RE: New Update for #70-299
- From: Jammer <Jammer@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Jul 2005 07:22:01 -0700
Steven,
35 seperate questions in a single post is not likely to get the answers you
are wanting. Please try posting each question seperately. You are more
likely to get an answer that way.
"Steven Mark" wrote:
> 70 - 299
> QUESTION NO: 1
> You are the security administrator for TestKing. The
> network consists of two segments named Segment
> A and Segment B. The client computers on the network run
> Windows XP Professional. The servers run
> Windows Server 2003.
> Segment A contains a single server named TestKing1.
> Segment B contains all other computers, including
> a server named TestKing2.
> TestKing?s written security policy states that Segment B
> must not be connected to the Internet. Segment
> A is allowed to connect to the Internet. There is no
> network connection between Segment A and Segment
> B. You can copy files from Segment A to Segment B only by
> using a CD-ROM to transport the files
> between the two segments. The network topology is
> displayed in the exhibit.
> You are planning a patch management infrastructure. On
> Segment B, you install Software Update
> Services (SUS) on TestKing2. You configure Automatic
> Updates on all computers in Segment B to use
> http://TestKing2 and to install security patches.
> You need to ensure that all computers in Segment B
> automatically install security patches.
> What should you do?
> A. Install SUS on TestKing1.
> Periodically copy the files in the Content folder and in
> the SUS root folder from TestKing1 to
> TestKing2.
> B. Install SUS on TestKing1.
> Periodically copy the files in the Content folder from
> TestKing1 to TestKing2.
> Copy the Approveditems.txt file from TestKing1 to the
> Windows folder on TestKing2.
> Leading the way in IT testing and certification tools,
> www.testking.com
> -3
>
> 70 - 299
> C. On TestKing1, periodically connect to the Microsoft
> Windows Update Catalog Web site and download
> new security patches.
> Copy the files to the Content folder on TestKing2.
> D. On TestKing, configure Automatic Updates to use the
> URL of the Microsoft Windows Update Web site.
> Periodically copy the downloaded files and the
> Mssecure.xml file to the Content folder on TestKing2.
> Answer: A
> Explanation:
> Since the question does not address where approvals
> should be done, we have to assume that the approvals are
> done by the administrators at the Segment B site.
> If SUS is used to approve updates, it retrieves the
> Approveditems.txt file from the root of the IIS/SUS
> default
> website (http://server2) not the Windows folder.
> If you do not install SUS on Server1 there will be no
> Content folder (distribution point) on Server1.
> Automatic Updates should not be turned on, on the SUS
> servers.
> SUS is a server component that, when installed on a
> server running Windows 2000, allows small and medium
> enterprises to bring critical updates from Windows Update
> inside their firewalls to distribute to Windows 2000
> and Windows XP computers. The same Automatic Updates
> component that can direct Windows 2000 and
> Windows XP computers to Windows Update can be directed to
> a SUS server inside your firewall to install
> critical updates.
> Automatic Updates retrieves all critical updates and
> Microsoft Security Response Center security updates that
> are classified as moderate or important.
> Automatic Updates scans only for critical updates, but if
> its server that runs SUS contains updates other than
> critical ones, Automatic Updates receives and applies
> those as well. SUS receives critical and moderate
> security
> updates.
> Creating Distribution Points
> When you install a server that runs SUS, a distribution
> point is created on that server. When you synchronize
> the server with a parent server or with an external Web
> site, all the content on the Web site is downloaded to
> the
> distribution point. If new updates are downloaded, this
> distribution point is updated during every
> synchronization. During Setup, the distribution point is
> created in a virtual root (Vroot) named /Content.
> If you choose to maintain content on the public Web site
> instead of downloading the patches to the local server
> running SUS, this distribution point is empty except for
> the AUCatalog.cab file. AUCatalog.cab defines the
> updates that have been approved for deployment to
> clients.
> You can also create a distribution point on a server that
> is not running SUS. Such a server must be running IIS
> 5.0 or later. You can download and test packages on
> servers running SUS, and then download approved and
> tested packages to distribution points for client access.
> If your SUS design includes distribution points, perform
> the following tasks to create a distribution point:
> 1. Confirm that IIS is present.
> 2. Create a folder named \Content.
> 3. Copy allof the followingitems from the source server
> running SUS to the newly created \Content
> folder:
> ? <root of the SUS Web site>\Aucatalog1.cab
> ? <root of the SUS Web site>\Aurtf1.cab
> Leading the way in IT testing and certification tools,
> www.testking.com
> -4
>
> 70 - 299
> ? <root of the SUS Web site>\approveditems.txt
> ? All the files and folders under the \Content\cabs
> 4. Create an IIS Vroot called http://<Servername>/Content
> that points to the \content folder.
> QUESTION NO: 2
> You are a security administrator for TestKing. The
> network consists of a single Active Directory domain
> named testking.com. All servers run Windows Server 2003.
> TestKing?s written security policy states that security
> patches must be manually installed on servers by
> administrators.
> You need to configure the network to comply with the
> written security policy. You need to maintain
> security patches by using the minimum amount of
> administrative effort.
> What should you do?
> A. Create a new organizational unit (OU) to contain all
> server computers.
> Create a new Group Policy object (GPO) and link it to the
> OU.
> Configure the GPO to disable Automatic Updates.
> Allow only administrators to start Automatic Updates.
> B. Create a new organizational unit (OU) to contain all
> server computers.
> Create a new Group Policy object (GPO) and link it to the
> OU.
> Configure the GPO to automatically download updates and
> notify when they are ready to be installed.
> C. Create a new organizational unit (OU) named Admins to
> contain all administrators.
> Create a second OU named Servers to contain all server
> computers.
> Create a new Group Policy object (GPO) and link it to the
> Admins OU.
> Configure the GPO to disable Automatic Updates.
> D. Modify the Default Domain Policy Group Policy object
> (GPO) to disable Windows Update and to
> disable Automatic Updates.
> Create a new organizational unit (OU) named Admins.
> Place all administrator accounts in the Admins OU.
> Block GPO inheritance on the Admins OU.
> Answer: C
> Explanation:
> Administrators should not use Automatic updates to patch
> the servers.
> Security patches on the servers must be installed
> manually.
> A GPO at the domain level would block Automatic Updates
> on all computers not just servers.
> Leading the way in IT testing and certification tools,
> www.testking.com
> -5
>
> 70 - 299
> QUESTION NO: 3
> You are a security administrator for TestKing. The
> network consists of a single Active Directory domain
> named testking.com. The testking.com Active Directory
> domain contains 150 Windows Server 2003
> computers and 7,500 Windows XP Professional client
> computers. The network is made up of 64 class C
> IP subnets t hat range from 172.16.0.0 through
> 172.16.63.0.
> The finance department uses 135 computers on the
> 172.16.9.0 /24 IP subnet. This subnet also contains
> computers that belong to other departments in the
> company. All finance department computers are
> members of the testking.com Active Directory domain.
> You need to produce a report that identifies which
> Microsoft security patches are not installed on the
> computers in the finance department. The report must
> contain information about only the finance
> department computers. You want to achieve this goal by
> using the minimum amount of administrative
> effort.
> What should you do?
> A. Run Mbsacli.exe on a finance department computer with
> the option to scan computers in the Network
> Neighborhood.
> B. Run Mbsacli.exe on a finance department computer with
> the option to scan computers by using a list of
> individual IP addresses on the finance department
> computers.
> C. Run Mbsacli.exe on a finance department computer with
> the option to scan computers on the finance
> department IP subnet.
> D. Run Mbsacli.exe on a finance department computer with
> the option to scan computers in the
> testking.com Active Directory domain.
> Answer: B
> Explanation:
> Since there are non-accounting computers on the subnet,
> the scan needs to be performed by individual IP.
> Objective: Implementing, Managing, and Troubleshooting
> Security for Network Communications
> Sub-Objective: 3.4.1 Monitor IPSec policies by using IP
> Security Monitor.
> 1. Planning a Host Name Resolution Strategy
> MCSA/MCSE Self-Paced Training Kit (Exams 70-292 and 70-
> 296): Upgrading Your Certification to Microsoft
> Windows Server 2003, Microsoft Press
> Chapter 7,
> The correct syntax is mbsacli /hf -fh hosts.txt. The -fh
> flag causes the tool to scan the NetBIOS computer names
> specified in the named text file. You must specify one
> computer name on each line in the .txt file, up to a
> maximum of 256 names.
> Leading the way in IT testing and certification tools,
> www.testking.com
> -6
>
> 70 - 299
> You should not use the mbsacli /hf -i hosts.txt syntax.
> The -i flag is used to scan one or more Internet Protocol
> (IP) addresses.
> You should not use the mbsacli /hf -r hosts.txt syntax.
> The -r flag is used to specify a range of IP addresses to
> be
> scanned.
> Switches available with /hf flag
> mbsacli /hf [-h hostmane] [-fh filename] [-i ipaddress] [-
> fip filename] [-r ipaddressrange] [-d domainname] [-n]
> [-sus SUS server|SUS filename] [-b] [-fq filename] [-s 1]
> [-s 2] [-nosum] [-sum] [-z] [-v] [-history level] [-nvc]
> [-o option] [-f filename] [-unicode] [-t] [-u username] [-
> p password] [-x] [-?]
> To Select Which Computer to Scan
> -h hostname - Scans the named NetBIOS computer name. The
> default location is the local host. To scan
> multiple hosts, separate the host names with a comma (,).
> -fh filename - Scans the NetBIOS computer names that are
> specified in the text file that you named. Specify one
> computer name on each line in the .txt file, to a maximum
> of 256 names.
> -i xxx.xxx.xxx.xxx - Scans the named IP address. To scan
> multiple IP addresses, separate each IP address with a
> comma.
> -fip filename - Scans the IP addresses that you specified
> in the text file that you named. Specify one IP address
> on each line in the .txt file, with a maximum of 256 IP
> addresses.
> -r xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx - Scans a specified
> range of IP addresses.
> Note You can use the previous switches in combination.
> For example, you can use a command-line with the
> following format:mbsacli /hf ?h hostname1,hostname2 -i
> xxx.xxx.xxx.xxx -fip ipaddresses.txt -r
> yyy.yyy.yyy.yyy-zzz.zzz.zzz.zzz
> -d domainname - Scans a specified domain.
> -n - Scans all the computers on the local network. All
> computers from all domains in Network Neighborhood
> (or My Network Places) are scanned
> Reference: Microsoft Baseline Security Analyzer (MBSA)
> version 1.2 is available, Microsoft Knowledge Base
> Article ? 320454
> QUESTION NO: 4
> You are a security administrator for TestKing. The
> network consists of a single Active Directory domain
> named testking.com. All servers run Windows Server 2003.
> All client computers run Windows 2000
> Professional. TestKing has a main office and 150 branch
> offices located throughout the United States and
> Canada. The company does not use disk-imaging software.
> In the past, newly installed client computers were
> exploited by malicious Internet worms before you
> applied all security patches.
> Leading the way in IT testing and certification tools,
> www.testking.com
> -7
>
> 70 - 299
> You need to build and deploy client computers that will
> always have the least service packs, updates, and
> security patches. You want to achieve this goal by using
> the minimum amount of administrative effort.
> What should you do?
> A. Install the operating system on the computers by using
> the original installation media.
> Use Windows Update immediately after the installation to
> apply updates and security patches.
> B. Install the operating system on the computers by using
> the original installation media.
> Configure Automatic Updates to immediately install
> updates and security patches.
> C. Create slipstream installation media that has the
> latest service pack.
.
- Prev by Date: RE: MCP ID and Access Code?
- Next by Date: Re: Disaster Recovery
- Previous by thread: RE: nother confusing question 70-290
- Next by thread: Re: Disaster Recovery
- Index(es):
Relevant Pages
|
