You work as a network domain administrator at certifyme.com. The certifyme.com
network consists of a single Active Directory domain named certifyme.com. The
certifyme.com network contains twenty-five Windows Server 2003 servers and 5,200
client computers running Windows 2000 Professional:
1. Two of the servers function as domain controllers.
2. The rest are used as file servers, intranet servers, or database servers.
The certifyme.com organization unit (OU) structure is based on the defined server
roles.
The relevant portion of the Active Directory structure is illustrated in the Exhibit
below:
Leading the way in IT testing and certification tools, www.certifyme.com
- 89 -
You are responsible for the management of security baseline settings. Other than
the domain controllers, all servers should be furnished with security baseline
settings. To this end you create: 350-001
1. A security template named SRsecurity.inf. SRsecurity.inf includes the required
NTFS- and registry permissions for all the servers, intranet server, as well as the
database servers.
Leading the way in IT testing and certification tools, www.certifyme.com
- 90 -
2. A security template named FSRsecurity.inf
3. A security template named IntSRsecurity.inf
4. A security template named DBserversecurity.inf
You received instruction to deploy these security templates with the least amount of
administrative effort.
What should you do to accomplish this task? (Each correct answer presents part of
the solution. Choose TWO.)
A. Create a GPO
Link it to the domain.
Import the SRsecurity.inf template into the new GPO.
B. Create a new GPO for the File Servers-, the Intranet Server- and the Database Servers
OUs respectively.
Link each GPO to the File Servers-, the Intranet Server- and the Database Servers OUs
respectively.
Import the FSRsecurity.inf, the IntSRsecurity.inf and the DBserversecurity.inf security
templates into their respectiveGPOs.
C. Create a GPO
Link it to the File Servers-, the Intranet Server- and the Database Servers OUs.
Import the SRsecurity.inf template into the new GPO. 640-802
D. Create a GPO
Link it to the Servers OU.
Import the SRsecurity.inf template into the new GPO.
E. Create a new GPO for the File Servers-, the Intranet Server- and the Database Servers
OUs respectively.
Link each GPO to the Servers OUs.
Import the FSRsecurity.inf, the IntSRsecurity.inf and the DBserversecurity.inf security
templates into their respectiveGPOs.
Answer: B, D
Explanation: The SRsecurity.inf security template should be applied to all servers
located in the Servers OU. To this end you need to create a GPO, link it to the Servers
OU and import the appropriate security template into the GPO. This way the
SRsecurity.inf settings will apply to all the servers in the Servers OU. In the same fashion
you should link the respective security templates to the respective newly created GPOs to
have them applied to the correct groups of servers. VCP-310 These methods represent the least
amount of administrative effort.
Incorrect Answers:
Leading the way in IT testing and certification tools, www.certifyme.com
- 91 -
A : This GPO should be linked to the Servers OU and not the domain. This is not a
recommended practice.
C : GPOs that contain role-specific security settings should be applied at the OU level to
ensure that those security settings will apply to only the members of that specific OU.
E : Linking each of the different GPOs to the Servers OU will not ensure that the servers
of a specific type of server receive the appropriate server-specific security settings.
Reference:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment