Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
39 Cards in this Set
- Front
- Back
If the administrator is never used, what can be done to prevent unauthorized user from logging in as the administrator ?
|
Disable the administrator account.
|
|
How can EFS be permitted for only a limited subset of machines ?
|
Disable EFS at the domain level, Enable EFS in a GPO linked to an OU with the appropriate subset of systems listed within.
|
|
How can an enterprise network be configured to ensure that users are not running rogue applications
|
Softare restricion policied.
|
|
What type of software restriction policy is best for applications with code that is constantly changing ?
|
Path Rule.
|
|
What software restriction policy is best for applications with code that is static but an installation path that changes ?
|
Hash Rule.
|
|
What softare restriction policy can be used to ensure that only validated applications are allowed to be installed ?
|
Certificate Rule.
|
|
Which audit setting will capture network logons ?
|
Audit account logon events.
|
|
Which audit setting will capture interactive logons or access to a system via the network ?
|
Audit logon events
|
|
Which audit setting will capture access to files, folders, printers and registry keys ?
|
Object Access.
|
|
What events should be audited to audit all access to confidential files and folders ?
|
Success and Failure for Audit Object Access.
|
|
What events should be audited to audit any attempt to modifiy a registry key ?
|
Success and Failure to Audit object Access.
|
|
How can the Event Viewer retention settings be configured for multiple systems ?
|
Group Policy Object (GPO)
|
|
Define the principle of least privilege ?
|
Allowing users to only have the rights necessary to perform their jobs and noting more.
|
|
What built in group provides users with the ability to create Group Policy Objects ?
|
Group Policy Creator Owners group.
|
|
What security template resets a system to its original system configuration ?
|
Setup security.inf
|
|
What security template resets a domain controller to its original DC configuration ?
|
Dc security.inf
|
|
What right must a user have to be able to link Group Policy Objects ?
|
Manage GPLinks (this is a default task available in the Delegation of Control Wizard)
|
|
What utility will examine a system for security vulnerabilities like weak or expired passwords as well as missing updates and hot fixes ?
|
MBSA or mbsacli.exe command line version.
|
|
What windows Management Instrumentation command line tool can be used to identify missing security updates ?
|
Wmic /qfe
|
|
What network service facilitates deploying updates, service packs, and hot fixes ?
|
Software Update Service (SUS)
|
|
What network service should be restarted when SUS experiences problems ?
|
IIS
|
|
How can domain clients easily be configured to pull all updates from server name SUS02 ?
|
Use a GPO to specity http://sus02 as the server for both intranet updates and intranet statistics server.
|
|
What Service Pack is required for Windows XP clients to support being a SUS client for updates ?
|
Windows XP Service Pack 1 or Later.
|
|
What Service Pack is required for Windows 2000 clients to support being a SUS client for updates ?
|
Windows 2000 Service Pack 3 or later.
|
|
Without installing a Service Pack how can Windows 2000 and Windows XP clients be configured as SUS clients for updates ?
|
Install the Automatic Updates client on each system.(wuau22.msi)
|
|
What is the name of the Automatic Updates Client ?
|
wuau22.msi
|
|
In what two ways can data be secured as it is being transferred ?
|
Configure a web share and use SSL or IPSec.
|
|
What are the three default IPSec policies ?
|
Client (respond), Server (request), Secure Server(require).
|
|
Which IPSec policy uses "security when asked"?
|
Client (respond)
|
|
Which IPSec policy uses "security when available"?
|
Server (request)
|
|
Which IPSec policy uses "security always"?
|
Secure Server(require)
|
|
What utilities are available for managing and moniotring IPSec ?
|
IP Security Monitor snap-in, IP Security Policy Management snap-in, ipseccmd, and netsh.
|
|
Which command line utility provides details on IPSec main mode negotiations, quick mode degotiations, and logging ?
|
Netsh
|
|
What can be done to ensure that host names are resolved when monitoring IPSec traffic in the IP Security Monitor snap-in ?
|
ON the properties of a system listed in the IP security Monitor snap-in enable the "Enable DNS name resolution" option.
|
|
What options are available for IPSec authentication ?
|
Kerberos V5, Certificates, and Pre-shared key.
|
|
What prerequisite exists for using Kerberos v5 as the IPSec authenticaiton method ?
|
Any system involved in the negotiation must belong to a trusted Active Directory domain.
|
|
When systems do not belong to a trusted Active Directory domain which IPSec authentication method is best ?
|
Certificates.
|
|
What is the WEAKEST of the three IPSec authentication methods ?
|
Pre-shared key.
|
|
When should the Pre-shared key authentication method be configured ?
|
Only for testing purposes, never in final deployment production networks.
|