REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 
Jennifer
 
 

Braindumps of 70-298
Designing Security for a MS Windows Server 2003 Network

Exam Questions, Answers, Braindumps (70-298)

70-298 cleared, thanks to www.exams.ws . The guide from this site was based on actual exam questions.

QUESTION 1
You need to design an access control strategy that meets business and security requirements. Your solution must minimize forestwide replication. What should you do?
A. Create a global group for each department and a global group for each location.
Add users to their respective departmental groups as members.
Place the departmental global groups within the location global groups.
Assign the location global groups to file and printer resources in their respective domains, and then assign permissions for the file and printer resources by using the location global groups.
B. Create a global group for each department, and add the respective users as members.
Create domain local groups for file and printer resources.
Add the global groups to the respective domain local groups.
Then, assign permissions to the file and printer resources by using the domain local groups.
C. Create a local group on each server and add the authorized users as members.
Assign appropriate permissions for the file and printer resources to the local groups.
D. Create a universal group for each location, and add the respective users as members.
Assign the universal groups to file and printer resources.
Then, assign permissions by using the universal groups.
Answer: B
Explanation:
A global group is a type of group used to organize users who have similar network access requirements. It is simply a container of users and global groups (in native mode) from the local domain.
Domain local groups are used to assign permissions to resources. Domain local groups can contain user accounts, universal groups, and global groups from any domain in the tree or forest. A domain local group can also contain other domain local groups from its own local domain. Microsoft recommends that global groups be added to domain local groups in a single domain environment and that universal groups are added to the domain local group in a multi-domain environment. You would need to make use of a global group for each department and add the respective users as its members, create domain local groups for file and printer resources. After which you should add the global groups to the respective domain local groups and then assign permissions using the domain local groups for the different resources. This should comply with security requirements while servicing business operational requirements.
All customer information must be kept confidential. All access to customer information must be tracked. We must use our existing infrastructure's security features to meet our security needs. Also, we suspect that unauthorized users are attempting to delete files. Therefore, we need to review which users have access to company resources periodically.
Incorrect answers:
A: This option will result in unnecessary replication taking place.
C: A local group is a group that is stored on the local computer's accounts database. This is not the answer in this scenario.
D: Creating universal groups would be creating a special type of group used to logically organize global groups and appear in the Global Catalog (a search engine that contains limited information about every object in the Active Directory). Universal groups can contain users (not recommended) from anywhere in the domain tree or forest, other universal groups, and global groups. This will obviously result in forest wide replication which should be kept to a minimum.
Reference:
Lisa Donald, Suzan Sage London & James Chellis, MCSA/MCSE: Windows (r) Server 2003 Environment Management and Maintenance Study Guide, p. 167
QUESTION 2
You need to design a remote administration solution for servers on the internal network. Your solution must meet business and security requirements. What should you do?
A. Permit administrators to use an HTTP interface to manage servers remotely.
B. Permit only administrators to connect to the servers' Telnet service.
C. Permit administrators to manage the servers by using Microsoft NetMeeting.
D. Require administrators to use Remote Desktop for Administration connections to manage the servers.
Answer: B
Explanation:
Telnet is a very powerful remote administration tool that allows an administrator to use command-line utilities from a text-based command-line window. Because it is infrequently used as an administrative tool and typically passes credentials using clear text, Telnet is disabled by default on all Windows Server 2003 machines. You should enable the Telnet service only if you see a real need for it, especially since the other administrative tools at your disposal offer more features and far better security. The Telnet service should remain disabled unless a need arises that requires it. Thus you need to permit the administrators only to connect to the servers' Telnet service. This scenario necessitates the administrators' need to make use of the Telnet service.
All remote server administration must be conducted over an encrypted channel.
Remote Desktop for Administration cannot be used to connect to servers on the perimeter network.
Incorrect answers:
A: Making use of HTTP interface to manage servers remotely will not comply with company security policy.
C: Having the administrators managing the servers with Microsoft NetMeeting does not meet with business requirements.
D: Compelling administrators to use RDA connections to manage the servers is not the answer since it is mentioned pertinently that "Remote Desktop for Administration cannot be used to connect to servers on the perimeter network."
Reference:
Elias N. Khnaser, Susan Snedak, Chris Peiris and Rob Amini, MCSE Designing Security for a Windows Server 2003 Network Exam 70-298 Study Guide, Chapter 4, p. 208
QUESTION 3
You need to design a method to encrypt confidential data. Your solution must address the concerns of the chief information officer. What should you do?
A. Encrypt customer information when it is stored and when it is being transmitted.
B. Require encrypted connections to the public Web site, which is hosted on the Web server on the perimeter network.
C. Encrypt all marketing information on file servers and client computers.
D. Require encrypted connections to all file servers.
Answer: A
Explanation:
The Chief information officer is concerned about customer data that is leaked to the public. You thus need to encrypt this information when stored as well as when it is being transmitted.
Recently, confidential customer information was released to the public. Also, we suspect that unauthorized users are attempting to delete files. Therefore, we need to review which users have access to company resources periodically. We must avoid increasing expenses, so we must use our existing infrastructure's security features to meet our security needs.
Incorrect answers:
B: Encrypted connections to the public Web site hosted on the Web server on the perimeter network will not work in this scenario.
C: You need to keep the customer information confidential. Marketing information is for public consumption.
"Marketing information and service offering literature is available to the public. Humongous Insurance must track unauthorized modification of the marketing information only."
D: Encrypted connections to all the file servers will also render information other than the confidential data encrypted. This is not what is needed.
Reference:
Elias N. Khnaser, Susan Snedak, Chris Peiris and Rob Amini, MCSE Designing Security for a Windows Server 2003 Network Exam 70-298 Study Guide, Chapter 9, pp. 571-576
QUESTION 4
You need to design a method to update the content on the Web server. Your solution must meet business and security requirements. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two)
A. Use SSH to encrypt content as it is transferred to the Web server on the perimeter network.
B. Install the Microsoft FrontPage Server Extensions, and use FrontPage to update content.
C. Use Web Distributed Authoring and Versioning (WebDAV) over and SSL connection to the Web server to update content.
D. Use FTP over an IPSec connection to transfer content to the Web server.
E. Use Telnet to connect to the Web server, and then perform content changes directly on the server.
Answer: C, D
Explanation:
C: WebDAV is a file sharing protocol that is commonly used in Windows Internet-related applications. It is a secure file transfer protocol over intranets and the Internet. You can download, upload, and manage files on remote computers across the Internet and intranets using WebDAV. WebDAV is similar to FTP. WebDAV always uses password security and data encryption on file transfers (FTP does not support these tasks). Thus making use of WebDAV over SSL connection should comply with the company's security requirements.
D: The File Transfer Protocol (FTP) is a valuable component of IIS 6.0. FTP is used to "swap" or "share" files between servers and clients. This could be dangerous practice for businesses with sensitive information. Most large organization firewalls will block FTP access. We need to implement FTP communication over a secure channel like VPN. VPNs use the Point-to-Point Tunneling Protocol (PPTP) or Secure Internet Protocol (IPSec) to encrypt data and facilitate secure FTP communication. We can also use SSL encryption on WebDAV supported directories for the same purpose.
Incorrect answers:
A: SSH is independent of the operating system and is therefore suitable for use in a mixed operating system environment. However, not all terminal concentrators provide built-in security functions, so you'll need to consult with the vendor's documentation to see what, if any, security is provided. Thus this option is a security risk.
B: Making use of Microsoft FrontPage Server Extensions and updating the content with FrontPage will not comply with security requirements.
E: You should enable the Telnet service only if you see a real need for it, especially since the other administrative tools at your disposal offer more features and far better security. The Telnet service should remain disabled unless a need arises that requires it. In this instance it would be unnecessary.
Reference:
Elias N. Khnaser, Susan Snedak, Chris Peiris and Rob Amini, MCSE Designing Security for a Windows Server 2003 Network Exam 70-298 Study Guide, Chapters 4 & 6, pp. 208, 383-384, 386
QUESTION 5
You need to design a monitoring strategy for the folders that contain customer information, which are shown in the Customer Data window

What should you do?
A. Audit success and failures for object access on the Customer Data folder and all subfolders.
B. Audit failure of object access on only the Customer Data folder.
C. Use Security Configuration and Analysis to enable auditing on only the Customer Data folder.
D. Audit directory access failures.
Answer: A
Explanation:
Audit object access If enabled, this setting triggers auditing of user access to objects such as files, folders, Registry keys, and so forth. As with the other audit policies, you can either monitor the success or failure of these actions. To be able to track all the access to customer information you will need to audit both success and failures for object access on the folder in question.
All customer information must be kept confidential. All access to customer information must be tracked.
Incorrect answers:
B: Auditing failure of object access only will only constitute half of the tracking that is needed as per the company's written security policy.
C: The Security Configuration and Analysis tool is used to analyze and to help configure a computer's local security settings. Security Configuration and Analysis works by comparing the computer's actual security configuration to a security database configured with the desired settings. This is not the same as tracking all access to the Customer data folders and subfolders.
D: Auditing directory access failures will not work in this scenario where more is expected.
Reference:
Elias N. Khnaser, Susan Snedak, Chris Peiris and Rob Amini, MCSE Designing Security for a Windows Server 2003 Network Exam 70-298 Study Guide, Chapters 2 & 8, pp. 64-66, 481-485

70-298


 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend