70-299

Page 1

Microsoft EXAM 70-299 Implementing Security in a MS Win Server2003 Network

Demo

http://www.needking.com/70-299.html

The safer , easier way to help you pass any IT exams.

Question: 1 You are a security administrator for your company. The network consists ofan Active Directory forest that contains two domains. The domains are namedtreyresearch.com and litwareinc.com. All Active Directory domains are runningat a Windows Server 2000 mixed mode functionality level. Employees in the help desk department need to modify certain attributes ofemployee user accounts that reside in the treyresearch.com domain. The helpdesk department user accounts reside in the litwareinc.com domain. You need to create a single group named Help Desk that contains all helpdesk department user accounts and that can be granted access to modify theemployee user accounts in the treyresearch.com domain. What should you do? A. Use a global security group in the litwareinc.com domain named Help Desk. B. Use a universal security group in the litwareinc.com domain named HelpDesk. C. Use a universal security group in the treyresearch.com domain named HelpDesk. D. Use a global security group in the treyresearch.com domain named Help Desk.

Answer: A Question: 2 You are a security administrator for your company. The network consists of asingle Active Directory domain. All domain controllers run Windows Server 2003.All client computers run Windows XP Professional. Users store files on a server named Server1. These files are confidentialand must be encrypted at all times while on Server1. You configure a new certification authority (CA) and issue certificates thatsupport Encrypting File System (EFS) to all users. Users report that theycannot encrypt files that are stored on Server1. They report that they canencrypt files that are stored locally on their client computers. You need to ensure that users can encrypt files that are stored on Server1. What should you do? A. Configure the Server1 computer account to be trusted for delegation. B. Configure a new EFS recovery agent. Deploy the EFS recovery agent by usingActive Directory. C. Enroll Server1 for a Computer certificate that supports file encryption. D. Enroll each client computer for a Computer certificate that supports fileencryption.

Answer: A Question: 3 You are a security administrator for your company. The network consists of asingle Active Directory domain. All servers run Windows Server 2003. All clientcomputers run Windows XP Professional. Complete collection of 70-299 Exam's Question and Answers. http://www.needking.com

1 1

The safer , easier way to help you pass any IT exams. There are 15 Windows Server 2003 computers that serve as domain controllers.For security reasons, you do not allow the domain controllers to access Websites over the Internet. You need to scan all of the domain controllers to identify which Microsoftsecurity patches are not installed. You want to achieve this goal by using theminimum amount of administrative effort and by successfully completing the scanof all domain controllers. What should you do? A. Run Microsoft Baseline Security Analyzer (MBSA) on each domain controllerwith a copy of the Mssecure.cab file that you downloaded from the Microsoft Website. B. Run Microsoft Baseline Security Analyzer (MBSA) on one of the domaincontrollers and target all the domain controllers. C. Run Microsoft Baseline Security Analyzer (MBSA) on a client computer thathas Internet access and target all the domain controllers. D. Run Microsoft Baseline Security Analyzer (MBSA) on each domain controllerwith a copy of the MBSAScan.wsf file that you downloaded from the Microsoft Website.

Answer: C Question: 4 You are a security administrator for your company. The network consists of asingle Active Directory domain. All servers run Windows Server 2003. All clientcomputers run Windows XP Professional. Your company hosts Web applications for customers. Each customer is acompany that has multiple employees who require access to the Web applications.Each customer has one Web application. Each Web application is configured as avirtual directory. You configure a user account for each customer. You assignthis account permission to read the virtual directory that contains thecustomer's Web application. You need to ensure that employees can access only their company's Webapplication. You must accomplish this task without requiring customers todisclose passwords. What should you do? A. Configure anonymous access for each virtual directory. Configure eachvirtual directory to use the customer's assigned user account. Leave thepassword assigned to the user account blank. B. Configure a certification authority (CA). Issue certificates to eachemployee of each customer that requires access to the Web site. Configuremany-to-one certificate mapping. C. Acquire a Server Authentication digital certificate from a publiccertification authority (CA). Configure the Web server to use this certificateand to require SSL. Distribute a copy of the Server Authentication certificateto each employee of each customer that requires access to the Web site. D. Configure Microsoft .NET Passport authentication for each virtualdirectory. Instruct each employee of each customer that requires access to theWeb site to enroll for a new .NET Passport.

Answer: B \

Question: 5 Complete collection of 70-299 Exam's Question and Answers. http://www.needking.com

2 2

The safer , easier way to help you pass any IT exams. You are a security administrator for your company. The network consists of asingle Active Directory domain. All servers run Windows Server 2003. All clientcomputers run Windows XP Professional. Eight Windows Server 2003 computers are members of the domain. Thesecomputers are used to store confidential files. They reside in a data centerthat only IT administration personnel have physical access to. You need to restrict members of a group named Contractors from connecting tothe file server computers. All other employees require access to thesecomputers. What should you do?

Question: 6 You are a security administrator for your company. The network consists of asingle Active Directory domain. All servers run Windows 2003 Server. All clientcomputers run Windows XP Professional. All computers are configured to use Automatic Updates to install updateswithout user intervention. Updates are scheduled to occur during off-peakhours. During a security audit, you notice some client computers are not receivingupdates on a regular basis. You verify that Automatic Updates is running on allclient computers, and you verify that users cannot modify the Automatic Updatessettings. You need to ensure that computers on your network receive all updates. What should you do? A. Disable the Specify intranet Microsoft update service location setting. B. Enable the Remove access to use all Windows Update features setting. C. Enable the No auto-restart for scheduled Automatic Updates installations setting. D. Enable the Reschedule Automatic Updates scheduled installations setting.

Answer: D A. Apply a security template to the file server computers that assigns the Access this computer from the network right to the Domain Users group. B. Apply a security template to the file server computers that assigns the Deny access to this computer from the network right to the Contractorsgroup. C. Apply a security template to the file server computers that assigns the Deny log on locally right to the Contractors group. D. Apply a security template to the file server computers that assigns the Allow log on locally right to the Domain Users group.

Answer: B

Complete collection of 70-299 Exam's Question and Answers. http://www.needking.com

3 3

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.