|
Question 1. Which security requirement will affect design of the Windows 2000 forest? A. Implementation of Kerberos authentication B. Secure transactions at Store Registers C. Organization of user accounts D. Secure communication between legal and HR. Answer: C Explanation: A forest is a collection of domains that share a common schema, configuration, and global catalog. All domains in a forest are connected using transitive trust relationships. In this scenario the forest will consist of a single tree that comprises two domains: one for headquarters and the other for the Retail Stores. Furthermore, Hiabuv Toys opens 50 new stores each year. Each store employs 50 – 100 people. We would thus have to design a forest that makes allowance for the expansion in terms of new user accounts for the additional staff employed at the Retail Stores that are opened each year. Incorrect Answers: A: Kerberos is the default protocol for authentication in a Windows 2000 network environment. It is used pervasively in Windows 2000. In other words you do not need to install or initiate it. Kerberos authentication protocol allows a single logon to access all network resources. This allows a fast, single logon to network services within a domain and to services residing in trusted domains as Kerberos verifies both the identity of the user and of the network services, thus providing mutual authentication. B: Security at the Store Registers is adequate. The cash registers boot with a generic logon for cashier access and do not contain any data. Store managers have Windows 2000 Professional desktop computers, with e-mail and unlimited Internet access. Each store also has five secured Windows NT Workstation computers for employees to browse pre-approved Inter-net Web sites. Each store has three public kiosks. Customers can use kiosks to register for gifts or place orders. The kiosks automatically boot with and authenticate to a secured generic account. D: In the envisioned IT environment, the legal department will have its own Windows 2000 Server named LEGAL1. The department will implement a secure private network between LEGAL1 and HR1. There would thus be a secure private connection between two servers and would not have an impact on the design of the forest. Question 2. Which server or servers provide the least security for user access? A. Retail store servers B. Service centers servers C. SALES1 D. HR1 E. LEGAL1 Answer: C Explanation: SALES1 is the least secure server. It is a Windows NT 4.0 server machine that is used as a backup domain controller (BDC). A BDC is used for logon authentication. SALES1 also runs Internet Information Services (IIS) and will not be upgraded. Thus SALES1, which can be used for logon authentication, is connected to the Internet. It is thus vulnerable to attacks on the internet as are logon authentication requests that pass across the Internet. Incorrect Answers: A: In the existing network, the Retail Stores have two Windows NT Server computers. One is a Primary Domain Controller for the local domain, and the other is a Backup Domain Controller. Addition the store managers have Windows 2000 Professional desktop computers, with e-mail and unlimited Internet access; and each store has five secured Windows NT Workstation computers for employees to browse pre-approved Internet Web sites. The servers at the Retail Stores are thus not connected to the Internet. Furthermore, these servers will be upgraded to Windows 2000 servers. B: Each service center has 30 Windows 2000 Professional computers and one Windows NT Server, which is a backup domain controller. Unlike SALES1, the Server Centers' BDCs are not used to access the internet. In addition these servers will be upgraded to Windows 2000 servers. D: The Human Resources department has a server named HR1 that is located in the domain at Headquarters. All connections to this server will be encrypted. E: In this scenario the legal department needs to copy confidential documents to shard folders for the Human Resources department, the executive department, and the company's law firm. The legal department will have its own Windows 2000 Server named LEGAL1 and will implement a secure private network between LEGAL1 and HR1. Question 3. How should you secure the new servers at the Casablanca store? A. Install the serves into a new OU and implement Group Policies at the Site Level B. Install the serves into a new OU and implement Group Policies at the OU Level C. Install the servers into their own Active Directory tree and implement Group Policies at the Domain Level D. Install the servers into the same Active Directory tree as stores and modify the schema Answer: B Explanation: In Windows 2000 network, Group Policies can be applied at the Site level, the Domain level, and the Organizational Unit (OU) level. Group Policy precedence follows the Group Policy model and is applied hierarchically from the least restrictive object, i.e. the Site, to the most restrictive object, i.e. the OU. In other words Windows 2000 applies Group Policies that are linked to sites first, then Group Policies that are linked to domains, and then Group Policies that are linked to OU. Thus, the Group Policy settings of the OU of which a user or computer is a member are the final Group Policy settings that are applied and will override the Group Policy settings linked to the Site or Domain where these are in conflict wit the settings in the Group Policy linked to the OU. We would therefore secure the new servers at the Casablanca store by organizing them into a new OU. We configure the security settings for these servers in a Group Policy and link that Group Policy to the new OU. Incorrect Answers: A: Windows 2000 applies Group Policies that are linked to sites first, then Group Policies that are linked to domains, and then Group Policies that are linked to OU. Thus, the Group Policy settings of the OU of which a user or computer is a member are the final Group Policy settings that are applied and will override the Group Policy settings linked to the Site or Domain where these are in conflict wit the settings in the Group Policy linked to the OU. We would therefore secure the new servers at the Casablanca store by organizing them into a new OU. We configure the security settings for these servers in a Group Policy and link that Group Policy to the new OU. We would not link the Group Policy at the Site level as these may be overwritten by Group Policy settings linked to the OU level. C: Hiabuv Toys wants to upgrade to a Windows 2000 network with one Active Directory tree and two domains sharing the same namespace. The company wants to create one account domain for headquarters, and one account domain for its retail stores. We therefore will not be able to create another tree for the servers at the Casablanca store. D: Hiabuv Toys wants to upgrade to a Windows 2000 network with one Active Directory tree and two domains sharing the same namespace. The company wants to create one account domain for headquarters, and one account domain for its retail stores. We therefore will not be able to create another tree for the servers at the Casablanca store. Furthermore, a forest is a collection of domains that share a common schema, configuration, and global catalog. Thus by editing the schema, the Casablanca tree would no longer be part of the same Forest. Question 4. Which strategy should you use to accommodate the new Casablanca store? A. Place the Help Desk employee in the Domain Admins group. B. Place the Help Desk employee in the Enterprise Admins group. C. Delegate authority to the Help Desk employee to manage client computers. D. Delegate authority to the Help Desk employee to modify user accounts and groups Answer: D Explanation: Hiabuv Toys wants to implement a network that consists of a single-tree forest that comprises two domains: one for the Retail Stores and one for headquarters. The Casablanca retail store will have a Help Desk employee located on-site to perform end-user application support and to resolve hardware issues. These can be accomplished if the Help Desk Employee has been delegated the authority to modify user accounts and groups. Incorrect Answers: A: Members of the Domain Admins group can administer the entire domain in which they are defined. In this scenario, Hiabuv Toys wants to implement a network that consists of a single-tree forest that comprises two domains: one for the Retail Stores and one for headquarters. Thus by placing the Help Desk employee in the Domain Admins group we would give them the rights to access and control all objects in the Retail Stores' domain. For security reasons this is not desirable. B: Members of the Enterprise Admins group have forest-wide administrative scope and are able to modify Enterprise-wide configuration. Thus by placing the Help Desk employee in the Enterprise Admins group we would give them the rights to access and control all objects in the entire forest. For security reasons this is not desirable. C: The Help Desk employee at the Casablanca store will be required to perform end-user application support and to resolve hardware issues. That employee would thus have to modify user accounts so as to give the appropriate users in the Casablanca store the right to use appropriate applications. These settings pertain to the user and not the computer. Therefore the Help Desk employee should be granted the authority to modify user accounts and groups and not rather than the authority to manage client computers. Question 5. Which security method should you implement to provide data security between LEGAL1 and HR1? A. Group Policies for shared folders B. IPSec with ESP C. IPSec with AH D. EFS Answer: B Explanation: We need to ensure that all network communication to the HR1 server is encrypted. This applies to the LEGAL1 server as well. We thus require a mechanism that provides encryption, confidentiality, data authentication, integrity, and anti-replay to IP packets. For this we can use IPSec with ESP Windows 2000 incorporates Internet Protocol security (IPSec) for data protection of network traffic. IPSec provides end-to-end security, meaning that the IP packets are encrypted by the sending computer, are unreadable en route, and can be decrypted only by the recipient computer. To provide confidentiality, data authentication, integrity, and antireplay we can use Encapsulating Security Payload (ESP). This protects the IP data payload. Incorrect Answers: A: For encryption we can use Internet Protocol security (IPSec) which Windows 2000 incorporates for data protection of network traffic. IPSec provides end-to-end security, meaning that the IP packets are encrypted by the sending computer, are unreadable en route, and can be decrypted only by the recipient computer. However, Authentication Header (AH) only provides authentication and integrity services to transmitted data. C: Authentication Header (AH) provides authentication, integrity, and anti-replay for the entire IP packet, i.e. for both the IP header and the data payload carried in the packet. It however does not encrypt the data and thus does not provide confidentiality. In other words the data is readable, but protected from modification. For encryption we should use IPSec with ESP. D: Encrypting File System (EFS) is a new feature that has been introduced with Windows 2000 and can be used to encrypt files and folders on NTFS volumes. When a user encrypts a file, only that user will be able to use the file. This means that encrypted files cannot be accessed by another user and cannot be shared. Question 6. Which security solution should you implement to allow the service centers to communicate with manufactures? A. Dfs with Crypto API B. IPSec C. Secure DNS D. Secure Email Answer: D Explanation: The Service Centers have access to the Internet and to e-mail. Both of which can be used to communicate with the manufacturers. The only mechanism to secure Internet communication is IPSec. This however requires a connection between two computers over the Internet. In other words it requires a RRAS or VPN, neither of which is available. Te only other option then is to secure email communication. Incorrect Answers: A: Distributed File System (Dfs) is a service that layers on top of the Workstation service to connect file shares into a single namespace even though the file shares can reside on different computers. Because Dfs allows us to organizing file servers and their shares into a logical hierarchy, it makes it easier to manage and use information resources. Dfs functionality is integrated with Active Directory; the Dfs topology is published to Active Directory. Because changes to a domain-based Dfs topology are automatically synchronized with Active Directory, we can restore a Dfs topology if the Dfs root is unavailable. Dfs must however reside in the same domain namespace. The manufacturers will not share the same domain namespace with the Service Centers. Therefore we cannot use Dfs. Furthermore, CryptoAPI allow s applications to encrypt or digitally sign data in a flexible manner while providing protection for private keys. The Service Centers will however not use applications to communicate with manufacturers. B: Windows 2000 uses IPSec for data protection of network traffic between two computers over an insecure network. To use this suite of protocols we must establish a connection between the two computers. This can either be a RRAS connection or a VPN connection. In this scenario there are no such connections between the Service Centers and the manufacturers. Instead Service Centers only have access to the Internet and to e-mail. C: DNS is used for name resolution. In other words it resolves domain and computer names to IP address and IP addresses to computer names. It is not used for communication purposes. Furthermore, there is no Secure DNS, only secure dynamic DNS updates. Question 7. How should you design Windows 2000 domain and OU structure for HIABUV TOYS? A. Create two accounts domains, and migrate all resource domains into OUs under the Headquarters domain. B. Create two accounts domains, and migrate all resource domains into OUs under the Retail Store Domain. C. Create two accounts domains, and migrate existing Retail Stores resource domain into OUs under the Retail Store domain. D. Create two accounts domains, and migrate existing Retail Stores resource domain into OUs under the Headquarters domain. Answer: C Explanation: In this scenario we are required to create a network that is a single-tree forest. This forest will consist of two accounts domains. One accounts domain for Headquarters and one for the Retail Stores. We should thus organize the existing Retail Stores resource domains into OUs and place them under the Store Domain. This will allow us to link Group Policies that are applicable to all the Retail Stores. Incorrect Answers: A: By placing all of the resource domains into OUs located under the Headquarters domain, we would not be able to link Group Policies that are applicable to the Retail Stores and not Headquarters at the domain level. It will also make the Retail Stores account domain redundant. B: We would not want to place all resource domains into OUs under the Retail Stores domain as this will not allow us to link Group Policies to the Headquarters domain. And would make the Headquarters account domain redundant. D: We would not want to place the existing Retail Stores resource domains into OUs under the Headquarters domain as this will not allow us to delegate control over the Retail Stores resources to members of the Retail Stores domain.
|
Question 1.
The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment.
Which three items are correct with regard to Cisco Security MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be deleted.
C. Rules can be created using a query.
D. Rules trigger incidents.
Answer: A, C, D
Question 2.
Which three benefits are of deploying Cisco Security MARS appliances by use of the global and local controller architecture? (Choose three.)
A. A global controller can provide a summary of all local controllers information (network
topologies, incidents, queries, and reports results).
B. A global controller can provide a central point for creating rules and queries, which are applied
simultaneously to multiple local controllers.
C. A global controller can correlate events from multiple local controllers to perform global
sessionizations.
D. Users can seamlessly navigate to any local controller from the global controller GUI.
Answer: A, B, D
Question 3.
Which item is the best practice to follow while restoring archived data to a Cisco Security MARS appliance?
A. Use Secure FTP to protect the data transfer.
B. Use "mode 5" restore from the Cisco Security MARS CLI to provide enhanced security During
the data transfer.
C. Choose Admin > System Maintenance > Data Archiving on the Cisco Security MARS GUI to
perform the restore operations on line.
D. To avoid problems, restore only to an identical or higher-end Cisco Security MARS appliance.
Answer: D
Question 4.
A Cisco Security MARS appliance can't access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue.
Which additional Cisco Security MARS configuration will be required to correct this issue?
A. Use the Cisco Security MARS GUI to configure multiple default gateways
B. Use the Cisco Security MARS GUI or CLI to configure multiple default gateways
C. Use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
D. Use the Cisco Security MARS CLI to add a static route
Answer: D
Question 5.
Which two options are for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.)
A. mitigate at Layer 2
B. archive to NFS only
C. drop
D. log to the database only
Answer: C, D
Question 6.
What is the reporting IP address of the device while adding a device to the Cisco Security MARS appliance?
A. The source IP address that sends syslog information to the Cisco Security MARS appliance
B. The pre-NAT IP address of the device
C. The IP address that Cisco Security MARS uses to access the device via SNMP
D. The IP address that Cisco Security MARS uses to access the device via Telnet or SSH
Answer: A
Question 7.
Which statement best describes the case management feature of Cisco Security MARS?
A. It is used to conjunction with the Cisco Security MARS incident escalation feature for incident
reporting
B. It is used to capture, combine and preserve user-selected Cisco Security MARS data within a
specialized report
C. It is used to automatically collect and save information on incidents, sessions, queries and
reports dynamically without user interventions
D. It is used to very quickly evaluate the state of the network
Answer: B
Question 8.
Which two configuration tasks are needed on the Cisco Security MARS for it to receive syslog messages relayed from a syslog relay server? (Choose two.)
A. Define the syslog relay collector.
B. Add the syslog relay server application to Cisco Security MARS as Generic Syslog Relay Any.
C. Define the syslog relay source list.
D. Add the reporting devices monitored by the syslog relay server to Cisco Security MARS.
Answer: B, D
Question 9.
Here is a question that you need to answer. You can click on the Question button to the left to view the question and click on the MARS GUI Screen button to the left to capture the MARS GUI screen in order to answer the question. While viewing the GUI screen capture, you can view the complete screen by use of the left/right scroll bar on the bottom of the GUI screen. Choose the correct answer from among the options.
What actions will you take to configure the MARS appliance to send out an alert when the system rule fires according to the MARS GUI screen shown?
A. Click "Edit" to edit the "Operation" field of the rule, select the appropriate alert option(s), then
apply.
B. Click on "None" in the "Action" field, select the appropriate alerts, then apply.
C. Click "Edit" to edit the "Reported User" field of the rule, select the appropriate alert
option(s),then apply.
D. Click on "Active" in the "Status" field, select the appropriate alerts, then apply.
Answer: B
Question 10.
Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely or by just logging them to the database?
A. Inactivating the rules
B. Creating system inspection rules using the drop operation
C. Deleting the false-positive events from the events management page
D. Creating drop rules
Answer: D
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.