MCSE Designing Security for a Windows Server 2003 Network Exam 70-298 Study Guide [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

MCSE Designing Security for a Windows Server 2003 Network Exam 70-298 Study Guide [Electronic resources] - نسخه متنی

Elias N. Khnaser

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید






Exam Objectives Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will alsogain access to thousands ofotherFAQs at ITFAQnet.com.



























1.


What exactly is the difference between DACLs and SACLs?




2.


What is the difference between an account group and a resource group?




3.


What’s the best way to determine an auditing policy?




4.


What is the difference between using EFS and using a third-party encryption program? What are the pros and cons of each?




5.


Our company doesn’t use certificates; can we still use EFS?




6.


Can I still back up EFS encrypted files or do I need a special tool for this?




7.


We use RAID and mirrored sets, so we don’t need additional backups, do we?




8.


What is the difference between ASR, Emergency Management Console, and Recovery Console?




Answers



























1.


A discretionary access control list (ACL) defines which users can access an object and with what level of privileges and is often referred to simply as the ACL. The system access control list (SACL) is the part of the object’s description that specifies which events are to be audited per user or group. Auditing examples include access, logon attempts, or system shutdowns.


2.


An account group contains users or other groups that are granted permissions to objects via ACLs. A resource group is associated specifically with a resource. Resource groups are granted a specific set of permissions on that resource. Account groups are added to resource groups to grant those specific permissions to those account groups. A resource might have four different resource groups defining four different sets of permissions. Account groups are added to the appropriate resource group to assign those different permissions.


3.


There is always a trade-off between auditing events and system performance. If you audit too many events, the log files become huge and filled with often useless or meaningless data. Conversely, if you do not audit events appropriately, you might miss trends that indicate possible intrusion or attack. Determining which resources are most critical and most vulnerable to what types of attacks will help define an audit policy that is both manageable and meaningful.


4.


EFS is built in to Windows Server 2003 and provides encryption of files and folders in a manner transparent to users. It does not require user intervention and works seamlessly with Windows Server 2003. Third-party programs might require user intervention, which weakens security. They might also use password-based recovery agents that are vulnerable to relatively simple password attacks. EFS uses certificates and encryption to protect files, providing the highest level of protection. Third-party programs might not use such strong protection and might create system vulnerabilities. Third-party programs can be helpful in mixed operating system environments where EFS is not available.


5.


Yes, EFS will self-generate certificates for use with EFS and file recovery, if no other source of certificates is available. This is especially useful on stand-alone computers that might not have access to network certificate services.


6.


The Backup program in Windows Server 2003 as well as most third-party backup utilities support copying encrypted files for backup. In Windows Server 2003, those files will remain encrypted when backed up to other media and will remain encrypted when restored from backup media.


7.


Both provide redundancy, which helps eliminate single points of failure and reduces the likelihood of data loss through device failure. However, since all your data is still in one location or at one site, it is still vulnerable to other issues such as virus infection, malicious data corruption, or even a natural disaster that can damage or destroy a site. Creating backups and storing them safely offsite will help you recover if any of these events occur.


8.


The Automated System Recovery is made when a backup set is made and allows you to recover system data. This provides the capability to restore a system because the ASR, matched to a backup set, will re-establish system variables and system states, while backups restore data files. The Emergency Management Console can be installed on a system. When installed, it allows an administrator to connect to it via an out-of-band connection such as a serial port or RJ-45 Ethernet port, to issue commands that can manage a disabled system remotely. Emergency Management Console uses console redirection to send and receive simple commands for managing a system. The Recovery Console can be installed on a system and used as a recovery option in the event a system shuts down or fails unexpectedly. The Recovery Console, when enabled, is an option at startup that can be used if safe mode and other start up options fail.


/ 122