1. You need to design the configuration for the kiosk computers. Your solution must
be able to be implemented by using the minimum amount of administrative effort.
What should you do?
A. Configure the kiosk computers as computers that are not members of any domain.
Use Local Computer Policy to configure the computers with the collection of settings in
the Kiosk Desktop Specification.
B. Install one kiosk computer as a model.
Configure this computer with the collection of settings in the Kiosk Desktop
Specification.
Copy the content of the C:\Documents and Settings\Default Users folder from this model
computer to all other kiosk computers.
C. Create a system policy file named Ntconfig.pol and configure it with the collection of
settings in the Kiosk Desktop Specification.
Make the kiosk computers members of the Active Directory domain.
Use a Group Policy object (GPO) to run a startup script that copies the Ntconfig.pol file
to the System32 folder on each kiosk computer.
D. Create a Group Policy object (GPO) and configure it with the collection of settings in
the Kiosk Desktop Specification:
Also include an appropriate software restriction policy.
Make the kiosk computers members of the Active Directory domain, and place the
computer account objects in a dedicated OU.
Link the GPO to this OU.
Answer: D
|
2.You are designing a security strategy for the infrastructure servers at the resorts.
Which two actions should you perform? (Each correct answer presents part of the
solution. Choose two)
A. Place all infrastructure servers in subnets that cannot exchange information with the
Internet.
B. Establish a custom security template that contains unique required settings for each
combination of services that run on the infrastructure servers.
C. Use Group Policy objects (GPOs) to apply the custom security template or templates
to the infrastructure servers.
D. Edit the local policy settings to configure each individual server.
Answer: C, D |
3. You need to design a Security strategy for the wireless network at all resort
locations.
What should you do?
A. Connect the wireless access points to a dedicated subnet. Allow the subnet direct
access to the Internet, but not to the company network.
Require company users to establish a VPN to access company resources.
B. Install Internet Authentication Service (IAS) on a domain controller.
Configure the wireless access points to require IEEE 802.1x authentication.
C. Establish IPSec policies on all company servers to request encryption from all
computers that connect from the wireless IP networks
D.
Configure all wireless access points to require the Wired Equivalent Privacy (WEP)
protocol for all connections. Use a Group Policy object (GPO) to distribute the WEP
keys to all computers in the domain.
Answer: A
|
4. You need to design an access control and permission strategy for user objects in
Active Directory. What should you do?
A. Make the members of the AdvancedSupport security group members of the Domain
Admins security group.
B. Give each desktop support technician permission to reset passwords for the top-level
OU that contains user accounts at their own location.
C. Delegate full control over all OUs that contain user accounts to all AllSupport security
group.
D. Change the permissions on the domain object and its child objects so that the
BasicSupport security group is denied permissions. Then, add a permission to each OU
that contains user accounts that allows AllSupport security group members to reset
passwords in that OU.
Answer: B
|
5. You need to design a permission structure for registry objects that enables the
legacy application at the resorts to run. Your solution must comply with the written
security policy. What should you do?
A. Create a GPO. Link the GPO to the OUs that contain computer accounts for
computers that run the legacy application, Use the GPO to give the Domain Users
security group full control on the partitions of the registry that the legacy application
uses.
B. Create a GPO. Link the GPO to the OUs that contain computer accounts for computers
that run the legacy application. Use the GPO to give the Domain Users security group
full control on the HKEY_USERS partition of the registry.
C. Create a GPO. Link the GPO to the OUs that contain computer accounts for computers
that run the Legacy application. Use the GPO to make all users who require access to the
application members of Local Administrators group on each computer.
D. Create a GPO. Link the GPO to the OUs that contain computer accounts for
computers that run the Legacy application. Use the GPO to give all users who require access to the application full control for the Ntuser.dat file.
Answer: A
|
6. You need to design an access control strategy that meets business and security
requirements.
Your solution must minimize forestwide replication.
What should you do?
A. Create a global group for each department and a global group for each location.
Add users to their respective departmental groups as members.
Place the departmental global groups within the location global groups.
Assign the location global groups to file and printer resources in their respective
domains, and then assign permissions for the file and printer resources by using the
location global groups.
B. Create a global group for each department, and add the respective users as members.
Create domain local groups for file and printer resources.
Add the global groups to the respective domain local groups.
Then, assign permissions to the file and printer resources by using the domain local
groups.
C. Create a local group on each server and add the authorized users as members.
Assign appropriate permissions for the file and printer resources to the local groups.
D. Create a universal group for each location, and add the respective users as members.
Assign the universal groups to file and printer resources.
Then, assign permissions by using the universal groups.
Answer: B
|
|
8. You need to design a remote administration solution for servers on the internal
network. Your solution must meet business and security requirements.
What should you do?
A. Permit administrators to use an HTTP interface to manage servers remotely.
B. Permit only administrators to connect to the servers' Telnet service.
C. Permit administrators to manage the servers by using Microsoft NetMeeting.
D. Require administrators to use Remote Desktop for Administration connections to
manage the servers.
Answer: D
|
9. You need to design a method to encrypt confidential data. Your solution must
address the concerns of the chief information officer.
What should you do?
A. Encrypt customer information when it is stored and when it is being transmitted.
B. Require encrypted connections to the public Web site, which is hosted on the Web
server on the perimeter network.
C. Encrypt all marketing information on file servers and client computers.
D. Require encrypted connections to all file servers.
Answer: A |
10. You need to design a method to update the content on the Web server. Your
solution must meet business and security requirements.
What are two possible ways to achieve this goal? (Each correct answer presents a
complete solution. Choose two)
A. Use SSH to encrypt content as it is transferred to the Web server on the perimeter
network.
B.Install the Microsoft FrontPage Server Extensions, and use FrontPage to update content.
C. Use Web Distributed Authoring and Versioning (WebDAV) over and SSL connection
to the Web server to update content.
D. Use FTP over an IPSec connection to transfer content to the Web server.
E. Use Telnet to connect to the Web server, and then perform content changes directly on
the server.
Answer: C, D |
11. You need to design a monitoring strategy for the folders that contain customer
information, which are shown in the Customer Data window What should you do?
A. Audit success and failures for object access on the Customer Data folder and all
subfolders.
B. Audit failure of object access on only the Customer Data folder.
C. Use Security Configuration and Analysis to enable auditing on only the Customer
Data folder.
D. Audit directory access failures.
Answer: A
|
12. You need to design a method to configure the servers in the development
department to meet the requirements of the chief information officer.
What should you do?
A. Use error reporting on all servers in the development department to report errors for a
custom application.
B. Configure all servers in the development department so that they do not require the
CTRL+ALT+DELTE keys to pressed in order to log on interactively to the server.
C.Create a Group Policy object (GPO) and link it to the development department's Servers
OU. Configure the GPO with an interactive logon policy to display a message for users
who attempt to log on.
D. Configure the screen saver on all servers in the development department to require a
password.
Answer: C |
13. You need to design a method to log changes that are made to servers and domain
controllers. You also need to track when administrators modify local security
account manager objects on servers.
What should you do?
A.Enable failure audit for privilege user and object access on all servers and domain
controllers.
B. Enable success audit for policy change and account management on all servers and
domain controllers.
C. Enable success audit for process tracking and logon events on all servers and domain
controllers.
D. Enable failure audit for system events and directory service access on all servers and
domain controllers.
Answer: B
|
14. You need to design a strategy to ensure that all servers are in compliance with the
business requirements for maintaining security patches.
What should you do?
A. Log on to a domain controller and run the Resultant Set of Policy wizard in planning
mode on the domain.
B. Log on to each server and run Security Configuration and Analysis to analyze the
security settings by using a custom security template.
C. Create a logon script to run the secedit command to analyze all servers in the domain.
D. Run the Microsoft Baseline Security Analyzer (MBSA) on a server to scan for
Windows vulnerabilities on all servers in the domain.
Answer: D
|
15. You need to design a method to monitor the security configuration of the IIS server
to meet the requirements in the written security policy.
What should you do?
A. Log on to a domain controller and run the Resultant Set of Policy wizard in planning
mode on the IIS server computer account.
B. Run the Microsoft Baseline Security Analyzer (MBSA) on the IIS server and scan for
vulnerabilities in Windows and IIS checks.
C. Run Security Configuration and Analysis to analyze the IIS server's security settings
by using a custom security template.
D. On the IIS server, run the gpresult command from a command prompt and analyze the
output.
Answer: B |
16. You need to design a monitoring strategy to meet business requirements for data on
servers in the production department. What should you do?
A. Use the Microsoft Baseline Security Analyzer (MBSA) to scan for Windows
vulnerabilities on all servers in the production department.
B. Run Security and Configuration Analysis to analyze the security settings of all servers
in the production department.
C. Enable auditing for data on each server in the production department.
Run System Monitor on all servers in the production department to create
a counter log that tracks activity for the Objects performance object.
D. Create a Group Policy Object (GPO) that enables auditing for object access and link it
to the product department's Servers OU. Enable auditing for data on each server in the
production department.
Answer: D
|
17. You need to design a method to protect traffic on the wireless network. Your
solution must meet the requirements of the chief security officer. What should you
do?
A. Configure the wireless access points in Denver and Dallas to filter unauthorized
Media Access Control (MAC) addresses
B. Configure the wireless network connection properties for all computers in Denver and
in Dallas to use the same network name that the wireless access points use.
C. Create a GPO and link it to the Denver OU and to the Dallas OU. Create a wireless
network policy and configure it to use Windows to configure wireless network settings
for the Denver and the Dallas networks.
D.Create a GPO and link it to the Denver OU and to the Dallas OU. Create a wireless
network policy and enable data encryption and dynamic key assignments for the Denver
and Dallas networks
Answer: D |
18. You need to design a strategy to log access to the company Web site. What should
you do?
A. Enable logging on the company Web site and select the NCSA Common Log File
Format. Store the log files on a SQL Server computer.
B. Use System Monitor to create a counter log that captures network traffic to the Web
server by using the Web Service object. Store the log files on a SQL Server computer.
C. Run the Network Monitor on the Web server. Create a capture filter for the SNA
protocol and save the results to a capture file. Store the capture file on a SQL Server
computer.
D. Enable logging on the company Web site and select ODBC Logging. Configure the
ODBC logging options by using a nonadministrative SQL account.
Answer: D
|
19. You need to design a method to deploy security configuration settings to servers.
What should you do?
A. Run the Resultant Set of Policy wizard with a Windows Management Instrumentation
(WMI) filter on each department's Server OU.
B. Log on to each server and use local policy to configure and manage the security
settings.
C. Create a customer security template. Log on to a domain controller and run the secedit
command to import the security template.
D. Create a customer security template. Create a GPO and import the security template.
Link the GPO to each department's Server OU.
Answer: D |
20. You need to design a group membership strategy for the EditorialAdmins group.
What should you do?
A. Move the EditorialAdmins group to the Servers OU in the editorial department.
B. Move the members of the EditorialAdmins group to the Editorial OU.
C. Move the members of the EditorialAdmins group to the New York OU.
D. Move the EditorialAdmins group to the New York OU.
Answer: D |
21. You need to design a method to enable remote encryption on Server5. What should
you do?
A. Configure the editor's user account properties to enable Store password using
reversible encryption.
B. Configure the editor's user account properties to enable Use DES encryption for this
account.
C. Configure the Local Security Policy on Server to enable the System cryptography:
Use FIPS compliant algorithms for encryption, hashing, and signing security policy.
D. Configure the Server5 computer account properties to enable Trust computer for
delegation.
Answer: D |
|
|
22. You need to design a method to implement account policies that meets the
requirements in the written security policy. What should you do?
A. Create a GPO and link it to the New York OU, to the Denver OU, and to the Dallas
OU. Configure the GPO with the required account policy settings.
B. On all computers in the domain, configure the Local Security Policy7 with the
required account policy settings.
C. Configure the Default Domain Policy GPO with the required account policy settings.
D. Configure the Default Domain Controllers Policy GPO with the required account
policy settings.
Answer: C |
23. You need to design an audit strategy for Southbridge Video. Your solution must
meet business requirements.
What should you do?
A. Create a new security template that enables the Audit account logon events policy for
successful and failed attempts.
Create a new GPO, and link it to the domain.
Import the new security template into the new GPO.
B. Create a new security template that enables the Audit account logon events policy for
successful and failed attempts.
Create a new GPO, and link it to the Domain Controllers OU.
Import the new security template into the new GPO.
C. Create a new security template that enables the Audit logon events policy for
successful and failed attempts.
Create a new GPO, and link it to the Domain Controllers OU.
Import the new security template into the new GPO.
D. Create a new security template that enables the Audit logon events policy for
successful and failed attempts.
Create a new GPO, and link it to the domain.
Import the new security template into the new GPO.
Answer: D
|
