|
You are the lead Active Directory architect for a large-scale network. You need to define a strategy that prevents computers from launching applications that are explicitly prohibited by the corporate policy. You need to prevent users from moving or renaming files in order to bypass the defined policy. What should you do? (Choose all that apply.)
Define a software restriction policy and leave the security level as Unrestricted.
Create a path rule for each application that you want to allow.
Create a hash rule for each application that you want to prevent.
Create a path rule for each application that you want to prevent.
Create a hash rule for each application that you want to allow.
Define a software restriction policy and change the security level to Disallowed.
| ||
|
You are the administrator of medium-sized network and you need to prevent users from changing the configuration of their computers. Which of the following can be used to accomplish this? (Choose all that apply.)
Administrative Templates settings in Group Policy
Microsoft Baseline Security Analyzer
Software Update Services
Removing users from local Administrators or Power Users groups on their computers
Software restriction policy
| ||
|
You are the network architect of a large electronics manufacturer that has just opened a new sales office in Alaska. The main office is located in Miami, Florida; both offices have a direct connection to the Internet. There is a complete SUS infrastructure that is already designed in the Miami office and that handles over 5,000 computers and servers. There are 10 client computers and 2 servers in the Alaska site. You need to make sure that, because the new office is so remote from the main office, updates are installed often and automatically. No approval is necessary because there is no custom software running in the Alaska office that could conflict with any portion of the operating system. You need to make sure that all of the computers in the Alaska office get all of the updates that Microsoft releases with the least amount of administrative effort. The Alaskan office needs to be able to retrieve updates even if it cannot connect to the Miami office. What should you do?
Install SUS on one of the servers in the Alaska site and configure the other computers to use it.
Configure all of the computers in the Alaska site to use the SUS infrastructure already configured in Miami.
Configure all of the computers to use the Microsoft Windows Update site.
Manually download and install the patches and service packs as they become available.
| ||
|
You need to audit your security patch strategy to verify its effectiveness. You want this auditing to occur on a semi-regular basis, with the least amount of administrative effort. What utility should you use for this functionality?
On a regular basis launch the Microsoft Baseline Security Analyzer (MBSA) and evaluate the resulting report.
Use the intranet administration web application for Software Update Services, SUSAdmin, to generate and schedule its reporting features.
Create and schedule a script that uses the Microsoft Baseline Security Analyzer commandline utility (MBSACLI.EXE ).
Define and enable a patch policy in a Group Policy object (GPO) and link it to the domain container.
| ||
|
You are the administrator for a medium-sized organization that manufacturers transparent aluminum. The CIO tells you that the HR managers need to be able to manage one of the printers that is located on the HR server, which is a member server in the TranAlum.LAN domain. You need to grant the HR managers, who are all members of the HR Managers global group, this ability without giving them more rights than they require, and you should do this with the least amount of administrative effort. What should you do?
Add the HR Managers group to the Administrators local group on the HR server.
Add the HR Managers group to the Print Operators group of the HR server.
Add the HR Managers group to the Power Users group of the HR server.
Create a custom local group on the HR server, grant it the ability to manage the HR printer, and add the HR Managers global group to the newly created local group.
| ||
|
You are the administrator responsible for updating the workstations and servers for your company. You need to be able to apply software patches and adjust the configuration of the computers to make them more secure. You need to select a solution that meets both these requirements. Which of the following methods can be used to deploy patches as well as modify the configuration of the computer? (Choose all that apply.)
Microsoft Windows Update site
Software Update Services (SUS) version 1
Systems Management Server with SUS feature pack
Security Configuration And Analysis MMC snap-in
Group Policy
| ||
|
You are the administrator responsible for updating all 8,000 client computers in the Philadelphia region. The computers are running Windows NT 4, Windows 2000, and Windows XP Professional and are configured as members of a large Windows Server 2003 Active Directory domain. What software patch distribution solution should you choose?
Software Update Services (SUS) version 1
Systems Management Server 2003 with SUS feature pack
Group Policy
Microsoft Baseline Security Analyzer (MBSA)
| ||
|
You have just installed and configured a SUS server in your organization and created a schedule to download updates from the Internet. You now need to configure the 2,500 workstations and servers in your environment. You need to make sure that all of the clients are updated to use the SUS server to download the updates. Which of the following techniques can be used to configure the SUS clients? (Choose all that apply.)
Modify the Registry of each computer to point it to the newly installed SUS server.
Create a custom script on each computer that runs the MBSACLI.EXE utility to configure the SUS information.
Create a GPO that configures the SUS information on each computer and link it to the appropriate container.
Use the Security Configuration And Analysis MMC snap-in and apply its template to all of the computers that need to be updated with the SUS server information.
| ||
|
You are the security architect of a multinational exporter with offices across the U.S. and Europe. The two main offices are New York and Paris. All U.S. sites connect to the Internet through the New York site, and all European offices connect to the Internet through Paris. Each office in the U.S. connects to New York with a dedicated 256k line and each office in Europe connects to Paris with a dedicated 256k line. You need to design a patch management solution that distributes and applies security patches to workstations and servers on both continents. Your solution must minimize WAN bandwidth. What should you do?
In each office, use one new SUS server that will download all of the security patches. Configure the computers in each office to use their respective SUS server.
Use one new SUS server in New York and one in Paris to download all security patches. Configure the U.S. offices to use the SUS server in New York and the European offices to use the SUS server in Paris.
Use one new SUS server in New York and one in Paris to download all security patches. In the U.S., configure a SUS server in each office to synchronize the content from the SUS server in New York. In Europe, configure a server in each office to synchronize the content from the SUS server in Paris. Configure the clients in each office to use the SUS server in their respective office.
Configure all clients to download the patches from the Microsoft Windows Update site.
| ||
|
You are the security architect of a large law firm, and consultants sometimes temporarily have access to certain network resources. The attorneys often store confidential client-related data on their workstations, and you need to make sure that only attorneys can access the data over the network. Which of the following security techniques should you use to prevent the consultants from accessing the attorney’s workstations?
Security templates
Software restriction policies
Administrative templates
MBSA script
|
Answers