You work as the network security administrator at certifyme.com. The
certifyme.com network consists of a single Active Directory domain named
certifyme.com. certifyme.com has its headquarters in Chicago and a branch office in
Dallas. All servers on the certifyme.com network run Windows Server 2003 and all
client computers run Windows XP Professional.
Between the Internet and the internal network a demilitarized zone (DMZ) segment
has been configured. This DMZ contains three servers which are configured in a
Web farm and are not member servers. 350-001
The Intranet consists of all the computers that are part of the domain. It contains
domain controllers and 10 member servers. Two of these member servers are
configured to run SQL Server 2000. There are no Web servers on the intranet. The
Exhibit below illustrates the Active Directory Structure currently applied:
Leading the way in IT testing and certification tools, www.certifyme.com
- 108 -
All the policies in operation in the intranet are applied via Group Policy objects
(GPOs). You have received instruction to implement a new security template that
will affect all the Web Servers.
What should you do to accomplish this task? (Each correct answer presents part of
the solution. Choose TWO.)
A. Create a Web Servers OU in the Servers OU and place the computer accounts of the
three Web Servers in it. Then create a GPO and import the new security template into it. 640-802
Leading the way in IT testing and certification tools, www.certifyme.com
- 109 -
B. Use the Secedit.exe utility to create a batch file that contains the new security
template.
C. Run the batch file on the three Web servers in the DMZ.
D. Create a GPO and import the new security template into it.
E. Link the GPO containing the security template to the Domain Controllers OU.
F. Link the GPO containing the security template to the Servers OU.
Answer: B, C
Explanation: You should make use of the Secedit.exe utility to create a batch file that
contains the new security template. After which you should run the batch file on the three
Web servers in the DMZ. Since these servers do not form part of the Active Directory
domain you can use Secedit.exe to create and apply templates.
Incorrect Answers:
A : It is not necessary to create an OU especially for the Web servers. These servers are in
a DMZ and as such does not form part of the Active Directory domain. VCP-310 Placing them in
an OU in the Servers OU will pose an unnecessary security risk that would make the
DMZ null and void.
D : This option would only work together with either option E or F which is both wrong.
E : The Web servers are not part of the Domain Controllers OU. The result would be that
the GPO would apply to the Domain Controllers and not the Web servers.
F : The Web servers are not part of the Servers OU. The result would be that the GPO
would apply to the Domain Controllers and not the Web servers.
Reference:
Friday, June 27, 2008
Subscribe to:
Posts (Atom)