance disc subsystem in a CA can act upon the certification registration rate ; nevertheless, the grade of influence depends on other factors, such asA

A. The CPU public presentation

B. The cardinal length

C. Both A and B

D. Neither A nor B.

Correct Answer: C.

Feedback: A high-performance disc subsystem in a CA can act upon the certification registration rate ; nevertheless, the grade of influence depends on other factors, such as the CPU public presentation and cardinal length. If the CA issues certifications with remarkably long keys, processing clip for each certification additions, decelerating down the registration rate and decreasing the impact on the disc subsystem. With shorter keys, disc public presentation is more critical, because the disc subsystem can more easy go the constriction decelerating down the registration rate.

45. With your security demands and your CA hierarchy design in topographic point, you can make up one’s mind on a constellation for the certifications that the CA will publish to your clients. Some of the standards to see when be aftering certification constellations are:

A. Certificate type

B. Encrypting File System user and recovery certifications

C. Wireless web hallmark

D. All of the above.

Correct Answer: A.

Feedback: With your security demands and your CA hierarchy design in topographic point, you can make up one’s mind on a constellation for the certifications that the CA will publish to your clients. Some of the standards to see when be aftering certification constellations are as follows:

Certificate type

Encryption cardinal length and algorithm

Certificate life-time

Renewal policies

46. To enable you to incorporate this faculty into bing Web waiters, on a waiter running Windows Server 2003 that is non a CA, you can besides put in the:

A. Certificate, Storage and Crypto Support ModuleA

B. Certificate Services Web Enrollment Support faculty

C. Both A and B.

D. Neither A nor B.

Correct Answer: C.

Feedback: You can besides put in the Certificate Services Web Enrollment Support faculty on a waiter running Windows Server 2003 that is non a CA, enabling you to incorporate this faculty into bing Web waiters.

47. The Web Enrollment Support interface is intended to give internal or external web

users entree to:

A. Stand-alone CAs

B. Enterprise CAs

C. Both A and B

D. Neither A nor B

Correct Answer: A.

Feedback: The Web Enrollment Support interface is intended to give internal or external web users entree to Stand-alone CAs.

When making security constellations on the web, the undertakings performed include:

a ) analyzing the security characteristics provided by the operating systems that you intend to utilize

B ) making server functions to be used on the web

degree Celsius ) finding the organisation ‘s security demands

vitamin D ) outlining the organisational hierarchy design

Correct: A and C

Feedback: Part of planing a web substructure is making security constellations that are appropriate for each waiter function used on the web. The procedure of making these constellations includes analyzing the security characteristics provided by the operating systems that you intend to utilize and finding the organisation ‘s security demands.

A ___________ is an Active Directory object that consists of specific scenes for a aggregation of constellation parametric quantities.

Server function

Group policy

Organizational unit

Digital Signature

Correct: Bacillus

Feedback: A group policy is an Active Directory object that consists of specific scenes for a aggregation of constellation parametric quantities. It is used as the most common method of configuring security for waiters that are assigned specific functions.

When you associate a Group Policy Object ( GPO ) with an Active Directory container object, all the computing machines in that container receive the ________ .

Active Directory scenes

Microsoft Management Console scenes

Group policy scenes

None of the above

Correct: Degree centigrade

Feedback: When you associate a Group Policy Object ( GPO ) with an Active Directory container object, all the computing machines in that container receive the group policy scenes.

You use the Group Policy Object Editor snap-in for Microsoft Management Console ( MMC ) for __________ .

Making group policies

Editing group policies

Modifying group policies

All of the above

Correct: Calciferol

Feedback: You use the Group Policy Object Editor snap-in for Microsoft Management Console ( MMC ) for making and modifying group policies.

Which of the undermentioned tool should you utilize to tie in the Group Policy Objects with Active Directory Containers?

a ) Active Directory Container and Services Console

B ) Active Directory sites and Servicess Console

degree Celsiuss ) Group Policy Object Editor

vitamin D ) Organizational Unit

Correct: B

Feedback: You can utilize the Active Directory sites and Services Console to tie in the Group Policy Objects with Active Directory containers.

You can associate a Group Policy Object to a ____________________ unit object.

Sphere

Site

Organizational

All of the above

Correct: vitamin D

Feedback: You can associate a Group Policy Object to a sphere, site, or organisational unit object.

Since Domain and site objects contain many computing machines executing different functions, so the recommendation is to:

make a separate organisational unit for each function and use a Group Policy Object that is specific to each function to each unit.

make a common organisational unit for all functions and use a Group Policy Object that is applicable to all functions.

make a separate organisational unit for each function and use a Active Directory Object that is specific to each function to each unit.

make a common organisational unit for all functions and use a Active Directory Object that is applicable to all functions.

Correct: a

Feedback: Sphere and site objects typically contain many computing machines executing different functions, so the best pattern is to make a separate organisational unit for each function and use a Group Policy Object that is specific to each function to each unit.

You can use more than one Group Policy Object to a peculiar organisation unit.

True

False

May be

Not Certain

Correct: a

Feedback: In many instances, you might happen it necessary to use more than one Group Policy Object to a peculiar organisation unit.

You might necessitate to use multiple Group Policy Objects to a peculiar organisation unit in instances where:

you have already created a Group Policy Object to implement a baseline constellation

you want to augment the already created GPO with a GPO that is specific to a function

Both A and B

Neither A nor B

Correct: degree Celsius

Feedback: Multiple assignments can be necessary because a waiter is executing more than one function, or because you have already created a Group Policy Object to implement a baseline constellation and want to augment it with a GPO that is specific to a function.

In order to use multiple policies to an organisational unit:

you can associate the organisational unit object to two or more United states government printing offices

you can associate the sphere unit object to two or more United states government printing offices

you can associate the site unit object to two or more United states government printing offices

you can associate the organisational unit object to the policy scenes

Correct: a

Feedback: To use multiple policies to an organisational unit, either you can associate the organisational unit object to two or more GPOs.

58. When you are working in SDM to configure an Easy VPN Server, which of the undermentioned option you will utilize for authenticating your Easy VPN Clients?

Pre-shared key

Digital Certificates

Via CCNA webs

Via VeriSign system

Correct: a and B

Feedback: Others options C and D are non authenticating systems for VPN clients.

59. Which of the followers does non utilize encoding?

SSH

SSL

NTP v 3

Telnet

Correct: vitamin D

Feedback: A, B and C use encoding in some signifier or the other, while D does non.

60. What is the intent of the 256MB.sdf file?

Merely one method for pre-configured Signature definition

One of the 3 methods for pre-configured Signature definition

Pre-configured Signature definition

One of the Intruder bar systems

Correct: B and degree Celsius

Feedback: As the one specified in A and D options are non.sdf file systems.

61. When you ‘re configuring SDM, what are the two options for the location of

SDF files?

Specify URL

Specify Internet protocol

Specify URL or Flash

System libraries

Correct: a and degree Celsius

Feedback: Specific cyberspace protocol and system libraries are non valid locations.

62. What are the likely / possible intimations that help one to judge a non-trustable web sites?

Knowing what content to Trust on a web page

Incorrect Spelling / grammar in URL

Exclusive subject web sites with long names

URL get downing with World Wide Web merely

Correct: A and B

Feedback: As the other two are non valid.

63. Which firewall is used for protecting HTTP traffic?

SSL

TELNET protocol

Both SSL and HTTP

HTTPS sites

Correct: A and B

Feedback: C and D are non valid.

64. What are the utilizations of port?

Virtual slot in a Transmission control protocol

Listener of IP reference

Listening and opening dynamically an IP reference

For DNS services merely

Correct: B and C

Feedback: A and D are non direct utilizations of ports.

65. What ports are safe to go through through a firewall?

All ports are safe

Merely 1024 port as it through a 16-bit figure.

Depends on the application to entree through that port.

Merely ports 25 ( SMTP ) and 80 ( HTTP ) are safe A.

Correct: A and C

Feedback: Options B and D are non relevant to this context.

66. TCP is equipped with which of the following flags?

FIN, SYN, RST, PSH, ACK, URG

SYN and RST merely

RST and PSH merely

PSH and ACK merely

ACK and URG

Correct: A and Tocopherol

Feedback: As others can non be used in sequence.

67. What are Primary protections against IP Splicing?

An onslaught whereby two active Sessionss could be intercepted

One session interception

Virus onslaught

An onslaught whereby an active, established, session is intercepted

Correct: A and D

Feedback: B and C are non IP sliting methods.