You need to ensure that all TestLab, Inc. servers have the latest security and that no
unnecessary services are running on the servers. You must ensure that your solution
can be implemented by the members of the IT department at headquarters.
What should you do?
A. Run the Resultant Set of Policy (RSoP) wizard in planning mode from a domain
controller in the Chicago office.
B. Create a custom security template and run Security Configuration and Analysis to
analyze the security settings of each server against the custom security template.
C. Create a startup script that runs the secedit command and apply the script to all servers
in the domain.
D. Install the Microsoft Baseline Security Analyzer (MBSA) on a server in the Chicago
office and use it to scan for Windows vulnerabilities on all servers in the domain.
Answer: D
Explanation: MBSA can perform local or remote scans of Windows systems.350-001 It
verifies whether your computer has the latest security updates and whether there
are any common security violation configurations that have been applied to your
computer. If you run MBSA on a server to scan for Windows vulnerabilities on all
servers in the domain then you will comply with requirements for maintaining
security patches.
Incorrect answers:
A:
Leading the way in IT testing and certification tools, www.certifyme.com
- 31 -
RSoP is a tool that can show the effective policy applied to a user or computer or what
the policy would be, for planning purposes.640-802 It does not scan for missing security patches.
B: Security Configuration and Analysis tool is a Windows 2003 utility that is used to
analyze and to help configure a computer's local security settings. Security Configuration
and Analysis works by comparing the computer's actual security configuration to a
security database configured with the desired settings. However this would involve too
much administrative effort than is necessary.
C: The command line tool, secedit.exe, is used to analyze, configure, and export system
security settings.VCP-310 There are a variety of command-line switches used with secedit. This
tool is often used in batch programs or scheduled tasks to apply security settings
automatically. It is also the preferred tool for reapplying default security settings. But this
does not necessarily mean that missing security patches will be checked for.
Reference:
James Chellis, Paul Robichaux & Matthew Sheltz, MCSA/MCSE: Windows Server 2003
Network Infrastructure Implementation, Management, and Maintenance Study Guide, p.
159
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment