You are the desktop administrator for your company. The company's network consists of a single Microsoft Windows NT domain. The network contains 2,000 Windows XP Professional computers. The information security department releases a new security template named NewSecurity.inf. You are instructed to apply the new template to all 2,000 Windows XP Professional computers. You use the Security Configuration and Analysis console to import NewSecurity.inf into a security database named NewSec.sdb. You copy NewSec.sdb to a folder named Sec on a server named Server1. You need to apply NewSecurity.inf to the Windows XP Professional computers. What should you do?() A、Use the Security Configuration and Analysis console to export a template named NewSec.inf from NewSec.sdb. Copy NewSec.inf to each client computer. B、Write a logon script that copies NewSec.sdb to the %systemroot%/System32 folder on each client computer. C、Copy NewSec.sdb to the Netlogon shared folder on each domain controller. D、Write a logon script that runs the Secedit /configure /db //Server1/Sec/NewSec.sdb command. Apply the logon script to all domain user accounts.
You are the desktop administrator for your company. The company's network consists of a single Microsoft Windows NT domain. The network contains 2,000 Windows XP Professional computers. The information security department releases a new security template named NewSecurity.inf. You are instructed to apply the new template to all 2,000 Windows XP Professional computers. You use the Security Configuration and Analysis console to import NewSecurity.inf into a security database named NewSec.sdb. You copy NewSec.sdb to a folder named Sec on a server named Server1. You need to apply NewSecurity.inf to the Windows XP Professional computers. What should you do?()
- A、Use the Security Configuration and Analysis console to export a template named NewSec.inf from NewSec.sdb. Copy NewSec.inf to each client computer.
- B、Write a logon script that copies NewSec.sdb to the %systemroot%/System32 folder on each client computer.
- C、Copy NewSec.sdb to the Netlogon shared folder on each domain controller.
- D、Write a logon script that runs the Secedit /configure /db //Server1/Sec/NewSec.sdb command. Apply the logon script to all domain user accounts.
相关考题:
You are the network administrator for your company. The network originally consists of a single Windows NT 4.0 domain.You upgrade the domain to a single Active Directory domain. All network servers now run Windows Server 2003, and all client computers run Windows XP Professional.Your staff provides technical support to the network. They frequently establish Remote Desktop connections with a domain controller named DC1.You hire 25 new support specialists for your staff. You use Csvde.exe to create Active Directory user accounts for all 25.A new support specialist named Paul reports that he cannot establish a Remote Desktop connection with DC1. He receives the message shown in the Logon Message exhibit. (Click the Exhibit button.)You open Gpedit.msc on DC1. You see the display shown in the Security Policy exhibit. (Click the Exhibit button.)You need to ensure that Paul can establish Remote Desktop connections with DC1.What should you do? ()
You are the desktop administrator for one of your company's branch offices. The network in your branch office contains 100 Windows XP Professional computers. The computers are configured with the Compatws.inf security template. One of the network administrators in the company's main office creates a new security template named CompanySec.inf. The new template is designed to be applied to each of the company's Windows XP Professional computers. The users in your branch office have different security requirements from the users in the main office. You need to find out whether the new security template will violate the security requirements of the users in the branch office. What should you do?()A、Run the Secedit.exe command in validation mode and specify the new security template.B、Run the Secedit.exe command in configuration mode and specify the new security template. C、Use the Security Configuration and Analysis console to import both templates into a security database, and then perform an Analyze operation. D、Use the Security Configuration and Analysis console to import both templates into a security database, and then perform a Configure operation.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers. Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO) is configured.You need to confirm whether all computers in the domain have received all approved updates from Server1. What should you do on Server1?()A、Install and configure Urlscan.exe.B、At the command prompt, type gpresult /scope COMPUTER.C、Open the WSUS console. Run the Status of Computers report.D、Open the WSUS console. Run the Synchronization Results report.
ou are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Two of the servers on the network contain highly confidential documents. The company’s written security policy states that all network connections with these servers must be encrypted by using an IPSec policy.You place the two servers in an organizational unit (OU) named SecureServers. You configure a Group Policy object (GPO) that requires encryption for all connections. You assign the GPO to the SecureServers OU. You need to verify that users are connecting to the two servers by using encrypted connections. What should you do?()A、Run the net view command.B、Run the gpresult command.C、Use the IP Security Monitor console.D、Use the IPSec Policy Management console.
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003. The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods, audit settings, and account policy settings. The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements, renaming the administrator account, and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings. You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized, and that after the deployment, the security settings on all application servers meet the design requirements. What should you do? ()A、 Apply the Setup security.inf template first, the Hisecws.inf template next, and then the Application.inf template.B、 Apply the Application.inf template and then the Hisecws.inf template.C、 Apply the Application.inf template first, the Setup security.inf template next, and then the Hisecws.inf template.D、 Apply the Setup security.inf template and then the Application.inf template.
You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers. According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network. You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network. What should you do? ()A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.B、 Replace all Windows 98 computers with new Windows XP Professional computers.C、 Install the Active Directory Client Extensions software on the Windows 98 computers.D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.
You are the desktop administrator for your company. The company's network contains 500 Windows XP Professional computers. The information security department releases a new security template named NewSec.inf. You import NewSec.inf into a security database named NewSec.sdb. You analyze the result, and you review the changes that the template makes. You examine the security policies that are defined in NewSec.inf. You discover that the settings in NewSec.inf have not been implemented on your computer. You need to ensure that the settings in NewSec.inf overwrite the settings in your computer's local security policy. What are two possible ways to achieve this goal?()A、Run the Secedit /configure /db C:/NewSec.sdb command.B、Run the Secedit /refreshpolicy machine_policy command.C、Copy NewSec.inf to the C:/Windows/Inf folder. D、Copy NewSec.sdb to the C:/Windows/System32/Microsoft/Protect folder. E、Use the Security Configuration and Analysis console to open NewSec.sdb and then to perform a Configure operation. F、Use the Security Configuration and Analysis console to export NewSec.sdb to the Defltwk.inf security template.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,200 Windows 2000 Professional computers. The written company security policy states that all computers in the domain must be examined, with the following goals: (1)to find out whether all available security updates are present (2)to find out whether shared folders are present to record the file system type on each hard disk You need to provide this security assessment of every computer and verify that the requirementsof the written security policy are met. What should you do?()A、Open the Default Domain Policy and enable the Configure Automatic Updates policy.B、Open the Default Domain Policy and enable the Audit object access policy, the Audit account management policy, and the Audit system events policy.C、On a server, install and run mbsacli.exe with the appropriate configuration switches.D、On a server, install and run HFNetChk.exe with the appropriate configuration switches.
You are the network administrator for Company. You have been assigned the task to upgrade the 23 Windows NT Workstation 4.0 computers in the accounting department to Windows 2000 Professional. Users in the accounting department run a peer-to-peer financial and credit application on their computers. The application requires that information is passed between the accounting department computers over the network. You upgrade all the computers and configure them to have the default security settings. You want to ensure that network traffic between accounting computers is secure. What should you do? ()A、Disable NetBIOS over TCP/IP on the accounting department computers.B、Apply the Hisecws.inf security template to the local security policy on the accounting department computers.C、Enable the Encrypting File System (EFS) on all files used by the financial and credit application on the accounting department computers.D、Configure port filters for each port used by the financial and credit application on the accounting department computers.
You are the desktop administrator for one of your company's branch offices. The network in the branch office consists of a single network segment, which contains a domain controller, a DHCP server, 10 Windows 2000 Server computers, and 50 Windows 2000 Professional computers. All servers and client computers are members of the company's Active Directory domain. You purchase 50 new client computers for the branch office. Each new client computer contains a built-in PXE-compliant network adapter. You install and configure RIS on one of the Windows 2000 Server computers that is on the network in the branch office. You create a Windows XP Professional RIS image on the Windows 2000 Server computer. You connect the new client computers to the network in the office, and you turn on each computer. Each computer displays a message stating that it cannot contact a PXE boot server. You verify that the RIS server is connected to the network. You need to ensure that the new client computers can connect to the RIS server and can begin installing Windows XP Professional. What should you do?()A、Ask a domain administrator to authorize the RIS server. B、Grant the Everyone group Allow - Read NTFS permission on the RIS image.C、Install RIS on the domain controller. Copy the RIS image to the domain controller.D、Add a reservation for the RIS server to the DHCP server.
You are the administrator of Company.com’s Windows 2000 Network. Your routed TCP/IP network consists of 10 Windows 2000 Server computers and 75 Windows 2000 Professional computers. All computers are in the Company.com domain. Your network uses TCP/IP as the only network protocol. You are installing 10 new Windows 2000 Professional computers. You want to enable the new computers to use host names to connect to shared resources on the network. You configure a TCP/IP address, a gateway address and a subnet mask on each new computer. You want to complete the configuration to allow the computers to communicate on the network. What should you do?()A、Configure a HOSTS file.B、Configure a LMHOSTS file.C、Configure a WINS server database.D、Configure a DHCP server address.E、Configure at least one DNS address.
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional. You are planning a security update infrastructure. You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically. What should you do? ()A、 Schedule the secedit command to run every night.B、 Schedule the mbsacli.exe command to run every night.C、 Install Microsoft Baseline Security Analyzer (MBSA) on one of the servers. Configure Automatic Updates on all other computers to use that server.D、 Install Software Update Services (SUS) on one of the servers. Configure the SUS server to update every night.
You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains three Windows Server 2003 domain controllers, 20 Windows Server 2003 member servers, and 750 Windows XP Professional computers. The domain is configured to use only Kerberos authentication for all server connections.A user reports that she receives an "Access denied" error message when she attempts to connect to one of the member servers. You want to test the functionality of Kerberos authentication on the user’s client computer. Which command should you run from the command prompt on the user’s computer?()A、netshB、netdiagC、ktpassD、ksetup
You are the administrator of your company’s network. Ten Windows 2000 Professional computers are located in the Research department. The computers contain highly confidential information. You want the 10 computers to be able to communicate with other Windows 2000 Professional computers on the network. However, you do not want them to communicate with computers that are not running Windows 2000, including those that are running Windows 95, Windows 98 and Windows NT. You want to configure a security policy on each computer to ensure that the confidential information is secure. What should you do?()A、Use Security Configuration and Analysis to import the Hisecws.inf security template file to modify the default security settings.B、Use security templates to create a security template file and import the security settings to modify the default security settings.C、Use the local computer policy to disable the access to this computer from the network option.D、Use Secedit.exe to reconfigure the computers’ default security settings to not allow anonymous access to the computers.
You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The company occasionally experiences downtime because of malicious lnternet worms that arrive as Microsoft Visual Basic Scripting Edition (VBS) files. You examine several client computers and discover that VBS files are downloaded by using Microsoft Outlook,instant messaging,or peer-to-peer file sharing programs. You need to prevent users from running VBS files regardless of how they arrive on client computers. What should you do?()A、 Use a software restriction policy to disable all unauthorized scripts.B、 Use an Administrative Template to ensure that Outlook and lnternet Explorer are in the Restricted Sites security zonC、 Use a centralized logon script to rename the Wscript.exe file on each computer to contain a nonexecutable extensioD、 Use a file system security policy to assign the Deny - Execute permission for the Wscript.exe file.
You are the network administrator for ExamSheet. Computers on your network run Windows 2000 Professional, Windows NT Workstation 4.0 and Windows 98. Ten Windows 2000 Professional computers are located in the research department. These computers contain highly confidential information. You want the 10 Windows 2000 Professional computers to be able to communicate only with other Windows 2000 computers. What should you do?()A、On the research computers use the Local Computer Policy to disable theAccess this computer from the networkoption.B、Use Security Configuration and Analysis to apply the Highly Secure security template to the research computers.C、Add the users of the research computers to the Power Users group on each computer.D、On the research computers configure the security settings to prevent anonymous access.
You are the network administrator for ExamSheet.net. You administer ExamSheet’s Windows 2000 network. Computers on the network run Windows 2000 Professional, Windows NT Workstation 4.0 and Windows 98. Ten Windows 2000 Professional computers are located in the research department. The users of the Windows 2000 Professional computers run legacy applications which are not certified for Windows 2000. These applications will not run for those users who only have User rights on the computers. You want to uniformly grant the users of these computers with the least possible administrative rights and still allow them to run the applications. What should you do? ()A、On the research computers user the Local Computer Policy to disable theAccess this computer from the networkoption.B、Apply the Compatws.inf security template to the research computers.C、Apply the Hisecws.inf security template to the research computers.D、On the research computers configure the computer default security settings to prevent anonymous access.
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Windows Server Update Services (WSUS) on a computer named Server2. You create a Group Policy object (GPO) that configures all client computers to receive software updates from Server2. One week later, you run Microsoft Baseline Security Analyzer (MBSA) on all client computers to find out whether all updates are being applied. You discover that all of the Windows 2000 Professional client computers receive updates, but the Windows XP Professional client computers do not receive updates. You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from Server2. What should you do?()A、Make all users of Windows XP Professional client computers members of the Administrators local group.B、On all Windows XP Professional client computers, install the latest service pack.C、On all Windows XP Professional client computers, use the gpupdate /force command.D、On all Windows XP Professional client computers, delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU.
Your company has a single Active Directory directory service domain. Servers in your environment run Windows Server 2003. Client computers run Windows XP or Windows Vista. You plan to create an internal centrally managed security update infrastructure for client computers. You need to choose a security update management tool that supports all the client computers. Which tool should you choose? ()A、 Microsoft Assessment and Planning (MAP) ToolkitB、 Microsoft Baseline Security AnalyzerC、 Microsoft System Center Operations ManagerD、 Windows Server Update Services (WSUS)
You are the network administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional. The company has legacy applications that run on UNIX servers. The legacy applications use the LDAP protocol to query Active Directory for employee information. The domain controllers are currently configured with the default security settings. You need to configure enhanced security for the domain controllers. In particular, you want to configure stronger password settings, audit settings, and lockout settings. You want to minimize interference with the proper functioning of the legacy applications. You decide to use the predefined security templates. You need to choose the appropriate predefined security template to apply to the domain controllers. What should you do?()A、 Apply the Setup security.inf template to the domain controllers.B、 Apply the DC security.inf template to the domain controllers.C、 Apply the Securedc.inf template to the domain controllers.D、 Apply the Rootsec.inf template to the domain controllers.
You are the administrator of a Windows 2000 network. You upgrade five computers in the sales department to Windows 2000 Professional. You then apply the Basicwk.inf security template to the upgraded computers. The remaining computers in the sales department are using Windows NT Workstation 4.0. When users log on to the Windows 2000 Professional computers they report that they are unable to run the company’s database application. When the users log on to Windows NT Workstation 4.0 computers they are able to run the database application. You want the users of Windows 2000 Professional computers to be able to run the database application. What should you do? ()A、Apply the Securews.inf security template to the computers.B、Apply the Compatsws.inf security template to the computers.C、Delete the Basicwk.inf security template file from the computers.D、For each user account, grant Read permission to the database application and its associated files.E、Use the System Policy Editor to configure a new security policy for the database application.
You are the desktop administrator for Contoso, Ltd. The company's network contains 1,000 Windows XP Professional computers, which are members of a single Active Directory domain. The computers' hard disks are formatted as NTFS. The company's software developers release a new custom application. The application uses a .dll file named AppLib.dll, which is installed in a folder named /Program Files/Contoso/OpsApp. The company's help desk technicians report that several users experience problems when they use the application because the AppLib.dll file was deleted on their client computers. The company's software developers recommend that you modify the file permissions on AppLib.dll so that users have only Read permission on the file. You need to ensure that all users have only Read permission on the AppLib.dll file on all 1,000 Windows XP Professional computers. What should you do?() A、Write a logon script that moves the AppLib.dll file into the %systemroot%/System32 folder.B、Ensure that Windows File Protection is enabled on all 1,000 Windows XP Professional computers.C、Apply the logon script to all domain user accounts. D、Use the Security Configuration and Analysis console to create a new security template that modifies the file permissions on AppLib.dll. E、Use Active Directory Group Policy to import and apply the template to all 1,000 Windows XP Professional computers. F、Repackage the custom application in a Windows Installer package.
You are a security administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain. Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non-lPSec-aware computers. The company’s written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed. The domain contains a multihomed server named Server1. Server1 isconnected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1. You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network. How should you configure Server1?()A、 Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.B、 Configure the network adapter on the test network to disable IEEE 802.1x authentication.C、 Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.D、 Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test.E、 Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test.
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group. A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers. You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented. What should you do? ()A、 Add the Domain Users global group to the Remote Desktop Users built-in group in the domain. B、 Add the Domain Users global group to the Remote Desktop Users local group on each terminal server.C、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Import the security template into the Default Domain Controllers Policy Group Policy object (GPO).D、 Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Apply the modified template to each terminal server.
You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers. According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network. You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network. What should you do? ()A、 On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic. B、 Replace all Windows 98 computers with new Windows XP Professional computers. C、 Install the Active Directory Client Extensions software on the Windows 98 computers. D、 Upgrade all Windows 98 computers to Windows NT Workstation 4.0.
You are the network administrator for ExamSheet.net. You administer ExamSheet’s Windows 2000 network. You upgrade 10 computers in the Accounting department from Windows NT Workstation 4.0 to Windows 2000 Professional. All of the upgraded computers are configured to have the default security settings. For security purposes you want to ensure that these computers can only communicate with other Windows 2000 computers. What should you do?()A、On each computer configure separate memory spaces for each financial and credit applications.B、Apply Highly Secure security template to the local security policy of the computers in the Accounting department.C、Apply Compatible security template to the local security policy of the computers in the Accounting department.D、Add each user account to the Power Users group on that user’s computer.
You are the network administrator for Company. Many of the employees in the sales department travel on a regular basis and needs to dial into the company network from their Windows 2000 Professional portable computers. Your company recently implemented a new computing security policy that mandates all remote connections be established by a two-way authentication method. You configure a Windows 2000 Server computer to run Routing and Remote Access to meet the requirements of the new security policy. Employees who travel report they can no longer initiate a dial-up connection. You need to give employees who travel the ability to dial in to the company network. What should you do? ()A、Configure the dial-up connection on all of the portable computers to use L2TP.B、Configure the dial-up connection on all of the portable computers to use MS-CHAP v2.C、Apply the Compatws.inf Security Template to all of the portable computers.D、Apply the Hisecws.inf Security Template to all of the portable computers.