Exin SCNP Strategic Infrastructure Security Set 7

You wish to install a new Windows 2003 Server in your network, and are deciding which of the server roles will best suit your environment. From the following answers, select the option that is not a Windows 2003 Server Role.

You are running a computer that boots to multiple operating systems on multiple partitions and wish to use Windows 2003 data encryption to protect your files. Which of the following options will Windows 2003's EFS perform?

Logging is critical when you want to determine whether or not your server is being attacked. You must enable logging on your Web servers. To help prevent malicious users from deleting files to cover their tracks, you should make sure the ACLs on the IIS-generated log files (%systemroot%\system32\LogFiles) are set to Administrators (Full Control) and System (Full Control). The ACL for the Everyone group should not be greater than which of the following?

One of your assistants has configured a Windows 2003 Server to use EFS. This server is only accessed from internal network clients over a 100BaseT infrastructure. You tell your assistant that the security offered by EFS in this situation will not increase the security of the data transferred. Why is your statement correct?

You have recently hired an assistant to help you with managing the security of your network. You are currently running an all Windows environment, and are describing NTFS permission issues. You are using some demonstration files to help with your discussion. You have two NTFS partitions, C:\ and D:\ There is a test file, C:\DIR1\test.txt that is currently set so that only Administrators have Full Control. If you move this file to the C: \DIR2 folder, what will the permissions be for this file?

You have just become the senior security professional in your office. After you have taken a complete inventory of the network and resources, you begin to work on planning for a successful security implementation in the network. You are aware of the many tools provided for securing Windows 2003 machines in your network. What is the function of The Security Configuration and Analysis snap-in?

Windows 2003 Server can utilize many different forms of authentication, from standard passwords to Smart Cards. What are the advantages of using NTLM Authentication over LM Authentication in Windows?

In Windows 2003, there are four methods of implementing IPSec. They are: 1 - Require Security 2 - Request Security 3 - Respond Only 4 - No IPSec Policy Your network hosts many servers, and different security policies are in place in different locations in the network. The Clients and Servers in your network are configured as follows: -You have servers numbered 1-9, which have a policy stating they require no network traffic security. -You have servers numbered 10-19, which have a policy stating they are not required to be secure, but will encrypt network traffic if the client is able to receive it. -You have servers numbered 20-29, which have a policy stating they are required to be secure and all network traffic they deliver must be secured. -You have clients numbered 60-79 that are required to access secure servers 20-29. -You have clients numbered 80-99 that are not required to access secure servers 20-29, but are required to access servers 1-9 and 10-19. Based on the Client and Server configuration provided above, which of the following computers must implement IPSec method 3?

You are the main person responsible for the security of a mid-sized company. To have control over all the aspects of the security of the network, you study and analyze each component thoroughly. Your network is running all Windows 2003 servers, and you are studying the logon process. You know there are many components of the process, and are now at the point where you are analyzing the Security Accounts Manager (SAM). What is the SAM?

You have recently introduced the users of your Windows 2003 Domain network to EFS, and the company policy indicates that several users must take advantage of EFS for certain files. Since it is new, you are concerned with EFS being implemented in ways not defined in the policy. Which user account is, by default, the Recovery Agent, that can decrypt data if need be?