You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB. You need to create a file named DNSdata.cap from the existing capture file that contains only DNS-related data. What should you do? ()A、Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.B、Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.C、Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.D、Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.
You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB. You need to create a file named DNSdata.cap from the existing capture file that contains only DNS-related data. What should you do? ()
- A、Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.
- B、Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.
- C、Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.
- D、Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.
相关考题:
(c) Describe the audit procedures you should perform. to determine the validity of the amortisation rate of fiveyears being applied to development costs in relation to Plummet. (5 marks)
You are developing a Windows Communication Foundation (WCF) service. The service configuration file has a element defined. You need to ensure that all security audit information, trace logging, and message logging failures are recorded.Which configuration segment should you add to the element?()A.B.C.D.
You are a network administrator for You manage a Windows Server2003 computer named Testking1. Folder Redirection is enabled for the users‘ MyDocuments folders.A user named Peter deletes all the files and folders in his My Documents folderbefore he leaves TestKing. Peter‘s manager asks you to recover documents. You donot know if Peter made modifications to the permissions on the files.You need to restore Peter‘s My Documents folder so that his manager can access thefiles. You want to achieve this goal by using the minimum amount of administrativeeffort.What should you do?()A. Perform a default restoration.B. Run the Automated System Recover (ASR) wizard.C. Perform a restoration, and enable the Restore security option.D. Perform a restoration, and disable the Restore security option
You have a computer that runs Windows 7. You need to record when an incoming connection is allowedthrough Windows firewall. What should you do?()A、In Local Group Policy, modify the audit policy.B、In Local Group Policy, modify the system audit policy.C、From the Windows Firewall with Advanced Security properties, set the logging settings to Log successfulconnections.D、From the Windows Firewall with Advanced Security properties, set the Data Protection (Quick Mode)IPSec settings to Advanced.
You installed Oracle Database 11g afresh. Which statements are true regarding the default audit settings in this database?() A、 The audit trail is stored in an operating system file.B、 Auditing is disabled for all privileges.C、 The audit trail is stored in the database.D、 Auditing is enabled for all privileges.E、 Auditing is enabled for certain privileges related to database security.
You need to design an audit strategy for Southbridge Video. Your solution must meet business requirements.What should you do?()A、Create a new security template that enables the Audit account logon events policy for successful and failed attempts. Create a new GPO, and link it to the domain. Import the new security template into the new GPOB、Create a new security template that enables the Audit account logon events policy for successful and failed attempts. Create a new GPO, and link it to the Domain Controllers OU. Import the new security template into the new GPOC、Create a new security template that enables the Audit logon events policy for successful and failed attempts. Create a new GPO, and link it to the Domain Controllers OU. Import the new security template into the new GPOD、Create a new security template that enables the Audit logon events policy for successful and failed attempts. Create a new GPO, and link it to the domain. Import the new security template into the new GPO
You need to design a method to log changes that are made to servers and domain controllers. You also need to track when administrators modify local security account manager objects on servers. What should you do?()A、Enable failure audit for privilege user and object access on all servers and domain controllersB、Enable success audit for policy change and account management on all servers and domain controllersC、Enable success audit for process tracking and logon events on all servers and domain controllersD、Enable failure audit for system events and directory service access on all servers and domain controllers
Certkiller .com has organizational units in the Active Directory domain. There are 10 servers in the organizational unit called Security. As an administrator at Certkiller .com, you generate a Group Policy Object (GPO) and link it to the Security organizational unit. What should you do to monitor the network connections to the servers in Security organizational unit()A、Start the Audit Object Access optionB、Start the Audit System Events optionC、Start the Audit Logon Events optionD、Start the Audit process tracking optionE、All of the above
You have a computer that runs Windows 7. Multiple users log on to your computer. You enable auditing ona folder stored on your computer. You need to ensure that each access to the folder is logged. What should you do?()A、Start the Problem Steps Recorder.B、From Event Viewer, modify the properties of the Security log.C、From the local Group Policy, configure the Audit object access setting.D、From the local Group Policy, configure the Audit directory service Access setting.
You have an Exchange Server 2010 organization. You have a global security group named Legal that contains all the members of your companys legaldepartment. The companys security policy states that the Legal group must be able to search all mailboxes for e-mailmessages that contain specific keywords. You need to recommend a solution for the organization that complies with the security policy. What should you include in the solution?()A、a Discovery Management role groupB、a legal holdC、administrator audit loggingD、Mailbox journaling
Your company has a server that runs Windows Server 2008. Certification Services is configured as a stand-alone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()A、Configure auditing in the Certification Services snap-in.B、Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32% /CertSrv directory.C、Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.D、Enable the Audit object access setting in the Local Security Policy for the Certification Services server.
You are an administrator at Certkiller .com. Certkiller has a network of 5 member servers acting as file servers. It has an Active Directory domain. You have installed a software application on the servers. As soon as the application is installed, one of the member servers shuts down itself. To trace and rectify the problem, you create a Group Policy Object (GPO). You need to change the domain security settings to trace the shutdowns and identify the cause of it. What should you do to perform this task()A、Link the GPO to the domain and enable System Events optionB、Link the GPO to the domain and enable Audit Object Access optionC、Link the GPO to the Domain Controllers and enable Audit Object Access optionD、Link the GPO to the Domain Controllers and enable Audit Process tracking optionE、Perform all of the above actions
You need to identify each help desk user who bypasses the new corporate security policy. What should you do?()A、Configure Audit Special Logon and define Special Groups.B、Configure Audit Other Privilege Use Events and define Special Groups.C、Configure Audit Sensitive Privilege Use and configure auditing for the HelpDesk group.D、Configure Audit Object Access and modify the auditing settings for the HelpDesk group.
You are the administrator of a SQL Server 2005 computer named SQL1. SQL1 is a member of a Microsoft Active Directory domain. You do not have any rights or privileges to perform domain administration. However, you have been granted membership in the local Administrators group on SQL1. You perform most of the management of SQL1 from your administrative workstation. However, for security reasons, you want to track all attempts for interactive logons and network connections to SQL1. What should you do?()A、Create a Group Policy object (GPO) that is configured for success and failure auditing of the Audit account logon events setting. Ask the domain administrator to link the GPO to the object containing SQL1.B、Configure the SQL Server service on SQL1 to audit all successful and failed logon attempts.C、Edit the local security policy of SQL1. Then, configure success and failure auditing on the Audit logon events setting.D、Run the SQL Server Profiler and use a standard default template.
Your network consists of a single Active Directory domain. You have a member server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).You need to record all attempts by domain users and local users to log on to Server1. What should you do?()A、In the Default Domain Controller Policy, enable success and failure for the Audit logon events policy setting.B、In the Default Domain Controller Policy, enable success and failure for the Audit account logon events policy setting.C、In the Local Security Policy on Server1, enable success and failure for the Audit logon events policy.D、In the Local Security Policy on Server1, enable success and failure for the Audit account logon events policy setting.
多选题Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()AConfigure auditing in the Certification Authority snap-in.BEnable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%/CertSrv directory.CEnable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.DEnable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services (AD CS) server.
单选题Your network consists of a single Active Directory domain. You have a member server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).You need to record all attempts by domain users and local users to log on to Server1. What should you do?()AIn the Default Domain Controller Policy, enable success and failure for the Audit logon events policy setting.BIn the Default Domain Controller Policy, enable success and failure for the Audit account logon events policy setting.CIn the Local Security Policy on Server1, enable success and failure for the Audit logon events policy.DIn the Local Security Policy on Server1, enable success and failure for the Audit account logon events policy setting.
多选题You installed Oracle Database 11g afresh. Which statements are true regarding the default audit settings in this database?()AThe audit trail is stored in an operating system file.BAuditing is disabled for all privileges.CThe audit trail is stored in the database.DAuditing is enabled for all privileges.EAuditing is enabled for certain privileges related to database security.
单选题You are tasked with designing a security solution for your network. What information should be gathered prior to designing the solution?()AIP addressing design plans so that the network can be appropriately segmented to mitigate potential network threatsBdetailed security device specificationsCresults from pilot network testingDresults from a network audit
单选题You perform a security audit on a server named server1. You install the Microsoft network monitor 3.0 application on server1. You find that only some of the captured frames dsplay host mnemonic names in the source column and the destination column. All other frames display ip addresses. You need to display mnemonic host names instead of ip addresses for all the frames what should you do?()ACreate a new display filter and apply the filter to the capture.BCreate a new capture filter and apply the filter to the capture.CPopulate the aliases table and apply the aliases to the capture.DConfigure the network monitor application to enable the enable converstations option, recapture the data to a new file.
单选题Your company has an Active Directory directory service domain. All servers run Windows Server 2003. You are developing a security monitoring plan. You must monitor the files that are stored in a specific directory on a member server. You have the following requirements. Log all attempts to access the files.Retain log information until the full weekly backup occurs. You need to ensure that the security monitoring plan meets the requirements. What should your plan include?()A Configure a directory service access audit policy. Increase the maximum size of the security log.B Configure a directory service access audit policy. Set the system log to overwrite events older than 7 days.C Configure an object access audit policy for the directory. Increase the maximum size of the system log.D Configure an object access audit policy for the directory. Set the security log to overwrite events older than 7 days.
单选题You have an Exchange Server 2010 organization. You plan to delegate Exchange administrative rights to some users in the organization. You need to recommend a solution that tracks all changes made to the Exchange organization. What should you include in the solution?()Aadministrator audit loggingBcircular loggingCdiagnostic loggingDWindows Security Auditing
单选题You are an administrator at Certkiller .com. Certkiller has a network of 5 member servers acting as file servers. It has an Active Directory domain. You have installed a software application on the servers. As soon as the application is installed, one of the member servers shuts down itself. To trace and rectify the problem, you create a Group Policy Object (GPO). You need to change the domain security settings to trace the shutdowns and identify the cause of it. What should you do to perform this task()ALink the GPO to the domain and enable System Events optionBLink the GPO to the domain and enable Audit Object Access optionCLink the GPO to the Domain Controllers and enable Audit Object Access optionDLink the GPO to the Domain Controllers and enable Audit Process tracking optionEPerform all of the above actions
单选题You need to recommend a solution that enables User1 to perform the required actions on the Hyper-V server.What should you include in the recommendation?()AActive Directory delegationBAuthorization Manager role assignmentClocal security groups on the Hyper-V serverDlocal security groups on the VMs
单选题You have a computer that runs Windows 7. You need to record when an incoming connection is allowedthrough Windows firewall. What should you do?()AIn Local Group Policy, modify the audit policy.BIn Local Group Policy, modify the system audit policy.CFrom the Windows Firewall with Advanced Security properties, set the logging settings to Log successfulconnections.DFrom the Windows Firewall with Advanced Security properties, set the Data Protection (Quick Mode)IPSec settings to Advanced.