MCSE 70-299考試題庫由KillTest認證題庫網資深IT認證講師和MCSE2003產品專家結合PROMETRIC或VUE的真實70-299考試環境最新原題傾心打造。題庫覆蓋了當前最新的真實考題,並且全部附有正確答案,我們承諾題庫對MCSE 70-299(Implementing and Administering Security in a Microsoft Windows Server 2003 Network)考試原題完整覆蓋。70-299題庫助您輕鬆通過認證考試,一次不過全額退款。
MCSE70-299(Implementing and Administering Security in a Microsoft Windows Server 2003 Network)考題由我們的資深IT認證講師和MCSE2003產品專家精心打造,包括了當前最新的真實70-299考題,全部附有正確答案。
Implementing and Administering Security in a Microsoft Windows Server 2003 Network(70-299 Exam)屬於MCSE認證考試中的一門,如果需要取得MCSE證書,您可能還需要參加其他相關考試,詳情可訪問MCSE認證專題,在那裡,你將看到所有MCSE認證相關考試科目。
1.You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.Eight Windows Server 2003 computers are members of the domain. These computers are used to store confidential files. They reside in a data center that only IT administration personnel have physical access to. You need to restrict members of a group named Contractors from connecting to the file server computers. Allother employees require access to these computers.
What should you do?
A. Apply a security template to the file server computers that assigns the Access this computer from the network right to the Domain Users group.
B. Apply a security template to the file server computers that assigns the Deny access to this computer from the net work right to the Contractors group.
C. Apply a security template to the file server computers that assigns the Allow log on locally right to the Domain Users group.
D. Apply a security template to the file server computers that assigns the Deny log on locally right to the Contractors group.
Answer: B
2. You are a security administrator for your company. The network consists of a single Active Directory domain.
Four Windows Server 2003 computers run IIS and serve as Web servers on the Internet.
The company’s written security policy states that computers that are accessible from the Internet must be hardened against attacks. The procedure for hardening computers includes disabling unnecessary services. You evaluate which services are necessary by using the following information about the Web servers: Customers and business partners access Web content on the Web servers after they authenticate by using a user
name and password. To access certain parts of the site, some of these connections use the SSL protocol.
All software is installed locally on the Web servers by using removable media, except for service packs and security patches.
The Web servers automatically download service packs and security patches from an internal computer that runs Software Update Services (SUS).
The Web servers are not functioning as any other roles.
You need to create a security template for the Web servers that disables unnecessary services and allows necessary services to operate.
What should you do?
To answer, drag the appropriate service startup types to the correct locations in the work area.
Answer:
3. You are a security administrator for your company. The network consists of a single Active Directory domain.
Servers run either Windows Server 2003 or Windows 2000 Server. All client computers run Windows 2000 Professional. The latest operating system service pack is installed on each computer.
Thirty Windows Server 2003 computers are members of the domain and function as file servers. Client computers access files on these file servers over the network by using the Server Message Block (SMB) protocol. You are concerned about the possible occurrence of man-in-the-middle attacks during SMB communications.
You need to ensure that SMB communications between the Windows Server 2003 file servers and the client computers are cryptographically signed. The file servers must not communicate with client computers if the client computers cannot sign SMB communications. Client computers must be able to use unsigned SMB
communications with all other computers in the domain.
What should you do to configure the file servers?
A. Apply a security template that enables the Microsoft network server: Digitally sign communications (always) setting.
B. Apply a security template that enables the Microsoft network server: Digitally sign communications (if client agrees) setting.
C. Apply a security template that enables the Domain member: Digitally sign secure channel data (when possible)setting.
D. Apply a security template that enables the Domain member: Digitally encrypt or sign secure channel data(always) setting.
Answer: A